🚨Week 34: SpyVPN Secretly Captures User Screenshots, Orange Belgium Cyberattack Affects 850,000 Customers, Warlock Ransomware Analysis New Tactics, Allianz Life Data Breach Impacts...

Overview of SpyVPN Discovery

Koi Security researchers exposed "FreeVPN[.]One," a Chrome extension with 100,000+ installations that evolved from legitimate VPN software into sophisticated spyware, secretly capturing user screenshots while maintaining verified Chrome Web Store status.

Key Findings

• Silent Surveillance: Automatically captures screenshots of every webpage after 1.1-second delay, transmitting to external servers (aitd[.]one) without consent

• Privacy Deception: Claims "will not collect user data" while continuously harvesting banking details, personal messages, and confidential documents

• Gradual Weaponization: Malicious functionality introduced across three updates (April-July 2025), transforming 5-year-old legitimate tool into surveillance software

• Advanced Evasion: Latest version uses AES-256-GCM encryption with RSA key wrapping to hide data exfiltration from detection

• Excessive Access: Requests broad permissions (<all_urls>, tabs, scripting) enabling persistent cross-site surveillance

• Platform Security Failure: Bypassed Google's security checks despite verified status, highlighting Chrome Web Store vulnerabilities

• Comprehensive Data Theft: Collects screenshots, IP geolocation, device information, and browsing patterns as base64-encoded analytics

Impact

Critical Risk: Months of sensitive online activities (banking, corporate data, personal communications) secretly recorded and transmitted to unknown third parties.

Immediate Actions

• Remove extension immediately (ID: jcbiifklmgnkppebelchllpdbnibihel)

• Change passwords for accounts accessed while extension was active

• Monitor financial accounts for suspicious activity

• Review recent online activities for potential compromise

💻 Malware and Vulnerabilities

Apple Patches Critical Zero-Day CVE-2025-43300: Apple released emergency security updates to fix an out-of-bounds write vulnerability (CVE-2025-43300) in the ImageIO framework that could result in memory corruption when processing malicious images, with the company acknowledging the flaw was exploited in extremely sophisticated targeted attacks. Read more

Microsoft Copilot Audit Log Vulnerability Discovered: Security researchers at Pistachio discovered a significant vulnerability in Microsoft Copilot that could break audit logging capabilities, potentially allowing unauthorized activities to go undetected in enterprise environments. Read more

📈 Breaches and Incidents

Orange Belgium Cyberattack Affects 850,000 Customers: Orange Belgium detected a cyberattack at the end of July that resulted in unauthorized access to customer data from 850,000 accounts, including surnames, first names, telephone numbers, SIM card numbers, PUK codes, and tariff plans, though no passwords, emails, or financial details were compromised. Read more

iiNet Breach Exposes 280,000 Customer Records: Australian ISP iiNet suffered a cyberattack that compromised approximately 280,000 active customer email addresses, 20,000 landline phone numbers, 10,000 usernames with street addresses, and 1,700 modem setup passwords through their order management system. Read more | Alternative source

Allianz Life Data Breach Impacts 1.1 Million Customers: Insurance giant Allianz Life suffered a July data breach affecting 1.1 million customers when hackers accessed a third-party cloud-based CRM system, stealing email addresses, names, genders, dates of birth, phone numbers, and physical addresses. Read more

Colt Confirms Customer Data Stolen in Warlock Ransomware Attack: Telecommunications company Colt Technology Services confirmed that customer data was stolen during a Warlock ransomware attack, with the cybercriminals now auctioning the stolen files on dark web marketplaces. Read more

Business Council of New York State Data Breach Affects 47,000: The Business Council of New York State disclosed a data breach impacting approximately 47,000 individuals, with attackers gaining unauthorized access to systems containing personal information of members and stakeholders. Read more

APC Services Suffers Security Breach: Australian Property Custodian (APC) Services reported a cybersecurity incident that potentially exposed sensitive customer data, prompting the company to notify affected parties and regulatory authorities about the breach. Read more

Ransomware Gang Claims Attack on Drug Research Firm Inotiv: A ransomware group claimed responsibility for attacking pharmaceutical research company Inotiv, threatening to leak sensitive research data and confidential information related to drug development projects. Read more

🚨 Threat Intel & Info Sharing

Russia-Linked Attacks Target European Water Infrastructure: Security experts warn of renewed concerns over water cybersecurity following Russia-linked attacks on European water infrastructure facilities, highlighting vulnerabilities in critical utilities and the potential for widespread disruption of essential services. Read more

SpyVPN Secretly Captures User Screenshots: Security researchers at Koi Security exposed a malicious VPN service called SpyVPN that secretly captures and transmits user screenshots while claiming to protect privacy, highlighting the risks of unvetted VPN providers. Read more

Hackers Expose North Korean Government Cyber Operations: A group of hackers revealed why they exposed North Korean government hacking operations, providing unprecedented insight into the hermit kingdom's cyber warfare capabilities and state-sponsored cybercriminal activities targeting global organizations. Read more

Microsoft Limits Windows 10 Support Timeline: Microsoft reminded users that Windows 10 support will end in October 2025, urging enterprises and consumers to begin migration planning to Windows 11 or risk operating unsupported systems vulnerable to security threats. Read more

Qilin Ransomware Reward Scheme Exposed as Fake: Europol announced that the Qilin ransomware group's publicized reward program for information about law enforcement activities was a fraudulent scheme designed to gather intelligence rather than actually pay informants. Read more

Microsoft Advances Quantum-Safe Cryptography: Microsoft released a comprehensive blog post detailing progress toward implementing next-generation quantum-resistant cryptography, outlining timelines and strategies for protecting against future quantum computing threats to current encryption methods. Read more

Microsoft Restricts Chinese Access to Cyber Vulnerability Information: Microsoft announced new restrictions limiting early access to cybersecurity vulnerability information for Chinese firms, citing national security concerns and the need to prevent adversaries from exploiting disclosed flaws before patches are widely deployed. Read more

New Zero-Day Startup Offers $20 Million for Smartphone Exploits: A new cybersecurity startup announced it will pay up to $20 million for zero-day exploits that can compromise any smartphone, raising concerns about the growing commercial market for advanced cyber weapons. Read more

Cybercriminals Abuse AI Website Builders for Phishing: Proofpoint researchers discovered cybercriminals are increasingly using AI-powered website creation tools to rapidly generate convincing phishing sites, making detection more challenging for traditional security systems and end users. Read more

US Government Acquires 10 More Cybersecurity Companies: The U.S. government continued its cybersecurity acquisition spree by purchasing 10 additional cybersecurity firms to bolster national defense capabilities and improve critical infrastructure protection across various sectors. Read more

GeoServer Exploits Target PolarEdge Systems: Threat actors are actively exploiting vulnerabilities in GeoServer installations to compromise PolarEdge systems, with researchers warning of potential supply chain implications and recommending immediate patching of affected systems. Read more

Warlock Ransomware Analysis Reveals New Tactics: Trend Micro researchers published detailed analysis of the Warlock ransomware strain, revealing sophisticated evasion techniques and updated encryption methods that make recovery more challenging for victims. Read more

⚖️ Laws, Policies and Regulations

Oregon Man Charged for Operating DDoS-for-Hire Botnet: Federal authorities in Alaska charged an Oregon resident with administering the "Rapper Bot" DDoS-for-hire service, marking another significant law enforcement action against cybercrime-as-a-service operations. Read more

Singapore Issues Critical Alert on Dire Wolf Ransomware: Singapore's cybersecurity agency issued an urgent advisory warning about the Dire Wolf ransomware group targeting global technology and manufacturing firms, urging organizations to implement enhanced security measures immediately. Read more

ENISA Publishes Cybersecurity Threat Landscape Methodology: The European Union Agency for Cybersecurity (ENISA) released its updated methodology for assessing cybersecurity threat landscapes, providing standardized frameworks for member states to evaluate and respond to emerging threats. Read more

⚖️ Cybersecurity Start Ups and VCs

Seemplicity. a Palo Alto-based cybersecurity startup, secured $50 million in a Series B funding round led by Sienna Venture Capital, with participation from Essentia Venture Capital and existing investors Glilot Capital Partners, NTTVC, and S Capital. 

📊 Trends, Reports, Analysis

Money Mule Recruitment Tactics Continue Evolving: Group-IB researchers published analysis showing how cybercriminals are adapting money mule recruitment strategies, using sophisticated social engineering techniques and legitimate-looking job postings to target vulnerable individuals for financial crime schemes. Read more

Paper Werewolf Campaign Targets Russia with WinRAR Zero-Day: BI-Zone security researchers identified the "Paper Werewolf" campaign exploiting a zero-day vulnerability in WinRAR to target Russian entities, demonstrating the ongoing weaponization of popular software vulnerabilities in geopolitical conflicts. Read more

📅 Upcoming Events

Virtual Event: Generative AI & Cybersecurity: Risks and Opportunities

Generative AI is reshaping the cybersecurity landscape, empowering Security Operations Centers (SOCs) with intelligent automation, predictive analytics, and faster incident response. However, with this innovation comes a new class of threats: AI-generated phishing campaigns, polymorphic malware, and code exploits crafted by LLMs.

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.