Progressive Infotech (Workelevate) Recognized in the 2025 Gartner® Magic Quadrant™ for Digital Employee Experience Management Tools for the Second Consecutive Year
Daily Threat Intelligence Report - July 1, 2025
Cyware Daily Threat Intelligence, June 30, 2025
Summary:
Cybercriminals are using various tactics, including fake installers, hijacked Bluetooth connections, and spoofed emails, to deploy malware and compromise systems. This report highlights three key threats:
1. Fake Installers Deploying Sainbox RAT and Rootkit:
- Description: A new malware campaign uses fake installers of popular Chinese-language software (e.g., WPS Office, Sogou) to deploy Sainbox RAT (a Gh0stRAT variant) and a powerful rootkit.
Source Link: Cyware Daily Threat Briefings
Recommended Steps:
- Be cautious of software downloaded from unofficial sources.
- Verify the authenticity of installers before running them.
- Use reputable antivirus and anti-malware solutions.
2. Critical Flaws in Airoha Chipsets (Bluetooth Vulnerabilities):
- Description: Three critical flaws (CVE-2025-20700, CVE-2025-20701, and CVE-2025-20702) in Airoha chipsets (used in Bose, Sony, Beyerdynamic Bluetooth devices) could allow attackers to hijack Bluetooth connections, snoop on calls, access contacts, or rewrite firmware for remote code execution.
Source Link: Cyware Daily Threat Briefings
Recommended Steps:
- Check for firmware updates for your Bluetooth devices, especially those using Airoha chipsets.
- Keep device software up to date.
- Be mindful of Bluetooth pairing requests from unknown devices.
3. Microsoft 365 Direct Send Phishing Campaign:
- Description: Attackers are abusing Microsoft 365’s Direct Send feature to impersonate internal users and send phishing emails without breaching mailboxes, bypassing standard email protections like SPF and DMARC.
Source Link: Cyware Daily Threat Briefings
Recommended Steps:
- Implement strong email authentication (e.g., DMARC, SPF, DKIM) with strict policies.
- Educate users about phishing attacks, especially those impersonating internal users.
- Monitor email logs for unusual activity related to Direct Send.