CYBER APOCALYPSE UNLEASHED: ARE YOU PREPARED TO SURVIVE?

🤖 Dear internet users and fellow Cyberdefenders,

In this digital war, the adversary is invisible, insidious, and attacks the weakest links in our chain: small and medium-sized businesses. They, who thought they were safe, are now the first targets of the assault.

Like alien insects, cybercriminals are evolving, adapting and taking on increasingly sophisticated forms. What once seemed a simple attack, a small infiltration, is becoming a full-scale war. From GitHub to file-breaking ransomware, cyberattacks devastate systems in a fraction of a second, leaving digital ruins in their wake.

But here, in the operating room, there is hope. A glimmer of resistance. Cybersecurity professionals have no choice: they are fighting on this invisible frontline to protect our infrastructures, our data, our future. The battle is far from won, but it is still possible to defend what belongs to us. With every line of code secured, every attack repelled, they give their all to stop this digital tide.

Today, this newsletter is your call to action. Just like in Starship Troopers, we're preparing you to fight on the digital battlefield. Because in this new world, cybersecurity isn't a choice, it's a necessity. Ready to defend?

HIGHLIGHTS

👉 Sneaky Python attack haunts GitHub security professionals 🐍

👉 Anubis ransomware deletes everything, even after payment 💀

👉 SMEs on the brink of collapse in the face of increasingly complex threats 🔓

👉 Leonardo strengthens cybersecurity with new European acquisition 🛡️

If this letter was forwarded to you, subscribe by clicking this link !

🗞️​ Guess what ?

🤓​ You want to know more ?

1️⃣​ Water Curse: the sneak attack on cybersecurity professionals on GitHub

Summary : A persistent threat, dubbed "Water Curse", has emerged through the exploitation of GitHub repositories and masquerades as legitimate penetration testing tools. These repositories contain malware embedded in configuration files, enabling cybercriminals to access sensitive data such as passwords, browsing histories and session tokens.

Details :

•  Using GitHub as an attack platform: Water Curse takes advantage of the trust inherent in open-source software to trick cybersecurity professionals. To do this, they hid malware in seemingly safe projects.

•  Targeting cybersecurity professionals: The attack mainly affects pentesters and DevOps teams. They run direct risks of data theft and unauthorized remote access.

• Varied malware: Among the malware included are evasion tools, spam bots and spyware such as Sakura-RAT, which ensure long-term persistence on infected systems.

• Distribution method: Malicious files are downloaded via zip archives from the endpoint codeload.github.com, a standard vector used for archiving repositories.

• Supply chain risk: The attack is part of a wider threat to the software supply chain. Moreover, it affects not only professionals, but also companies that depend on open-source tools for their development.

What should we remember?

This campaign highlights the exploitation of trust in open-source software, with considerable risk to the software supply chain. Companies need to strengthen third-party code validation and encourage the use of internal repositories to reduce the risk of such attacks.

 —————————————————————————

2️⃣​ Anubis: ransomware that deletes everything, even after payment has been made

Summary : The "Anubis" ransomware is a new variant that not only encrypts victims' files, but also deletes them permanently, rendering any attempt at recovery useless, even if the ransom is paid. This rare phenomenon increases the pressure on victims, who are encouraged to pay quickly in an attempt to avoid irreversible losses.

Details :

• Double threat: Anubis not only encrypts files, it also includes a "wipe" mode that permanently deletes file contents, making recovery impossible.

• Ransomware-as-a-Service: This operation uses a RaaS model, where affiliates can take 80% of the ransom collected. This reinforces the efficiency of the criminal network and its commercial effectiveness.

• Phishing as an entry point: The attack begins with phishing emails, which allow attackers to gain initial access, escalate privileges, and delete backups before encrypting and deleting files.

• Pressure strategy: The ransomware reduces files to 0 Kb, preventing any attempt at recovery via decryption tools and thus increasing the stress on victims to make them pay.

• Extensive network: The cybercriminals behind Anubis appear to be well organized, using secure communication services to exfiltrate data, and several infection vectors are employed to maximize the chances of success

What should we remember?

Anubis represents a significant evolution in ransomware, combining the traditional threat of encryption with irreversible data destruction. This demonstrates the increasing sophistication of cybercriminals, and underlines the crucial importance of safeguards and vigilance in the face of persistent threats.

 ——————————————————————

3️⃣​ SMEs on the brink of collapse in the face of increasingly complex threats

Summary: Small and medium-sized enterprises (SMEs) are facing increasing pressure when it comes to cybersecurity. Limited budgets, lack of expertise, and the increasing complexity of cyber threats make it difficult to implement adequate protection against sophisticated attacks such as supply chain attacks and targeted phishing.

Details:

• Fragility in the face of evolving threats: Due to limited resources, SMEs struggle to cope with the diversity and complexity of today's threats, including ransomware, cloud attacks and social engineering.

• The cybersecurity skills gap: The shortage of cybersecurity talent is particularly acute in SMEs, where the lack of specialists often forces IT teams to wear several hats, increasing the risk of errors and security breaches.

• Underestimation of risks: Many SMEs believe that only large companies are targeted by cybercriminals, but small businesses are becoming prime targets because of their position in the supply chain of large organizations.

• Increased complexity with regulation: compliance requirements, such as those imposed by the RGPD and NIS2, put additional pressure on small businesses, which often don't have the resources to assign dedicated risk management teams.

• Security solutions for SMBs: Partnerships with managed security service providers (MSSPs) and the adoption of automated solutions are recommended strategies to compensate for the lack of in-house resources and improve resilience to cyber threats.

What should we remember?

SMEs are struggling to cope with growing cyber threats and a shortage of cybersecurity skills. Using outsourced solutions and automating processes can greatly improve their security posture, and at the same time enable more effective risk management.

  ————————————————————-

4️⃣​ Leonardo strengthens its position in cybersecurity with a new European acquisition

Summary : Italian aerospace and defense major Leonardo has announced the acquisition of a European cybersecurity company. Chairman Stefano Pontecorvo did not name the company or give a more precise timeframe. The acquisition is aimed at strengthening the company's cybersecurity division, now essential for securing the new multi-domain combat systems that connect all elements of the armed forces, infrastructure and equipment.

Details:

• Acquisition context: Leonardo is positioning itself as a leader in cybersecurity thanks to the integration of this new acquisition to support its defense and combat activities in an increasingly connected digital environment.

• Multidomain Warfare: The concept of "multidomain warfare" requires secure connections between all elements of the defense system. This acquisition is designed to strengthen Leonardo's ability to protect these interconnected systems against cyber attacks.

• Expected growth in cybersecurity: According to Leonardo's CEO, the cybersecurity division will experience strong double-digit growth in the coming years, driven by the increase in cyberthreats and the strategic importance of cybersecurity solutions in the defense sector.

•  Collaboration and innovation: Leonardo is also planning collaborations within the industry to address the growing complexity of cyber threats. This could include partnerships with other cybersecurity companies to develop tailored solutions.

• Strategic investment: The acquisition of a European cybersecurity company enables Leonardo to reaffirm its commitment to securing critical infrastructures, while consolidating its position as a key player in the protection of military and civilian systems against cyber attacks.

What should we remember?

Leonardo's acquisition of this cybersecurity company marks a turning point in defense systems security. At a time when cyber threats are omnipresent, this strategic initiative enables Leonardo to reinforce its position as a leader in critical infrastructure protection.

CYBERTRIVIA - DID YOU KNOW? 🤔

💻 Supply chain attack on UBS and 19 partner companies

In June 2025, more than 130,000 UBS bank employees had their data (names, e-mail addresses, telephone numbers, location codes) compromised after a cyberattack targeting Chain IQ, one of their purchasing service providers, as well as at least 19 other companies.

Although customer data was spared, this incident exposes a major B2B issue: the compromise of a single supplier can ruin the security of large organizations. UBS reacted and quickly limited the operational impact, but the case raises serious questions about third-party security controls..

SURVEY 📊

👉️ Let me know if you need further adjustments !