CyberMaterial: Cyber Briefing

⚡THREAT LANDSCAPE

Windows 11 Update Failure Error 0x800f0922

Microsoft has confirmed that the May 2026 cumulative update (KB5089549) for Windows 11 versions 24H2 and 25H2 is failing to install on affected systems, generating error code 0x800f0922. The issue, acknowledged after the May 12, 2026 release, prevents users from receiving important security patches. Enterprise administrators and individual users should monitor Microsoft’s official support channels for a resolution and workaround guidance. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Massive student data breach at universities

A significant data breach has exposed student information at multiple universities, highlighting security vulnerabilities as remote learning increases. Cybersecurity firm Proofpoint identified the breach, which appears linked to configuration issues in university systems. Educational institutions should immediately review their security settings and access controls to protect student data. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

AI Agents for Web Testing & Security Validation

Researchers have developed an AI-powered testing framework that automatically generates and maintains web application tests while also detecting security vulnerabilities through natural language commands. The system improved test creation success rates from 55% to 93% and reduced timing errors by 80% across 176 test scenarios in production applications. The framework can also identify security flaws by converting plain English attack descriptions into browser-based security probes, detecting 85% of authentication bypass issues and 95% of input validation problems. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

INTERPOL Operation Ramz: 201 arrested in MENA cybercrime

INTERPOL coordinated Operation Ramz across the Middle East and North Africa, targeting phishing campaigns, malware distribution, and cyber scams. The operation led to 201 arrests and identified 382 additional suspects, with authorities seizing 53 servers and equipment containing banking data and phishing tools. Law enforcement identified 3,867 victims affected by these cybercrime networks. Read More

💻 CAREER ENABLEMENT

Philippine Gov’t IOs Receive Cybersecurity Training

Philippine government information officers in Region 6 received cybersecurity training on April 29, 2025, focusing on human factors in digital security. Experts from the Department of Information and Communications Technology and Regional Anti-Cybercrime Group 6 emphasized that 95 percent of data breaches stem from human error, with scams now the top cybercrime in the region. Information officers were identified as high-value targets due to their access to official social media accounts and sensitive agency data, with training covering password security, multi-factor authentication, and social engineering awareness. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.16

CyberMaterial — Mon, 18 May 2026 14:03:34 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Recent cyber activity has been marked by sophisticated espionage campaigns and significant policy shifts. The Paper Werewolf threat group (also known as GOFFEE) has been aggressively targeting Russian industrial and financial sectors using phishing PDFs to deliver the EchoGather RAT through deceptive Adobe and Starlink installers. Simultaneously, Microsoft is overhauling Edge’s security architecture in build 148 to prevent plaintext password storage in memory, a move intended to block credential theft from compromised systems. Meanwhile, the Linux kernel community is grappling with a flood of AI-generated bug reports, leading maintainers to reclassify these submissions as public issues rather than confidential zero-days to manage the overwhelming volume of duplicate findings.

In the realm of governance and research, the UK’s NCSC and its Five Eyes partners have issued critical guidance on agentic AI, warning that the autonomy of these systems requires strict human oversight and “least privilege” access to prevent unpredictable escalations. This focus on AI safety mirrors findings from Pwn2Own Berlin 2026, where researchers secured nearly $1.3 million by uncovering 47 zero-days, many within AI-integrated software and cloud infrastructure. On the incident front, Grafana Labs reported a codebase breach and subsequent extortion attempt after an attacker compromised a GitHub token; however, the company has refused to pay the ransom, maintaining that customer data remains secure.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Paper Werewolf APT Spreads EchoGather RAT

A Russian-language threat group called Paper Werewolf (also known as GOFFEE) has targeted Russian industrial, financial, and transport organizations with phishing attacks between March and April 2026. The campaign uses PDF attachments containing URLs that lead to ZIP archives, ultimately delivering the EchoGather remote access trojan (RAT) disguised as an Adobe installer. Organizations in these sectors should implement email filtering, user awareness training, and endpoint detection to identify and block this multi-stage infection chain. Read More

Microsoft Edge fixes plaintext password storage

Microsoft Edge will stop loading all saved passwords into memory as plaintext at browser startup, a practice unique among Chromium-based browsers that made credential theft easier for attackers with system access. The change, already live in Edge Canary and rolling out to all channels in build 148 and newer, means passwords will only be decrypted when needed for autofill or password management. Users should still treat browser password managers as convenience tools rather than maximum-security vaults, enable multi-factor authentication where possible, and avoid storing highly sensitive data like credit card details in browsers. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Grafana Labs GitHub breach - code downloaded

A threat actor breached Grafana Labs’ GitHub environment and downloaded the company’s source code, the observability platform provider disclosed Sunday. Grafana Labs develops widely used open-source tools for data visualization, log aggregation, and distributed tracing that are deployed across enterprise engineering and DevOps teams globally. The company has not yet disclosed the full scope of the breach or whether customer data was compromised. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Linus Torvalds: AI Bug Reports Overwhelm Linux Security List

Linus Torvalds announced that AI-generated bug reports have made the Linux kernel security mailing list nearly unmanageable, with maintainers overwhelmed by duplicate reports of the same flaws found by multiple researchers using identical automated tools. The Linux project has updated its security documentation to clarify that AI-discovered bugs should be treated as public issues rather than confidential zero-days, since they surface simultaneously across multiple researchers. Contributors are now required to reproduce issues, provide tested patches, and add genuine analysis beyond raw AI output before submitting reports. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

NCSC Releases Agentic AI Security Guidance

The UK’s National Cyber Security Centre (NCSC) has published new guidance on securing agentic AI systems, warning that their autonomy and complexity create significant cyber risks including unpredictable behavior and excessively broad system access. The guidance, developed with Five Eyes intelligence partners, emphasizes that poorly designed or over-privileged agents can rapidly escalate single failures into serious incidents. Organizations should deploy incrementally with tightly bound pilots, apply least privilege access controls, maintain human oversight, and establish clear ownership and incident response procedures before deployment. Read More

💻 CAREER ENABLEMENT

Pwn2Own Berlin 2026: 47 zero-days, $1.3M rewards

Security researchers discovered 47 zero-day vulnerabilities during the Pwn2Own Berlin 2026 hacking competition, earning $1,298,250 in total rewards. The contest focused on finding previously unknown security flaws in various software and hardware products. Vendors will receive detailed vulnerability reports to develop patches before public disclosure. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.15

CyberMaterial — Fri, 15 May 2026 14:02:10 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Current threats are characterized by a blend of technical ingenuity and the exploitation of legitimate enterprise software. Threat actors are now bypassing traditional security controls by abusing trusted tools like the HPE Operations Agent to infiltrate networks and utilizing ringless voicemail campaigns to confirm active targets via caller ID spoofing. Meanwhile, the software supply chain remains a critical weakness, as evidenced by a compromise in the TanStack JavaScript library that led to the theft of credential materials from OpenAI repositories.

On the regulatory and strategic front, global entities are pivoting toward advanced AI and future-proof legislation. Japan’s financial sector has begun deploying Claude AI for proactive vulnerability testing, while the UK is codifying post-quantum cryptographic standards through the King’s Speech. However, privacy remains a contentious battleground; OpenAI is currently facing a class-action lawsuit for allegedly sharing sensitive ChatGPT user data with advertising giants like Meta and Google via tracking pixels.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Silent Voicemail Scam: Ringless Spam Campaign

A ringless voicemail scam is targeting phone users by depositing spam voicemails without triggering an incoming call, exploiting caller ID spoofing and automated robocall systems to confirm active numbers. Victims receive repeated voicemail notifications from spoofed or rotating numbers, and calling back can connect them to premium-rate lines, phishing attempts, or further confirm their number is active for future scam campaigns. Users should avoid returning calls to unknown numbers, enable built-in spam filtering on their devices, consider third-party call-blocking apps, and report incidents to the FTC at reportfraud.ftc.gov. Read More

Microsoft Warns HPE Operations Agent Abused

Microsoft has disclosed an intrusion campaign where attackers abused HPE Operations Agent, a legitimate enterprise monitoring tool, to infiltrate networks without using malware or exploiting vulnerabilities. The attackers leveraged the software’s trusted status and existing deployment to evade detection, representing a shift toward living-off-the-land techniques that bypass traditional security controls. Organizations using HPE Operations Agent should review access logs, monitor for unusual agent behavior, and implement application control policies to restrict unauthorized use of administrative tools. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

OpenAI Compromised in TanStack Supply Chain Attack

OpenAI confirmed that two employee devices were compromised in a supply chain attack targeting TanStack, a popular JavaScript library ecosystem. Attackers stole credential material from OpenAI code repositories during the breach. Organizations using TanStack should review their dependencies and rotate credentials as a precaution. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Japan’s Banks Use Claude for Cybersecurity Testing

Japan’s major banks and financial regulators are deploying Anthropic’s Claude AI system to conduct cybersecurity testing and identify vulnerabilities in their financial infrastructure. This initiative follows warnings that advanced AI could expose weaknesses in financial systems. The program represents a proactive approach by Japanese financial institutions to use AI defensively before threat actors can exploit similar technology for attacks. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

UK King’s Speech Emphasizes Cyber Resilience

The UK King’s Speech outlined new cybersecurity legislation focusing on post-quantum cryptographic readiness and regulatory reform. The proposed Regulating for Growth Bill aims to reduce regulatory burdens while establishing clear cryptographic standards and compliance timelines for quantum-resistant encryption. The speech also addressed AI innovation through regulatory sandboxes and expanded digital access to NHS patient records. Read More

OpenAI faces class-action privacy lawsuit over data sharing

OpenAI faces a federal class-action lawsuit alleging it embedded Meta’s Facebook Pixel and Google Analytics tracking code into ChatGPT’s web interface, secretly sharing users’ sensitive chat content, identifiers, and contact information with advertising platforms without consent. The complaint, filed in California, claims these practices violate the Electronic Communications Privacy Act and California privacy laws by intercepting confidential conversations about health, finances, and legal matters. Security teams should immediately audit AI tools for third-party tracking pixels and review data-sharing agreements to prevent similar exposure. Read More

💻 CAREER ENABLEMENT

Scott Lashway Named to Cybersecurity Docket’s 2026 Elite List

Scott Lashway, co-chair of Mintz’s Privacy & Cybersecurity Practice, has been named to Cybersecurity Docket’s 2026 Incident Response Elite list, recognizing top lawyers who advise organizations during major data breaches and cyber incidents. Lashway specializes in cybersecurity, privacy, and technology disputes across regulated industries including healthcare, financial services, and technology. He provides counsel on incident response, breach investigations, litigation, government investigations, data governance, and compliance with privacy and cybersecurity laws. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.14

CyberMaterial — Thu, 14 May 2026 12:29:46 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Current cyber activity highlights a shift toward sophisticated persistence and increased targeting of critical infrastructure. The ClickFix campaign has advanced its tactics by integrating PySoxy, an old Python-based SOCKS5 proxy, to maintain stealthy network access rather than relying on one-off commands. Simultaneously, the Canadian telecommunications sector is grappling with a rise in nation-state intrusions and ransomware, while the healthcare industry faces ongoing fallout from third-party vulnerabilities, specifically through major breaches at Atrium Health and Interim HealthCare involving legacy systems and vendor portals.

On the strategic and economic front, global agencies and tech leaders are pivoting heavily toward AI integration and supply chain transparency. CISA and G7 partners have introduced new guidance for AI Software Bills of Materials (SBOMs) to help organizations track data and model dependencies. This shift is mirrored in the private sector and national economies: the UK’s cybersecurity market has surged to £14.7 billion with a massive focus on AI firms, while Cisco is restructuring its workforce, cutting 4,000 positions, to aggressively reallocate resources into AI infrastructure and security development.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

ClickFix Campaign Evolves with PySoxy SOCKS5 Proxy

A new ClickFix campaign is using PySoxy, a 10-year-old open-source Python SOCKS5 proxy tool, to establish persistent network access after initial infection. The attack moves beyond typical ClickFix tactics that rely on single PowerShell command execution, instead building a layered intrusion chain that allows attackers to maintain stealthy access to compromised systems. Organizations should monitor for unusual SOCKS5 proxy activity and PowerShell executions that establish persistent connections. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Canadian Telecom Providers Face Cyber Threats

Canadian telecommunications providers are experiencing increased cyber threats including ransomware attacks, SIM swapping fraud, data breaches, and nation-state intrusions targeting critical infrastructure. These attacks threaten both customer data security and the operational integrity of essential communication networks. Telecom operators should implement enhanced security monitoring, multi-factor authentication, and incident response capabilities to defend against these evolving threats. Read More

Atrium Health, Interim HealthCare Hit by Vendor Breaches

Atrium Health Navicent and Interim HealthCare facilities in Texas disclosed patient data breaches stemming from third-party vendor compromises. Atrium Health was affected by the January 2025 Oracle Health breach involving legacy Cerner servers, exposing medical records and Social Security numbers for patients treated before mid-2022. Interim HealthCare locations in Lubbock and Amarillo were impacted by unauthorized access to Doctor Alliance’s web portal between October and November 2025, affecting 2,737 patients total. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

CISA releases AI SBOM guidance for supply-chain oversight

CISA and G7 cyber agencies released guidance on minimum elements for AI software bills of materials (SBOMs), extending traditional software supply-chain documentation to include AI models, datasets, training data, and infrastructure dependencies. The guidance is voluntary and aims to help security teams assess AI systems during procurement and vendor risk management, though experts note it provides visibility into what vendors disclose rather than assurance of actual system behavior. Security leaders should use AI SBOMs to question vendors about model provenance, data sources, dependencies, and security controls before allowing AI products into production environments. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

UK Cyber Sector Grows to £14.7bn as Resilience Bill Advances

The UK cybersecurity sector generated £14.7 billion in revenue last year, employing nearly 70,000 people across 2,603 firms, with AI-focused security companies growing 68% annually. The government launched the Cyber Resilience Pledge, a voluntary initiative urging organizations to adopt security best practices, though experts criticize this approach as insufficient. The Cyber Security and Resilience Bill continues through parliament, aiming to mandate stronger protections for critical infrastructure providers through incident reporting requirements and managed service provider accountability. Read More

💻 CAREER ENABLEMENT

Cisco cuts 4,000 jobs, prioritizes AI and security

Cisco announced plans to cut up to 4,000 jobs (approximately 5% of its workforce) starting May 14, 2026, as part of a strategic shift toward AI and security investments amid intensifying competition and component shortages. Despite the layoffs, the company reported strong Q3 FY26 results with revenue of $15.8 billion (up 12% year-over-year) and raised its AI infrastructure revenue forecast from $3 billion to $4 billion for the fiscal year. Affected employees will receive pro-rated bonuses, placement services with a 75% success rate, and one year of free access to Cisco training courses in AI, security, and networking. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.13

CyberMaterial — Wed, 13 May 2026 14:01:49 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Sophisticated social engineering and systemic internal vulnerabilities have been discovered this week. North Korean actors are now weaponizing developer workflows by hiding malware within Git hooks during fake recruitment cycles, while the ClaudeBleed vulnerability exposes a critical design flaw in AI browser extensions that allows data theft from integrated Google and GitHub accounts. These external threats are compounded by a startling rise in “insider commerce,” with 1 in 8 employees, particularly senior executives, admitting to the sale of corporate credentials, creating a high-risk environment where access is traded as a commodity.

Real-world impacts and regulatory consequences continue to mount as organizations struggle with detection and legacy infrastructure. FleetWave recently joined the list of breached SaaS providers, losing operational and payroll data, while South Staffordshire Water incurred a £1 million fine for a multi-year intrusion that went undetected due to inadequate monitoring and the use of outdated systems. Despite these challenges, the 2026 CSO Award winners demonstrate a path forward through innovation, showcasing how zero-trust architectures and AI-driven automation can reclaim thousands of manual work hours and significantly bolster phishing defense rates.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

North Korea Abuses Git Hooks for Malware

North Korean threat actors have updated their “Contagious Interview” campaign by abusing Git hooks to deliver malware to software developers. The attackers pose as recruiters and trick victims into cloning malicious GitHub repositories that contain fake coding assessments, which then execute hidden malware through Git’s hook mechanism. Developers should carefully verify job opportunities, inspect repositories before cloning them, and review Git hook configurations in any downloaded projects. Read More

ClaudeBleed, Critical Claude Chrome Extension Flaw

A critical vulnerability named ClaudeBleed in Anthropic’s Claude Chrome extension allows malicious browser add-ons to hijack the AI assistant and steal sensitive data from Gmail, Google Drive, and GitHub. The design flaw enables exploitation even by extensions with no declared permissions, turning the trusted AI tool into a potential backdoor. Users of the Claude Chrome extension should immediately review installed browser extensions and monitor their accounts for unauthorized access until a patch is released. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

FleetWave breach exposes customer data

FleetWave, a SaaS provider for fleet management, notified customers that attackers accessed operational data, contact details, and payroll numbers during a security breach. The company took a month to restore systems after the incident before informing affected parties. Customers should monitor for phishing attempts and unauthorized access using compromised credentials. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

1 in 8 employees sold or know of sold login credentials

A UK survey of 2,000 employees at large companies found that one in eight workers have sold their corporate login credentials or know someone who did in the past year, with senior executives showing the highest willingness to sell access. Higher-level employees pose greater risk because their accounts typically have broader system privileges, even under least-privilege access policies. Organizations should implement stricter access controls, monitor for credential leaks (KELA tracked 2.9 billion compromised credentials globally in 2025), and educate staff that selling credentials enables account takeovers and data theft affecting both the company and its customers. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

South Staffordshire Water Fined £1m After Data Breach

South Staffordshire Water has been fined £1 million by the UK’s Information Commissioner’s Office after a two-year network intrusion compromised personal data of over 633,000 customers and employees. The breach began with a September 2020 phishing attack that installed malware, but went undetected until July 2022 when performance issues triggered an investigation; stolen data including bank details and disability information was later dumped on the dark web. The ICO found multiple security failures including inadequate monitoring (only 5% of the IT environment covered), use of legacy Windows Server 2003 systems, lack of least privilege controls, and poor vulnerability management. Read More

💻 CAREER ENABLEMENT

CISOs Step Into AI Spotlight

Chief Information Security Officers (CISOs) are taking on expanded strategic roles as they manage AI adoption across enterprises, with 95% now engaging with boards multiple times monthly and 31% reporting directly to boards rather than CIOs. Security leaders are implementing AI governance frameworks to enable rapid business innovation while managing risks from AI-powered attacks, including sophisticated phishing campaigns and automated vulnerability exploitation. CISOs emphasize embedding security early in AI development, maintaining strong data governance and identity management, and positioning security as a business enabler rather than an obstacle. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.12

CyberMaterial — Tue, 12 May 2026 14:02:10 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The cybersecurity landscape is currently facing a dual threat from sophisticated supply chain attacks and critical software vulnerabilities. The “Mini Shai-Hulud” campaign successfully compromised over 170 software packages, impacting major entities like Mistral AI and TanStack by infiltrating downstream dependencies. Concurrently, SAP has issued urgent patches for critical flaws in its Commerce Cloud and S/4HANA platforms, while Škoda Auto confirmed a data breach involving customer information due to a exploited web shop vulnerability. These events underscore a persistent trend where attackers target the foundational software and third-party tools that modern enterprises rely on for core operations.

In response to shifting federal support and emerging technologies, the private sector and regulators are taking more assertive stances on security and privacy. Major U.S. firms have formed the Alliance for Critical Infrastructure (ACI) to bridge gaps left by federal cutbacks, while California’s $12.75 million settlement with General Motors sets a new precedent for enforcing data privacy under the CCPA. Amidst these changes, the role of the CISO is evolving into a strategic board-level position, focused on governing AI adoption and securing cross-platform communication, such as the new end-to-end encryption standards implemented between Apple and Google devices.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Mini Shai-Hulud Supply Chain Attack

A supply chain attack called Mini Shai-Hulud compromised over 400 malicious versions of 170 software packages, targeting prominent organizations including TanStack, Mistral AI, and UiPath. The campaign represents a significant threat to software supply chains by distributing compromised packages that could affect downstream users and systems. Organizations using these packages should immediately audit their dependencies and verify package integrity. Read More

SAP fixes critical vulnerabilities in Commerce Cloud, S/4HAN

SAP released May 2026 security updates fixing 15 vulnerabilities, including two critical flaws in Commerce Cloud and S/4HANA ERP systems. The critical vulnerabilities could allow attackers to compromise enterprise e-commerce platforms and core business systems. Organizations using these SAP products should apply the security patches immediately to prevent potential exploitation. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Škoda online shop breach via vulnerability

Škoda Auto discovered attackers exploited a vulnerability in its online shop software to gain temporary unauthorized access to customer data. The company took the shop offline, patched the vulnerability, engaged IT forensics specialists, and notified data protection authorities. Technical analysis confirmed that stored customer data was accessed during the breach. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Critical Infrastructure Coalition Launches

Major U.S. critical infrastructure operators including JPMorgan Chase, Mastercard, AT&T, and Berkshire Hathaway Energy have formed the Alliance for Critical Infrastructure (ACI) to coordinate cybersecurity efforts across sectors as federal support diminishes. The initiative responds to Trump administration cutbacks at CISA, elimination of the Critical Infrastructure Partnership Advisory Council, and reduced government capacity to support infrastructure protection. The ACI will focus on analyzing cross-sector dependencies, developing polycrisis response protocols, expanding information sharing, and advising policymakers while working alongside existing sector groups and remaining federal agencies. Read More

Apple, Google enable E2EE RCS messaging

Apple and Google have launched beta support for end-to-end encrypted Rich Communication Services (RCS) messaging between iPhone and Android devices, ending years of cross-platform messages traveling in plaintext. The feature requires iOS 26.5 and the latest Google Messages app, with availability varying by carrier and region. Users will see a lock icon in RCS conversations when encryption is active, bringing cross-platform texting security closer to apps like WhatsApp and Signal. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

California Settles $12.75M CCPA Case Against GM

California Attorney General Rob Bonta announced a $12.75 million settlement with General Motors for illegally collecting and selling driver data without proper consent, marking the largest California Consumer Privacy Act (CCPA) penalty to date. GM allegedly shared geolocation and driving behavior data from its OnStar platform with data brokers Verisk Analytics and LexisNexis Risk Solutions between 2020 and 2024, violating data minimization requirements. Under the settlement, GM must stop selling driving data to consumer reporting agencies for five years, delete retained data within 180 days, and establish a comprehensive privacy compliance program. Read More

💻 CAREER ENABLEMENT

CISOs Step Into AI Spotlight

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.11

CyberMaterial — Mon, 11 May 2026 14:02:56 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current threat environment is characterized by sophisticated social engineering and the exploitation of trusted platforms to distribute malware. Malicious actors successfully manipulated Hugging Face metrics to push a Windows infostealer to nearly a quarter-million users, while others utilized “ClickFix” tactics via poisoned Google Ads to infect macOS systems with the MacSync stealer. Meanwhile, the ransomware landscape remains aggressive, as evidenced by the Lynx gang’s disruption of St Anne’s Catholic School, highlighting a persistent trend where educational institutions face both operational shutdowns and the threat of sensitive data exfiltration.

In response to these evolving threats, the industry is seeing a massive shift toward AI integration and strengthened international cooperation. A staggering 77% of organizations have now adopted AI for defensive operations like phishing detection and incident response, signaling a pivot in “cybernomics” toward automated defense. This systemic shift is mirrored by increased regulatory and legal pressure, including the swift dismantling of the resurrected Crimenetwork dark web marketplace and high-level safety summits between AI leaders like Anthropic and the South Korean government. Additionally, the talent pipeline is being fortified through hands-on initiatives like Arkansas State University’s new student-run Security Operations Center, blending academic research with real-world threat monitoring.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Malicious Hugging Face Repo Spreads Windows Infostealer

A malicious repository named Open-OSS/privacy-filter on the Hugging Face platform distributed a Rust-based information-stealing malware targeting Windows users. The repository reached the number one trending position with approximately 244,000 downloads and hundreds of likes before being removed, with evidence suggesting the threat actor artificially inflated its popularity metrics. Hugging Face has since taken down the repository, but users who downloaded the software should scan their systems for compromise and rotate credentials. Read More

macOS Malware Campaign via Google Ads

Threat actors are distributing macOS malware through poisoned Google Ads that mimic legitimate AI applications like Claude, redirecting users to fake download pages hosted on trusted platforms including Google Sites and Framer. The campaign uses social engineering tactics called “ClickFix” to trick victims into executing malicious terminal commands that install MacSync, an information stealer targeting browser credentials, cryptocurrency wallets, and session tokens. Users should avoid clicking sponsored search ads for software downloads and navigate directly to official vendor websites instead. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Lynx ransomware gang claims St Anne’s School attack

The Lynx ransomware gang has claimed responsibility for a March 2026 attack on St Anne’s Catholic School in Southampton, UK, alleging theft of confidential information, financial data, and contracts. The school was forced to close for four days following the attack, though headteacher Julian Waterfield maintains there is no evidence of data compromise. Lynx, which operates a Ransomware-as-a-Service model and has claimed 389 attacks since July 2024, typically employs a two-stage approach: encrypting systems for ransom and exfiltrating data for additional extortion if payment is not received. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

WEF: AI adoption in cybersecurity reaches 77%

A World Economic Forum white paper reports that 77% of organizations now use AI in cybersecurity operations, with 94% of survey respondents identifying AI as the biggest driver of change in the field. Organizations are primarily deploying AI for phishing detection, anomaly monitoring, vulnerability management, and incident response. The WEF suggests AI could shift the advantage toward defenders who face increasing alert volumes. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Police Shut Down Relaunched Crimenetwork Dark Web Marketplac

German and Spanish police arrested a 35-year-old German national in Mallorca for relaunching the Crimenetwork dark web marketplace just days after authorities shut down the original site in December 2024. The new platform had already attracted over 22,000 users and 100 vendors, generating more than €3.6 million in revenue through sales of drugs, stolen data, and forged documents. Police seized €194,000 in assets and obtained user and transaction data that may lead to additional arrests. Read More

Anthropic, South Korea discuss AI safety cooperation

Anthropic executives met with South Korean government officials to discuss cooperation on AI safety, cybersecurity, and domestic AI policy. The Ministry of Science and ICT confirmed the meeting included Vice Minister Ryu Je-myung, representatives from South Korea’s AI Safety Institute and Korea Internet & Security Agency, and Anthropic’s global affairs head Michael Sellitto. South Korea proposed cybersecurity partnerships, requested information sharing for vulnerability disclosures, and discussed collaboration on AI safety policy including the country’s AI Basic Act. Read More

💻 CAREER ENABLEMENT

Arkansas State launches cybersecurity training center

Arkansas State University is launching a student-operated cybersecurity program this fall in partnership with Kalmer Solutions, creating the Red Wolf Security Operations Center where six students per semester will monitor threats and protect university networks. Students will work scheduled shifts gaining hands-on experience in cybersecurity operations while receiving mentorship and training from Kalmer Solutions, which will also fund a coordinator position and graduate assistant stipends. The program includes professional development workshops and research projects in automation and artificial intelligence, with plans to expand across the Arkansas State University System. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.08

CyberMaterial — Fri, 08 May 2026 14:02:58 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Today’s briefing shows a shift toward sophisticated credential theft and social engineering. The “PamDOORa” Linux backdoor represents a critical risk to server integrity by compromising the Pluggable Authentication Module (PAM) to grant attackers persistent SSH access. Simultaneously, the “ClickFix” campaign targeting WordPress sites demonstrates the effectiveness of social engineering, as attackers trick users into manually executing malicious commands to install the Vidar Stealer, effectively bypassing automated security defenses.

Real-world impacts have recently manifested through significant service disruptions and data exposure across multiple sectors. Critical infrastructure and service providers faced major hurdles, including a Canvas cyberattack that disrupted academic finals and a power-induced AWS outage in the US-EAST-1 region that hindered enterprise operations. Furthermore, the retail sector remains a prime target, as evidenced by a data breach at Zara that exposed the personal information of nearly 200,000 customers.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

PamDOORa Linux Backdoor Steals SSH Credentials

A new Linux backdoor called PamDOORa is being sold on Russian cybercrime forums for $1,600, designed to maintain persistent SSH access through compromised systems. The malware operates as a Pluggable Authentication Module (PAM) toolkit that allows attackers to bypass authentication using a secret password and specific TCP port combination. Organizations running Linux servers with SSH access should audit their PAM configurations and monitor for unauthorized modifications to authentication modules. Read More

ACSC Warns of ClickFix Vidar Stealer Campaign

The Australian Cyber Security Centre warns that attackers are using compromised WordPress sites and fake CAPTCHA prompts to trick users into installing Vidar Stealer, a password-stealing malware active since 2018. The campaign uses a social engineering method called ClickFix that convinces victims to manually run malicious commands, bypassing traditional security tools. Organizations should restrict unauthorized application execution, patch WordPress and browsers, block clipboard access from untrusted web content, and enforce phishing-resistant multi-factor authentication. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Canvas Learning Platform Hit by Cyberattack

Canvas, a widely used learning management system serving thousands of schools and universities, suffered a cyberattack that took the platform offline during final exam periods. The outage disrupted students’ ability to access course materials and study resources at a critical time in the academic calendar. Educational institutions relying on Canvas should communicate alternative access methods to students and monitor official status updates for service restoration. Read More

AWS EC2 outage in US-EAST-1 due to power loss

Amazon Web Services experienced a power outage in its US-EAST-1 region on May 7, affecting EC2 instances and EBS volumes in the use1-az4 availability zone after a thermal event caused cooling system failures. The outage caused elevated error rates, increased latencies, and inaccessible resources for customers, with AWS reporting slower than expected progress in restoring normal temperatures. Organizations using the affected availability zone should shift workloads to other US-EAST-1 zones, though provisioning times are currently longer than usual. Read More

Zara data breach exposes 197,000 customers

Spanish fashion retailer Zara suffered a data breach affecting over 197,000 customers, with hackers gaining unauthorized access to company databases. The compromised information includes customer data that has now appeared in breach notification databases. Affected customers should monitor their accounts for suspicious activity and remain vigilant against potential phishing attempts using the stolen information. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

25M Alerts Reveal Enterprise Alert Fatigue

A new report analyzing over 25 million security alerts from enterprise environments reveals that security teams have systematically adopted practices of ignoring alerts, a phenomenon known as alert fatigue. The study examined 10 million monitored endpoints and found that the overwhelming volume of informational and low-severity alerts has led defenders to institutionalize the practice of not investigating warnings. Organizations need to implement better alert prioritization, tuning, and automation to reduce noise and ensure critical threats receive proper attention. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Meta challenges Ofcom fine calculation methodology

Meta is challenging Ofcom in UK High Court over how fines are calculated under the Online Safety Act, arguing penalties should be based on UK revenue rather than global turnover. The law allows fines up to 10 percent of worldwide revenue or £18 million (whichever is higher), which for Meta’s $201 billion annual revenue could mean massive penalties. Meta claims Ofcom’s methodology is disproportionate and wants fines calculated only on revenue from regulated services in the UK. Read More

💻 CAREER ENABLEMENT

2026 ChicagoCISO ORBIE Awards Honor Security Leaders

The 2026 ChicagoCISO ORBIE Awards recognized outstanding chief information security officers from major organizations including CNA Financial, Paychex, Intermountain Health, Fitch Group, Hagerty Insurance, and Chicago Trading. The awards program honors security leaders who demonstrate excellence in cybersecurity leadership and innovation within their organizations. Security professionals seeking recognition or looking to benchmark their programs can review the award criteria and past winners. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.07

CyberMaterial — Thu, 07 May 2026 14:01:35 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current threat landscape is defined by the weaponization of AI trust and the compromise of established software supply chains. Attackers are successfully deploying fake Claude AI installers via deceptive search ads and utilizing hidden text techniques to bypass AI-powered email filters, effectively turning the industry’s own tools into vectors for malware. Simultaneously, the Daemon Tools supply chain attack, which has remained active since early April 2026, demonstrates the persistent danger of compromised legitimate software binaries, with thousands of infections reported globally across retail and government sectors.

As organizations pivot toward autonomous “agentic” AI, international intelligence alliances like the Five Eyes have issued urgent warnings regarding the lack of visibility into AI intent and the potential for these systems to act as “ultimate insider threats.” This risk is compounded by the rapid, often insecure, deployment of AI-generated web apps, which have already exposed sensitive corporate data due to a lack of fundamental access controls. While events like the Lloyds and Google Cloud hackathon emphasize that human judgment remains the critical firewall in this high-speed environment, legislative efforts like the UK Online Safety Act are facing early skepticism as children continue to easily circumvent mandated age verification protections.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Fake Claude AI Installers Spread Malware

Attackers are distributing malware through fake Claude AI installer pages promoted via Google Ads, targeting users searching for the legitimate AI assistant. The campaign uses convincing installation guides and a multi-stage infection process that exploits trusted Windows components and fileless execution techniques to avoid detection. Users should download Claude AI only from official Anthropic sources and verify URLs before installing any software promoted through search advertisements. Read More

Scammers bypass AI email filters with hidden text

Scammers are using hidden text in phishing emails to trick AI-powered email security filters into misclassifying malicious messages as legitimate. Attackers hide benign content from trusted brands or novels using zero-font HTML or color-matching techniques that are invisible to humans but readable by machine learning models. While these attacks currently represent less than 1% of observed traffic, security researchers warn the technique poses a growing threat as organizations increasingly rely on AI-powered email defenses. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

AI-Generated Apps Expose Corporate Data

AI-powered app-building platforms including Lovable, Base44, Replit, and Netlify have inadvertently exposed thousands of web applications containing highly sensitive corporate data to the public internet. These services allow users to create functional web apps in seconds using AI, but many developers failed to implement proper security controls, leaving databases, API keys, and confidential information accessible without authentication. Organizations should immediately audit any applications built using these platforms and implement access controls before deployment. Read More

Daemon Tools Trojanized in Supply Chain Attack

Disc Soft released Daemon Tools Lite version 12.6 on May 5 after discovering that version 12.5.1 had been compromised in a supply chain attack dating back to April 8. Kaspersky detected thousands of infection attempts across 100+ countries, with targeted payloads delivered to select victims in retail, government, manufacturing, and education sectors, including Quic RAT malware. Users who downloaded the affected version should uninstall it immediately, run a full system scan with trusted security software, and download the latest verified version from the official website. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

NCSC and Five Eyes warn on agentic AI risks

The UK’s National Cyber Security Centre (NCSC) and Five Eyes intelligence alliance have issued a warning to channel partners about security risks posed by agentic AI systems. Agentic AI refers to autonomous systems capable of making decisions and taking actions without human intervention. Organizations deploying these systems should implement strict access controls, monitoring, and validation processes to prevent misuse or unintended consequences. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

UK Online Safety Act effectiveness questioned

A survey by UK’s Internet Matters found that the Online Safety Act, which took effect in July 2025, has produced limited improvements in protecting children online. While roughly half of children report seeing more age-appropriate content and 40% of families feel somewhat safer, nearly half of children say age verification checks are easy to bypass, with a third admitting to circumventing them using fake birthdates, borrowed logins, or spoofed faces. Almost half of children still encountered harmful content in the month after child protection codes launched, and parents remain concerned about privacy risks from age verification data collection. Read More

💻 CAREER ENABLEMENT

Lloyds, Google Cloud host UK finance cyber hackathon

Lloyds Banking Group, Hack The Box, and Google Cloud Security held a two-day cybersecurity hackathon for UK financial services, with 33 teams from 16 organizations competing in realistic threat scenarios. The competition tested skills in web exploitation, digital forensics, cryptography, and payment systems security, with exercises incorporating AI in both attack and defense contexts. The event emphasized that while AI tools can automate routine tasks, human judgment remains critical for making decisions under pressure in interconnected financial systems where incidents can escalate rapidly. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.06

CyberMaterial — Wed, 06 May 2026 14:02:45 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current threat landscape is defined by a strategic push toward infrastructure resilience and specialized malware targeting the heart of the software supply chain. While CISA is actively mobilizing critical sectors like energy and healthcare to fortify their systems against large-scale disruptions, attackers are narrowing their focus on developers. The emergence of the Quasar Linux (QLNX) rootkit demonstrates a sophisticated shift toward compromising development environments to steal credentials and maintain long-term persistence, highlighting a need for heightened monitoring in technical workflows.

On the operational side, the reality of third-party risk and the evolution of AI-driven security are coming to the forefront. A significant breach at Vimeo, impacting 119,000 users through a vendor compromise, serves as a stark reminder of supply chain vulnerabilities, even as law enforcement successfully dismantled a major €50 million fraud ring in Europe. Simultaneously, the industry is pivoting toward “Cybernomics” and education; Cisco’s acquisition of Astrix Security underscores the urgent need to manage non-human identities in AI, while Virginia State University’s new $1.03 million research center signals a long-term commitment to defending industrial systems from AI-accelerated threats.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

CISA urges critical infrastructure fortification

The Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance urging critical infrastructure operators to strengthen their systems against potential disruptions during major incidents. The agency is providing resources and recommendations to help organizations maintain operational continuity when facing cyber threats or other emergencies. Critical infrastructure sectors including energy, water, healthcare, and transportation are encouraged to review and implement the protective measures outlined in CISA’s guidance. Read More

Quasar Linux malware targets developers

A new Linux malware called Quasar Linux (QLNX) is actively targeting software developers with rootkit, backdoor, and credential-stealing capabilities. The implant operates stealthily on compromised systems, combining multiple attack techniques to maintain persistence and exfiltrate sensitive data. Developers should review their systems for indicators of compromise, implement enhanced monitoring, and follow security best practices for development environments. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Vimeo breach via Anodot vendor impacts 119K users

Vimeo disclosed a data breach affecting 119,000 users after the ShinyHunters cybercrime group accessed user information through a compromised third-party analytics vendor, Anodot, in April 2026. The exposed data includes email addresses, names, video titles, and technical metadata, but does not include video content, login credentials, or payment information. Vimeo has disabled Anodot’s access, engaged external security experts, and notified law enforcement while the investigation continues. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Cisco Acquires Astrix Security for AI Agent Protection

Cisco announced plans to acquire Astrix Security, a specialist in Non-Human Identity (NHI) security, to address vulnerabilities created by AI agents in enterprise environments. AI agents use non-human credentials like API keys and OAuth tokens to access systems, and if compromised, attackers can execute malicious actions at scale; currently only 24% of organizations have adequate controls for AI agent actions. The acquisition will integrate Astrix’s capabilities into Cisco’s security platform, enabling discovery, lifecycle management, threat detection, and secrets management for AI agents under a Zero Trust model. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

EUR 50M Online Fraud Network Dismantled

Austrian and Albanian authorities, supported by Europol and Eurojust, have dismantled a criminal network responsible for large-scale online fraud estimated at EUR 50 million over two years. The operation resulted in ten arrests and the seizure of nearly EUR 900,000 in cash following searches of multiple premises. Organizations should review their fraud detection systems and verify that customer authentication processes are robust against sophisticated social engineering attacks. Read More

💻 CAREER ENABLEMENT

VSU Awarded $1.03M for AI and Cybersecurity Center

Virginia State University received $1.03 million in federal funding to establish a Center for Generative AI and Industrial Cybersecurity, announced during a May 5 campus visit by Congresswoman Jennifer McClellan. The center will research AI risks including misinformation, bias, and job displacement while focusing on protecting critical infrastructure systems from cyberattacks. Students and faculty will gain access to advanced AI tools and high-performance computing systems to build and test AI models for both research and real-world cybersecurity applications. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.05

CyberMaterial — Tue, 05 May 2026 14:02:22 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The global threat landscape is currently dominated by high-impact supply chain compromises and critical infrastructure vulnerabilities. North Korean state-sponsored group ScarCruft has successfully pivoted to supply chain attacks by trojanizing gaming platforms to deploy the BirdCall backdoor, while Trellix, a major cybersecurity vendor, recently confirmed that threat actors gained unauthorized access to its source code repository. Simultaneously, hardware and software giants like Qualcomm and WhatsApp have rushed to patch critical flaws—ranging from remote code execution in chipsets to URL execution vulnerabilities in Instagram Reels integration—highlighting a persistent trend where attackers exploit trusted third-party integrations and ubiquitous hardware to gain foothold in diverse environments.

On the regulatory and strategic front, the industry is seeing a shift toward more nuanced attribution and a reversal in privacy standards. The introduction of DarkAtlas’s campaign-based attribution framework represents a move away from rigid group labels toward a multi-layered, confidence-based model for tracking APT evolution. Meanwhile, legal systems are securing wins against cybercrime infrastructure, evidenced by the 8.5-year sentencing of a Latvian negotiator for the Karakurt ransomware group. However, user privacy faces a setback as Meta announces the discontinuation of end-to-end encryption for Instagram DMs, citing low adoption and shifting focus toward moderation and AI training capabilities.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

CISA Adds Major Linux Kernel Vulnerability to Known Exploited Vulnerabilities Catalog

The United States Cybersecurity and Infrastructure Security Agency has officially added CVE-2026-31431, a critical Linux Kernel flaw known as Copy Fail, to its list of exploited vulnerabilities. This high-severity bug allows unprivileged local users to gain root access across nearly all major Linux distributions by manipulating the system page cache. Read More

Cybercrime Syndicates Exploit Vishing and SSO Vulnerabilities for High-Speed Cloud Extortion

Recent investigations into modern cyber threats reveal that sophisticated hacking groups are increasingly leveraging voice phishing and Single Sign-On weaknesses to execute rapid extortion campaigns against corporate SaaS environments. These attackers bypass traditional perimeter defenses by tricking employees into revealing credentials or approving multi-factor authentication prompts, allowing them to move laterally through cloud applications with unprecedented speed. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Trellix Confirms Unauthorized Source Code Access

Trellix, a major US cybersecurity vendor formed from the 2021 merger of McAfee Enterprise and FireEye, disclosed on May 4 that threat actors gained unauthorized access to a portion of its source code repository. The company claims no evidence shows its code release or distribution process was compromised or that the stolen code has been exploited, though investigations continue with law enforcement and forensic experts. Security researchers warn that access to a security vendor’s source code provides attackers with detailed knowledge of detection mechanisms and potential supply chain attack vectors, particularly concerning recent campaigns targeting security tools like Trivy that exposed enterprise credentials. Read More

ScarCruft Compromises Gaming Platform

North Korean state-sponsored hacking group ScarCruft compromised a video game platform in a supply chain attack, embedding the BirdCall backdoor into platform components. The attack specifically targets ethnic Koreans living in China, expanding beyond the backdoor’s previous Windows-only deployment. By trojanizing legitimate gaming software, the attackers can distribute malware to a broader user base through trusted update mechanisms. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

New Attribution Framework for APT Campaign Tracking

Security researchers at DarkAtlas have introduced a campaign-based attribution framework that tracks Advanced Persistent Threat (APT) groups by analyzing discrete operational clusters rather than assuming fixed group identities. The framework uses a multi-layered evidence model examining six dimensions (strategic, operational, tactical, technical, infrastructure, and human factors) to establish confidence-based connections between campaigns, addressing the problem that adversaries frequently change tools, infrastructure, and personnel. This approach replaces single-indicator attribution with a Campaign Linkage Graph that maps weighted relationships between operations, allowing analysts to track threat actor evolution without relying on rigid group labels. Read More

Instagram Discontinues End-to-End Encryption

Meta will discontinue Instagram’s optional end-to-end encrypted direct messaging feature on May 8, 2026, citing low adoption rates. After this date, all Instagram direct messages will use standard transport encryption, meaning Meta’s servers can decrypt and access message content for moderation, AI training, and law enforcement requests. Users who previously used encrypted chats have until May 8 to export their encrypted message history before it becomes accessible to Meta’s systems. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Karakurt negotiator sentenced to 8.5 years

A Latvian national has been sentenced to 8.5 years in U.S. prison for serving as a negotiator for the Karakurt ransomware group, a Russian cybercrime operation. The defendant was extradited to the United States to face charges related to his role in facilitating ransom negotiations between the criminal group and its victims. Organizations should review their incident response plans and ensure they have protocols for handling ransomware negotiations while cooperating with law enforcement. Read More

💻 CAREER ENABLEMENT

Carleton College launches student cybersecurity teams

Carleton College has launched student cybersecurity teams with funding support from Shavlik to provide dedicated servers for training and competition. Information Security Officer Kendall George is directing the project across multiple colleges. The initiative aims to develop practical cybersecurity skills among students through hands-on team activities. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.04

CyberMaterial — Mon, 04 May 2026 14:03:00 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current threat landscape is defined by a volatile mix of high-speed cloud extortion and critical infrastructure vulnerabilities. From the widespread “Copy Fail” Linux kernel flaw to the “Salt Typhoon” infiltration of IBM subsidiaries, attackers are exploiting both deep-system bugs and human-centric weaknesses like vishing and SSO gaps. These incidents, coupled with a massive data breach at Instructure affecting millions, highlight a shift toward rapid, high-impact campaigns that bypass traditional defenses to compromise national digital sovereignty and global supply chains.

Simultaneously, the integration of AI is fundamentally altering the pace of cybersecurity, with the UK NCSC warning that automated vulnerability discovery is forcing an era of “hyper-patching.” In response, the industry is pivoting toward quality over quantity; Google’s strategic shift in its bug bounty programs prioritizes human-driven, high-impact research to filter out AI-generated noise. As state-sponsored operatives face legal accountability in international courts, the focus for organizations has moved beyond simple perimeter defense toward systemic resilience and the mitigation of third-party risks.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

CISA Adds Major Linux Kernel Vulnerability to Known Exploited Vulnerabilities Catalog

Cybercrime Syndicates Exploit Vishing and SSO Vulnerabilities for High-Speed Cloud Extortion

🚨INCIDENTS & REAL-WORLD IMPACT

Ubuntu Infrastructure Disruptions Linked to Coordinated DDoS Campaign

Canonical and Ubuntu face widespread service interruptions following a targeted cyberattack claimed by a hacktivist collective. The ongoing incident has disabled essential web systems and repository access, leaving millions of users temporarily unable to perform routine system updates or software installations. Read More

ShinyHunters Targets Instructure in Massive Data Breach Affecting Millions

Educational technology giant Instructure has confirmed a security breach involving its Canvas platform, with the ShinyHunters hacking group claiming to have stolen personal data from 275 million users. While the company acknowledges the exposure of names and messages, the attackers allege a much larger scale of theft involving thousands of schools and a compromise of the company’s Salesforce environment. Read More

Salt Typhoon Linked to IBM Subsidiary Breach

“The April 2026 infiltration of IBM Italy subsidiary Sistemi Informativi has ignited urgent discussions regarding European digital sovereignty and the persistent threat of state-sponsored espionage. Attributed by intelligence sources to the China-linked group Salt Typhoon, the incident underscores the vulnerability of national infrastructure when managed by third-party IT providers. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

AI accelerates vulnerability discovery and forces rapid updates according to UK NCSC

The National Cyber Security Centre warns that artificial intelligence is significantly shortening the time it takes for attackers to find and exploit software vulnerabilities. This trend is expected to trigger a massive wave of urgent security patches as hidden flaws across the global technology ecosystem are exposed at an unprecedented pace. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Russian cyber operative admits to sabotaging international energy infrastructure

A Russian hacker linked to state-sponsored attacks on global oil and gas systems has pleaded guilty in a U.S. federal court. Artem Vladimirovich Revenskii faces a potential 27-year prison sentence for his role in damaging critical infrastructure across multiple nations, including the United States and Ukraine. Read More

💻 CAREER ENABLEMENT

Google Shifts Bug Bounty Focus Toward High Impact Exploits and Android Security

Google has overhauled its vulnerability reward programs for Android and Chrome to prioritize high-quality research over the high volume of reports generated by artificial intelligence. The update reflects a strategic pivot toward incentivizing human-driven insights and actionable fixes as automated tools continue to flood the system with low-value submissions.Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.05.01

CyberMaterial — Fri, 01 May 2026 14:01:48 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Today’s threat landscape highlights a sophisticated blend of technical and psychological exploits, ranging from malicious AI browser extensions capable of stealing passwords to the hijacking of legitimate PayPal email systems for tech support scams.

The real-world impact is visible in the defacement and holding of Naturalsciences.org via ransomware, while the legal front saw significant victories with Europol dismantling a €50 million Albanian scam ring and the extradition of a major cybercrime platform operator. To counter these evolving risks, the industry is leaning into AI-driven security partnerships like Datalink and Arctic Wolf, alongside structured community defenses such as Patchstack’s specific bug bounty guidelines for WordPress vulnerabilities.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

High-Risk AI Browser Extensions Exposed

Unit 42 has identified high-risk AI browser extensions that pose a significant threat to users by stealing data, intercepting prompts, and exfiltrating passwords. These extensions are often disguised as productivity tools, making them difficult to detect. Users should protect their browsers by being cautious about the extensions they install and regularly reviewing their permissions. Read More

PayPal Emails Hijacked for Tech Support Scams

Scammers are exploiting PayPal’s email system to send deceptive messages that appear legitimate, tricking recipients into calling fake tech support numbers. These emails, which originate from a genuine PayPal address, contain misleading subject lines suggesting unauthorized charges, prompting recipients to contact scammers posing as PayPal support. To protect yourself, avoid calling numbers from suspicious emails, report such emails to PayPal, and use official contact methods to verify any claims. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Ransom note appears on Naturalsciences.org

Naturalsciences.org was targeted by a cyberattack, resulting in a ransom note appearing on the website. The site was temporarily taken offline with a message indicating it was down for construction. It is unclear if the organization paid the ransom, but the site is partially back online; affected parties should monitor for further updates and ensure their cybersecurity measures are robust. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Datalink Partners with Arctic Wolf for AI Security

Datalink Networks has partnered with Arctic Wolf to provide AI-driven security operations to its customers in the U.S. and Canada. This collaboration allows Datalink’s clients to access Arctic Wolf’s security operations portfolio, which enhances detection, investigation, response, and recovery capabilities without the need for a full in-house security operations center. Customers are advised to leverage this partnership to improve their security posture, especially if they lack the internal resources to manage security operations independently. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Europol Busts Albanian Scam Call Centers

Europol has dismantled a sophisticated Albanian scam call center operation, arresting 10 individuals and seizing significant assets. The network, which defrauded victims across multiple countries including Austria, Italy, and the UK, used professional tactics to lure individuals into fake investment schemes, resulting in losses of at least €50 million. Affected individuals are advised to be cautious of unsolicited investment offers and to report any suspicious activities to authorities. Read More

Versus Project Operator Extradited to US

A German national residing in Colombia has been extradited to the United States on charges related to operating ‘The Versus Project’, a cybercrime platform. This extradition is part of a broader effort by the Department of Justice to combat cybercrime, which also included sentencing two individuals involved with BlackCat ransomware. Organizations should remain vigilant and ensure their cybersecurity measures are up-to-date to protect against such threats. Read More

💻 CAREER ENABLEMENT

Patchstack Bug Bounty Guidelines

Patchstack has outlined specific guidelines for their Bug Bounty Program, focusing on vulnerabilities in WordPress core, plugins, and themes distributed through recognized repositories. The program targets vulnerabilities with a significant security impact, requiring a CVSS v3.1 base score of 6.5 or higher, and components with a substantial number of active installs. Reports must adhere to these guidelines, and submissions that fall outside the defined scope or lack verifiable information will be rejected. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.30

CyberMaterial — Thu, 30 Apr 2026 14:02:38 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current cyber threat landscape is characterized by a volatile shift in malware dominance, notably with Vidar ascending as the primary infostealer following law enforcement disruptions of its competitors. Emerging threats like PromptMink highlight a sophisticated evolution in attack vectors, where AI coding assistants are exploited to poison open-source dependencies and drain crypto wallets.

Simultaneously, the ecosystem is witnessing internal friction among ransomware groups leaking each other’s data, while major breaches, such as the Sandhills Medical incident, continue to impact hundreds of thousands. In response, the industry is pivoting toward AI-driven defense roadmaps and increased international law enforcement action, while new professional communities like the Cybercrime Fighters Club aim to bridge the gap through collaborative intelligence.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Vidar Rises to Top of Chaotic Infostealer Market

Vidar, a credential-stealing malware, has become the leading infostealer in the cybercriminal market after law enforcement actions disrupted its main competitors. This rise was facilitated by a major upgrade and expanded distribution network, making it a preferred tool for cybercriminals targeting corporate networks. To protect against Vidar, organizations should implement multifactor authentication, use DNS filtering, and deploy secure web gateways. Read More

PromptMink Malware Targets Crypto Trading Agents

A new malware campaign named PromptMink has been discovered, targeting crypto trading agents by using AI coding assistants to introduce malicious code into open-source projects. The attack involves a seemingly harmless npm package that secretly imports a second, malicious package designed to steal sensitive credentials and gain access to crypto wallets. Developers should scrutinize AI-generated code commits, verify new dependencies, and monitor for unusual network activity to protect against such threats. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Feuding Ransomware Groups Leak Each Other’s Data

Two emerging ransomware groups, 0APT and KryBit, have engaged in a feud that resulted in both leaking each other’s data. This conflict has exposed operational details and infrastructure vulnerabilities, offering valuable insights for cybersecurity defenders. Security professionals are advised to monitor for data staging and exfiltration, ensure backup integrity, and maintain robust anti-ransomware defenses. Read More

Sandhills Medical Ransomware Breach

Sandhills Medical has disclosed a data breach nearly a year after being targeted by the ransomware group Inc Ransom. The breach has affected 170,000 individuals, potentially compromising sensitive personal and medical information. Affected individuals should monitor their accounts for suspicious activity and consider identity theft protection services. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

OpenAI Cyber Defense Roadmap Released

OpenAI has introduced a cyber defense roadmap called ‘Cybersecurity in the Intelligence Age’ to enhance security measures using AI tools. This initiative, led by Sasha Baker, aims to provide defenders with advanced capabilities to outpace malicious actors. Organizations should review this roadmap to understand how AI can be integrated into their security strategies to build resilience. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

U.S. Charges Suspected Scattered Spider Member

Federal authorities have charged 19-year-old Peter Stokes, also known as ‘Bouquet’, for his alleged involvement with the cybercriminal group Scattered Spider. Stokes, a dual U.S. and Estonian citizen, was arrested in Helsinki while trying to board a flight to Japan. Those concerned about potential cyber threats should ensure their systems are updated and monitor for any suspicious activity. Read More

Claude Mythos Fears Startle Japan’s Financial Sector

Japan’s financial sector is forming a task force to address potential threats posed by Anthropic’s new AI model, Mythos, which has demonstrated the ability to uncover previously unknown vulnerabilities in software systems. The concern is that Mythos could undermine the cybersecurity of financial institutions, potentially leading to severe disruptions. Organizations are advised to focus on strengthening their existing cybersecurity measures and not to overestimate the threat posed by Mythos, as similar vulnerabilities are often found by other models. Read More

💻 CAREER ENABLEMENT

Cybercrime Fighters Club Launched

Group-IB has launched the Cybercrime Fighters Club, a community aimed at enhancing collaboration and knowledge sharing in the fight against cybercrime. The club operates on Discord and is open to cybersecurity professionals, enthusiasts, and those interested in learning about cyber threats. Participants can engage in discussions, share insights, and collaborate on researching emerging threats. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.29

CyberMaterial — Wed, 29 Apr 2026 14:02:53 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Critical cybersecurity developments are currently defined by a volatile mix of technical vulnerabilities and aggressive global oversight, ranging from the discovery of a destructive “wiper” flaw in Vect 2.0 ransomware to a major GitHub RCE vulnerability that threatened millions of repositories before being patched.

While Checkmarx and Polymarket navigate the fallout of data security incidents, the regulatory environment is tightening significantly with Meta facing a potential $12 billion EU fine over child safety and Canada proposing a ban on crypto ATMs to combat money laundering. In response to these escalating threats, the industry is pivoting toward AI-enhanced defenses via Malwarebytes and addressing the talent gap through the Pentagon’s new skill-based cyber apprenticeship program.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Critical Flaw in Vect Ransomware

A critical flaw in the Vect 2.0 ransomware causes it to wipe large files instead of encrypting them, making recovery impossible. This flaw affects Windows, Linux, and VMware ESXi systems, and was discovered by Check Point Research. Organizations using these systems should ensure their security measures are up to date and consider additional protective measures against ransomware threats. Read More

GitHub fixes critical remote code execution flaw

GitHub recently addressed a critical remote code execution vulnerability in their internal git infrastructure, which was discovered by Wiz Research using AI models. This flaw could have potentially allowed attackers to access millions of public and private code repositories. GitHub’s security team quickly validated the issue and deployed a fix within six hours to protect their users’ data. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Checkmarx Data Stolen in Supply Chain Attack

Checkmarx has confirmed that data was stolen from its GitHub environment in a supply chain attack. The breach occurred on March 30, following the publication of malicious code by hackers. Organizations using Checkmarx’s services should review their security measures and monitor for any suspicious activity. Read More

Polymarket denies data breach claims

Polymarket, a prediction markets platform, has denied claims of a data breach after a hacker on the dark web alleged they had accessed private user details. The hacker, using the pseudonym ‘xorcat’, claimed to have stolen over 300,000 records, including 10,000 unique user profiles with sensitive information. Users are advised to monitor their accounts for any suspicious activity and ensure their security settings are up to date. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Malwarebytes integrates with Claude for scam checks

Malwarebytes has integrated its threat intelligence capabilities with AI tools ChatGPT and Claude to help users identify online scams more effectively. This integration allows users to check suspicious links, phone numbers, and email addresses directly within Claude, providing instant feedback on potential threats. To use this feature, users can connect Malwarebytes to Claude without needing a Malwarebytes account and receive trusted answers to their security queries. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Meta Faces EU DSA Violations

Meta is facing potential fines of up to $12 billion for violating the European Union’s Digital Services Act by not adequately preventing children under 13 from using Facebook and Instagram. The European Commission’s preliminary decision highlights that Meta lacks sufficient measures to verify users’ ages and remove underage users from its platforms. To comply, Meta must implement more effective age verification and user identification processes. Read More

Canada proposes crypto ATM ban

The Canadian government has proposed a ban on Bitcoin and other cryptocurrency ATMs, citing their use by scammers and money launderers. The proposal, part of the Spring Economic Update 2026, aims to phase out these machines while allowing Canadians to purchase virtual currencies through traditional money services businesses. This move is intended to tighten oversight of high-risk areas in the cryptocurrency sector. Read More

💻 CAREER ENABLEMENT

Pentagon launches cyber apprenticeship program

The Pentagon has launched a new cyber apprenticeship program aimed at filling technology and cybersecurity vacancies by focusing on skill-based hiring. This initiative is part of a broader effort by the administration to address the shortage of qualified professionals in these critical fields. Individuals interested in pursuing a career in cybersecurity are encouraged to apply for this program to gain the necessary skills and experience. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.28

CyberMaterial — Tue, 28 Apr 2026 14:03:14 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Today’s threat landscape is defined by a volatile mix of state-sponsored stealth, such as Sandworm’s use of SSH-over-Tor, and high-stakes corporate breaches at firms like Itron and Medtronic, while a surge in SMS-based CAPTCHA fraud highlights the continued effectiveness of simple social engineering. Intellectual property remains a prime target, evidenced by the theft of sensitive aerospace software by Chinese actors, even as Proofpoint reports a widespread crisis of confidence regarding AI security controls.

This escalating risk environment is being met with a hammer of regulatory enforcement, with DORA mandating stricter operational resilience in the EU and U.S. privacy fines hitting a staggering $3.45 billion, all while a stagnating, undervalued cybersecurity workforce threatens the very human foundation of global defense.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Fake CAPTCHA scam leads to costly phone bills

Researchers have uncovered a scam that uses fake CAPTCHA pages to trick mobile users into sending international SMS messages, leading to unexpected charges. This scam, known as International Revenue Share Fraud, exploits telecom billing systems to generate revenue for cybercriminals. Users should avoid sending SMS to verify CAPTCHAs, regularly check their phone bills for unusual charges, and consider using mobile protection apps to block malicious sites. Read More

Sandworm Uses SSH-over-Tor Tunnel

The state-sponsored threat group Sandworm, also known as FROZENBARENTS, has been found using SSH-over-Tor tunneling to maintain covert access to targeted networks. This technique is part of their ongoing efforts to infiltrate government bodies, energy firms, and research institutions for intelligence gathering. Organizations should enhance their network monitoring and implement robust security measures to detect and prevent such sophisticated intrusions. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Itron discloses security breach

Itron, a U.S.-based company specializing in smart solutions for energy and water infrastructure, experienced unauthorized access to its IT systems on April 13, 2026. The breach did not affect customer-hosted systems, and Itron has engaged cybersecurity experts and law enforcement to investigate and contain the incident. Operations continue largely unaffected, and the company is assessing the need for further legal and regulatory actions while insurance is expected to cover much of the incident’s costs. Read More

Medtronic Confirms Data Breach

Medtronic, a leading medical technology company, confirmed a data breach on April 24, where an unauthorized party accessed its corporate IT systems. The breach did not affect Medtronic’s product safety, customer connections, or manufacturing and distribution operations, and there was no impact on patient safety or hospital networks. Medtronic has taken steps to contain the breach, is investigating the incident with cybersecurity experts, and is committed to enhancing its cybersecurity measures. Read More

Chinese Engineer Stole US Military Software

A Chinese aerospace engineer named Song Wu impersonated US researchers and engineers to obtain sensitive military software from NASA, the US military, and universities over four years. This breach involved the unauthorized sharing of aerospace engineering and computational fluid dynamics software, which is crucial for developing advanced weapons and is protected under US export controls. Organizations should enhance their cybersecurity measures, particularly against social engineering attacks, and ensure employees are trained to recognize and report suspicious requests for information. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Proofpoint AI Incident Report 2026

Proofpoint’s 2026 AI and Human Risk Landscape report reveals that over half of organizations lack confidence in their AI security controls to detect compromised AI systems. The study, which surveyed over 1,400 security professionals globally, highlights that while AI adoption is widespread, many organizations struggle with security readiness and incident investigation across multiple systems. Organizations are advised to consolidate security tools and enhance AI protections to better manage the risks associated with AI deployment. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

DORA and Operational Resilience

The EU’s Digital Operational Resilience Act (DORA), effective since January 2025, mandates financial services firms to systematically manage IT risk, test resilience under realistic conditions, and govern third-party dependencies. Despite progress, many organizations still struggle to meet these requirements, particularly in maintaining control during incidents when access is compromised. To comply with DORA, firms should implement independent management access to critical infrastructure, ensuring operational control even when primary networks are disrupted. Read More

U.S. Companies Face Record Privacy Fines in 2025

In 2025, U.S. states imposed $3.45 billion in fines on companies for privacy violations, surpassing the total from the previous five years combined. This surge in penalties is attributed to stronger state privacy laws, enhanced interstate enforcement collaborations, and increased scrutiny on AI’s impact on privacy. Companies are advised to strengthen their privacy programs to comply with evolving regulations and avoid substantial fines. Read More

💻 CAREER ENABLEMENT

Cybersecurity Professionals Feel Undervalued

A recent report reveals that over three-quarters of cybersecurity professionals did not receive a pay raise last year, leading to feelings of being undervalued and prompting many to consider changing jobs. Despite significant cybersecurity incidents, only 22% of organizations have increased their investment in cybersecurity, leaving many professionals pessimistic about future pay increases. To retain talent and reduce risk, companies should ensure cybersecurity staff feel valued and supported. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.27

CyberMaterial — Mon, 27 Apr 2026 14:01:18 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current threat landscape is defined by sophisticated social engineering, such as Vidar infostealer’s use of fake CAPTCHAs, and critical Linux vulnerabilities like Pack2TheRoot, while major service disruptions have hit both Outlook.com and eBay, the latter suffering a massive DDoS attack.

In the corporate and policy spheres, Alphabet’s $40 billion play for Anthropic signals massive AI consolidation, even as CISA faces leadership instability following Sean Plankey’s withdrawal and Belgium formalizes a new national cyber crisis response plan. Amidst these challenges, the sector continues to evolve through specialized talent pipelines, highlighted by Aspiritech’s new apprenticeship program for neurodivergent professionals.

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Vidar Infostealer Spreads via Fake CAPTCHAs

A new version of the Vidar infostealer malware is spreading through fake CAPTCHA challenges, targeting users by hiding in JPEG and TXT files. This malware employs fileless attack techniques to steal sensitive information such as browser data and cryptocurrency wallet details. Users should be cautious of unexpected CAPTCHA prompts and ensure their security software is up to date to detect and prevent such threats. Read More

Pack2TheRoot Linux Vulnerability

A vulnerability known as ‘Pack2TheRoot’ has been identified in PackageKit, a package management system used in Linux. This flaw allows unprivileged users to gain root access by exploiting a race condition during package installation. Users and administrators should update their systems to the latest version of PackageKit to mitigate this risk. Read More

Phishing Campaign Targeting Robinhood Users

A phishing campaign is targeting Robinhood users by sending emails that appear to be from the company, as warned by Ripple’s former CTO David Schwartz. These emails are designed to deceive recipients into believing they are legitimate, potentially leading to the compromise of personal information. Users should be cautious of unexpected emails from Robinhood and verify their authenticity before responding or clicking on any links. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Microsoft Outlook.com Access Issues

Microsoft has reported a service degradation affecting Outlook.com, causing users across multiple regions to experience issues such as intermittent access failures, delayed email delivery, and inability to load the webmail interface. This incident is part of ongoing Microsoft 365 service instability, with a fix expected to be fully deployed by April 28, 2026. Affected users are advised to follow temporary workarounds provided by Microsoft and monitor the service health dashboard for updates. Read More

eBay Faces Widespread Outage Due to DDoS Attack

eBay experienced a significant outage starting on April 26, 2026, affecting users worldwide who faced issues with essential site functions like search and checkout. The disruption, suspected to be caused by a denial-of-service attack allegedly claimed by the hacktivist group 313 Team, left buyers and sellers unable to complete transactions or access critical tools. Users are advised to monitor eBay’s official channels for updates and consider alternative platforms for urgent transactions until services are fully restored. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Google plans $40bn investment in Anthropic

Google’s parent company, Alphabet, plans to invest up to $40 billion in AI company Anthropic, with an initial $10 billion cash commitment and the remaining $30 billion contingent on performance criteria. This follows Amazon’s announcement of a similar investment plan, highlighting significant activity in the AI sector as companies seek to enhance their capabilities. Businesses should monitor these developments as they could impact the competitive landscape in AI technology and cloud services. Read More

CISA Director Nominee Withdraws

Sean Plankey, current administration’s nominee to lead the Cybersecurity and Infrastructure Security Agency (CISA), has withdrawn his candidacy after a prolonged and stalled nomination process in the Senate. Plankey cited the Senate’s lack of confirmation as the reason for his withdrawal, despite being renominated earlier this year. The withdrawal leaves CISA without a permanent leader as it faces challenges such as personnel cuts and mission downsizing. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Belgium’s New Cyber Crisis Response Plan

Belgium has updated its national cyber crisis response plan, originally adopted in 2017, to align with current threats and European regulations. This revised plan, formalized by Royal Decree, provides a structured framework for managing cyber incidents, detailing roles, responsibilities, and procedures for both public and private stakeholders. Organizations in Belgium should familiarize themselves with this framework to ensure effective collaboration and preparedness in the event of a cyber crisis. Read More

💻 CAREER ENABLEMENT

Aspiritech Celebrates Cybersecurity Apprenticeship

Aspiritech, a nonprofit based in Evanston, has launched a federally registered Cybersecurity Apprenticeship Program aimed at connecting adults on the autism spectrum with careers in high-demand tech fields. This initiative addresses the high unemployment rate among autistic individuals while meeting the growing demand for cybersecurity professionals. To participate or learn more, interested parties can attend an event at Aspiritech’s headquarters on April 30, which will include demonstrations and discussions with industry leaders. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.24

CyberMaterial — Fri, 24 Apr 2026 14:03:22 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The latest cyber threat landscape is marked by sophisticated session-stealing attacks targeting Telegram desktop users via PowerShell scripts and fraudulent CAPTCHA pages used to facilitate international SMS fraud.

High-profile incidents include a data breach at UK Biobank involving the sale of de-identified research data and the rise of large-scale Chinese botnets using compromised edge devices for espionage. Amidst these threats, French authorities successfully arrested the notorious hacker “HexDex,” while the broader tech industry faces internal shifts as Meta and Microsoft implement thousands of job cuts to pivot their resources toward artificial intelligence.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

Hackers Exploit PowerShell Script for Telegram Hijack

Hackers have developed a new session-stealing tool targeting Telegram’s desktop client by using a PowerShell script hosted on Pastebin. This script masquerades as a Windows telemetry update and does not aim to steal passwords or browser credentials, focusing solely on Telegram session data. Users of Telegram’s desktop client should be cautious of unexpected updates and verify the source of any scripts before execution. Read More.

Fake CAPTCHA Scam Triggers SMS Fraud

Cybercriminals are exploiting fake CAPTCHA pages to conduct an international SMS fraud scheme, deceiving users into unwittingly participating in international revenue share fraud. Victims are directed to these fraudulent CAPTCHA pages through lookalike and scam domains, which are part of a traffic distribution system. To protect themselves, users should be cautious of unfamiliar CAPTCHA requests and verify the legitimacy of websites before entering any information. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

UK Biobank Data Breach Raises Concerns

The UK Biobank, a major biomedical research resource, experienced a data breach where de-identified participant data was listed for sale on a Chinese website. Although the data did not include personal identifiers like names or addresses, the breach violated data access agreements with academic institutions. In response, UK Biobank has suspended access to its research platform and is implementing stricter security measures to prevent future incidents. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Chinese Cyber Espionage via Compromised Devices

China-linked cyber threat actors are now using large-scale covert networks and botnets made from compromised routers and edge devices, according to the National Cyber Security Centre (NCSC). This shift from individually procured infrastructure poses a threat to organizations of all sizes, particularly through VPN and remote access connections. Organizations are advised to map and baseline traffic from these devices to mitigate the risk. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

French Police Arrest HexDex Hacker

French police have arrested a 20-year-old hacker known as HexDex, suspected of stealing data from numerous organizations, including sports federations and government offices, and posting it online. The investigation began in December 2025 after nearly 100 reports of data theft, and the suspect was apprehended just before leaking more data. Affected parties should review their security measures and monitor for any unauthorized data access or leaks. Read More

💻 CAREER ENABLEMENT

Job Cuts at Meta and Microsoft

Meta and Microsoft have announced significant job cuts as they shift focus towards artificial intelligence investments. Meta plans to cut around 8,000 jobs and leave 6,000 positions unfilled, while Microsoft is offering voluntary redundancies to about 8,750 employees. Affected employees should prepare for potential job transitions and stay informed about upcoming company updates. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.23

CyberMaterial — Thu, 23 Apr 2026 14:46:52 GMT

Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The current cybersecurity landscape is marked by sophisticated shifts in attack vectors, including indirect prompt injection against AI assistants and the use of custom exfiltration tools by groups like Trigona to bypass traditional defenses. Real-world consequences are evident in high-profile data breaches at Rituals and supply chain compromises within Checkmarx tools, while the education sector faces a massive 63% surge in attacks targeting research data.

Legal and technical remediations are also evolving, as seen in Apple’s patch for Signal message vulnerabilities and a UK court ruling validating police use of live facial recognition. In response to these escalating risks, academic institutions like EWU are expanding specialized programs to bridge the critical talent gap in the cyber workforce.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

New Attacks on AI Assistants

Cybersecurity researchers have discovered new attacks targeting AI assistants such as GitHub Copilot through indirect prompt injection. These attacks exploit hidden website code to manipulate the AI’s behavior. Users and developers should be vigilant about the websites they interact with and consider implementing security measures to protect AI systems from such vulnerabilities. Read More

Trigona Ransomware Uses Custom Exfiltration Tool

The Trigona ransomware group has shifted tactics by using a custom-developed tool for data exfiltration instead of widely available utilities. This new tool, called uploader_client.exe, allows attackers to efficiently steal high-value data while evading detection. Organizations should enhance their security measures by monitoring for unusual network activity and updating their defenses against custom malware tools. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Rituals Discloses Data Breach

Luxury cosmetics company Rituals has disclosed a data breach affecting its My Rituals members. Hackers accessed and downloaded customer data, including names and addresses. Affected individuals are being notified, and they should monitor their accounts for any suspicious activity. Read More

Checkmarx Supply Chain Security Incident

Checkmarx has identified a supply chain security incident involving malicious artifacts in several of its products, including DockerHub KICS images and GitHub actions. Customers using versions or SHAs published before the affected timeframes are not impacted, but those using specific versions and tags should take immediate action. Recommended steps include blocking certain domains, using pinned SHAs, reviewing auto-update settings, and rotating credentials if a compromise is suspected. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Cyber-Attacks Surge 63% in Education Sector

Educational institutions worldwide have seen a 63% rise in cyber-attacks, driven by geopolitical tensions, ransomware, and hacktivism, according to Quorum Cyber’s report. The report highlights significant increases in data breaches, hacktivist activities, and ransomware incidents, with universities particularly targeted for their valuable research. To mitigate these threats, institutions are advised to implement intelligence-led vulnerability management, dark web monitoring, robust backups, incident response exercises, and strong password management. Read More

Apple fixes security flaw in Signal app

Apple has addressed a security flaw that allowed the FBI to access deleted Signal messages through the iPhone’s push notification database. This vulnerability, which affected users of the Signal app, was highlighted in court documents related to an FBI investigation. Users should update their iOS devices to the latest version to ensure this issue is resolved and their data remains secure. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

UK Court Upholds Facial Recognition Policy

The High Court of Justice in the UK has upheld the Metropolitan Police Service’s Live Facial Recognition Policy, dismissing a legal challenge that claimed the policy allowed excessive discretion in its deployment. The court found that the policy includes clear rules and safeguards, limiting its use to specific scenarios and ensuring oversight and proportionality assessments. Despite concerns about privacy and potential misuse, the ruling confirms the policy’s compliance with legal standards, influencing future use and regulation of surveillance technology in the UK. Read More

💻 CAREER ENABLEMENT

Cybersecurity program expands at EWU

Eastern Washington University (EWU) is expanding its cybersecurity program in response to the growing demand for skilled professionals in the field. The cybersecurity industry is rapidly growing due to increasing threats to critical infrastructure and the reliance on digital systems, yet there remains a significant gap between the number of available jobs and qualified workers. To address this, EWU is enhancing its curriculum and has been recognized as a National Center of Academic Excellence in Cyber Operations by the National Security Agency, aiming to equip students with the skills needed to tackle evolving cyber threats. Read More

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.22

CyberMaterial — Wed, 22 Apr 2026 14:02:29 GMT

In today’s edition, the cybersecurity environment is characterized by high-sophistication attacks targeting decentralized finance (DeFi), software supply chains, and healthcare infrastructure. North Korean actors continue to lead aggressive campaigns, utilizing novel AppleScript and ClickFix methods against macOS systems and posing as fake IT workers to infiltrate cloud environments. Meanwhile, the discovery of CanisterWorm malware within Namastex npm packages and the evolution of the GoGra backdoor by the Harvester group highlight a persistent trend of exploiting developer ecosystems and covert command-and-control channels to bypass traditional defenses.

Real-world impacts have hit the financial and medical sectors hard, evidenced by a $3.5 million exploit of Volo Protocol vaults and a significant ransomware attack on the Caribbean Medical Center, compromising nearly 92,000 patient records. Legal and regulatory responses are intensifying as authorities crack down on insider threats and infrastructure providers; notable developments include the guilty plea of a ransomware negotiator linked to the BlackCat group and a massive investigation into the ProxySmart SIM farm network. Additionally, major consumer platforms like Roblox are facing million-dollar settlements to enforce stricter child safety and age verification protocols amidst growing public and legal pressure

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

⚡THREAT LANDSCAPE

North Korean Hackers Target Financial Organizations

North Korean hackers are targeting financial organizations, including those involved with cryptocurrency, venture capital, and blockchain. They are using AppleScript and ClickFix in new attacks on macOS systems. Organizations in these sectors should enhance their security measures to protect against these threats. Read More

Harvester Expands Toolset with GoGra Backdoor

The Harvester APT group has developed a new Linux version of its GoGra backdoor, which uses the Microsoft Graph API and Outlook mailboxes for covert command-and-control communication, bypassing traditional network defenses. This malware has been linked to a previous Windows espionage campaign by Harvester, with initial targets appearing to be in India and Afghanistan. Security professionals should monitor for indicators of compromise and update their defenses accordingly to mitigate potential threats from this evolving malware. Read More

Namastex npm Packages Deliver Canister Worm Malware

Malicious versions of npm packages from Namastex.ai have been found to contain CanisterWorm malware, which is a self-propagating backdoor linked to the threat actor TeamPCP. This malware replaces legitimate package contents with infected code, spreads across namespaces using stolen credentials, and exfiltrates sensitive data such as cloud credentials and SSH keys. Developers using these packages should immediately rotate their npm tokens and other credentials, audit package histories for suspicious changes, and enable script analysis to detect malicious postinstall hooks. Read More

🚨INCIDENTS & REAL-WORLD IMPACT

Volo Protocol Hacked for $3.5M

Volo Protocol, a decentralized finance platform, has suffered a security breach resulting in the loss of $3.5 million from select vaults. The affected assets include Wrapped Bitcoin, Matrixdock Gold, and USDC, but the protocol has assured that $28 million in other vaults remains secure. Volo has frozen the compromised assets and is working on fund recovery while planning to absorb the losses without impacting users. Read More

Ransomware Attack on Hospital Caribbean Medical Center

A ransomware attack on Hospital Caribbean Medical Center in Puerto Rico has compromised the data of up to 92,000 individuals, with a group called The Gentlemen claiming responsibility. The breach involved sensitive patient information, and the hospital has since enhanced its security measures. Affected individuals should monitor their personal information and consider identity protection services. Read More

🔓 EXECUTIVE RISK & CYBERNOMICS

Anker’s New AI Chip Announcement

Anker has introduced a new AI chip called Thus, designed to enhance local AI capabilities in audio devices, mobile accessories, and IoT devices. The Thus processor is notable for being the first neural-net compute-in-memory AI audio chip, which is smaller and more power-efficient than traditional chips. This innovation is expected to benefit smaller devices by reducing the power needed for complex computations. Read More

Microsoft warns of fake IT worker identities

Microsoft has issued a warning about the North Korean group Jasper Sleet, which is exploiting remote hiring practices to infiltrate cloud environments by posing as legitimate IT workers. This tactic takes advantage of the increased reliance on global remote hiring and online identity verification since the pandemic. Companies are advised to strengthen their identity verification processes and monitor access to cloud environments to prevent unauthorized access. Read More

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Massive SIM Farm Network Exposed

A global investigation has exposed a vast mobile proxy network called ProxySmart, which operates across 17 countries and involves 87 control panels and 94 phone-farm locations. This network facilitates large-scale fraud and identity evasion by using real smartphones and modems connected to carrier networks, making it difficult for anti-fraud systems to detect. Security professionals should be aware of this threat and consider enhancing their detection and prevention measures to address the challenges posed by such sophisticated proxy networks. Read More

Ransomware Negotiator Pleads Guilty

Angelo Martino, a former ransomware negotiator, has pleaded guilty to collaborating with the BlackCat ransomware group to launch attacks against multiple US victims. Martino, who worked for Digital Mint, provided sensitive information to BlackCat and conspired with others to deploy ransomware, resulting in significant financial losses for various organizations. Authorities have seized $10 million in assets from Martino, and he faces up to 20 years in prison when sentenced on July 9. Read More

Roblox Settles with Alabama and West Virginia

Roblox has reached settlements with Alabama and West Virginia over child safety concerns on its gaming platform, agreeing to pay $12.2 million and $11 million respectively. The settlements aim to enhance safety measures, including stricter age verification and expanded parental controls, to protect children from harmful content and interactions. Roblox will also fund safety initiatives and educational workshops in both states as part of the agreement. Read More

💻 CAREER ENABLEMENT

1Nebula achieves ISO 27001 certification

1Nebula has achieved ISO 27001 certification, indicating that the company has met international standards for information security management. This certification affects 1Nebula’s clients and partners, as it assures them of the company’s commitment to protecting sensitive information. Organizations working with 1Nebula can continue their partnerships with confidence, knowing that the company adheres to rigorous security protocols. Read More