CyberMaterial: Cyber Briefing

🚨 Cyber Alerts

1.WhatsApp Warns Users of iOS Spyware Risk

WhatsApp has notified approximately 200 users, primarily in Italy, who were targeted by a fraudulent iOS application containing spyware. In response, the platform logged out affected accounts and initiated legal action against Asigint, an Italian firm accused of developing the counterfeit software.

2. Cisco IMC Auth Bypass Gives Admin Access

Cisco has launched critical security updates to address an authentication bypass vulnerability in its Integrated Management Controller that allows unauthenticated remote attackers to gain administrative control. The company also patched several other high-severity flaws, including a remote code execution vulnerability in its Smart Software Manager On-Prem systems.

3. UNC1069 Hits npm via Axios Maintainer

The Axios npm package maintainer revealed that the project was compromised through a sophisticated social engineering campaign led by North Korean threat actors known as UNC1069. By impersonating a legitimate company founder and deploying malware during a fraudulent video call, the attackers gained the credentials necessary to publish malicious versions of the highly popular library.

For more alerts click here!

💥 Cyber Incidents

4. Handala Claims Breach of Israeli PSK

Hackers linked to Iran have announced a breach of PSK Wind, an Israeli defense firm responsible for developing vital command and control systems. The group, known as Handala, claims to have exfiltrated sensitive data and distributed it to regional military allies to undermine Israeli security infrastructure.

5. Hasbro Hit in Cyberattack Disrupting Ops

Hasbro recently reported a cyberattack that forced the company to disable various systems, potentially leading to significant disruptions in order processing and product distribution. According to a filing with the Securities and Exchange Commission, the toy manufacturer expects to rely on backup business continuity plans for several weeks as they work to restore full functionality.

6. Drift Hit By North Korean Hackers Seize Funds

The Drift Protocol suffered a loss of over 280 million dollars after a sophisticated attacker seized control of its Security Council administrative powers. Blockchain analysts have attributed the breach to North Korean hackers, citing specific on-chain patterns and timing consistent with previous state-sponsored cyber operations.

For more incidents click here!

📢 Cyber News

7. Man Admits Locking Thousands of Windows PCs

A former core infrastructure engineer has admitted to orchestrating a failed extortion plot that involved locking administrators out of hundreds of servers at his New Jersey-based employer. After gaining unauthorized access to the network, the employee attempted to force a ransom payment of 20 bitcoin by deleting administrator accounts and threatening to shut down systems.

8. CERT-EU Reports EC Hack Affecting EU Data

The European Union’s Cybersecurity Service has linked a significant breach of the European Commission’s cloud infrastructure to the TeamPCP threat actor group. This intrusion, which originated from a supply-chain attack, resulted in the exposure of sensitive data belonging to the Commission and at least 29 other Union entities.

9. Free VPNs Leak Data Despite Privacy Claims

Many free Android VPNs function as data collection tools rather than privacy protectors by tracking user activity and requesting invasive permissions. Research shows that these apps often connect to servers in high-risk jurisdictions, turning the promise of free security into a significant privacy threat.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mostly higher on Friday, April 3, 2026, outperforming the broader tech sector as investors reacted to positive channel checks and a stabilizing macroeconomic backdrop. The sector saw a notable uptick in “bottom-fishing” activity, with several major platform providers showing strong intraday recoveries.

Market Summary

The price action suggests a “risk-on” Friday for the sector, with capital flowing back into dominant cloud and network security providers after a period of heavy consolidation.

Platform Leadership: Fortinet (FTNT) continued its streak of outperformance, trading up +4.92%. The company’s consistent growth in SASE and SD-WAN is clearly separating it from the pack in the current high-interest-rate environment.
The “Big Three” Stabilization: CrowdStrike (CRWD) showed a healthy bounce, closing at -13.28% for the period (up +1.48% on the day), while Palo Alto Networks (PANW) tracked closely at -13.59%. The convergence of these two titans suggests the market is beginning to price in a “duopoly” floor for enterprise XDR and cloud security.
Identity Holding Steady: Okta (OKTA) remains resilient at -14.30%, effectively mirroring the performance of the top-tier platform players as identity security remains non-negotiable for enterprise compliance.
Persistent Headwinds: Rapid7 (RPD) remains the significant outlier, down -61.39%. Despite the broader sector bounce, RPD continues to struggle with the market’s preference for broad platform consolidation over specialized vulnerability tools.

Key Insight: As the first week of Q2 closes, the narrative is firmly about “Platformization.” The tight correlation between CRWD, PANW, and OKTA, combined with the breakout of FTNT, indicates that “Quality and Scale” are the primary drivers of investor sentiment. We are witnessing a clear survival-of-the-fittest cycle where the largest ecosystems are successfully absorbing the budgets of smaller, struggling point-solution vendors.

💡 Cyber Tip

🤖 Update Now: Chrome Zero-Day Under Active Attack.

Google has released an emergency update to fix CVE-2026-5281, a high-severity “zero-day” vulnerability currently being exploited by hackers in the wild. This flaw exists in the Dawn graphics component and could allow an attacker to execute malicious code on your system just by luring you to a compromised website.

🛠️ What You Should Do

Update Chrome Immediately: Click the three dots (⋮) in the top-right corner, go to Help > About Google Chrome.
Verify the Version: Ensure you are running version 146.0.7680.177 (Linux) or 146.0.7680.178 (Windows/Mac) or higher.
Relaunch the Browser: The patch is not fully applied until you click Relaunch; simply closing the window may not be enough.
Check Other Browsers: If you use Microsoft Edge, Brave, or Vivaldi, check their settings for updates as they also use the affected Chromium engine.

⚠️ Why This Matters

This vulnerability is particularly dangerous because it is a “zero-day,” meaning hackers discovered and used it before a fix was available to the public. If left unpatched, a remote attacker can exploit this memory error to bypass security boundaries and take control of your device through your web browser.

📚 Cyber Book

Deep Medicine by Eric Topol.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.02

CyberMaterial — Thu, 02 Apr 2026 14:02:21 GMT

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

🚨 Cyber Alerts

1. CERT-UA Impersonation Spreads Malware

The Computer Emergency Response Team of Ukraine recently identified a phishing operation where attackers impersonated the agency to trick organizations into installing a malicious remote administration tool. Using deceptive emails that appeared to be official security alerts, the threat actors distributed a password-protected archive containing a sophisticated trojan known as AGEWHEEZE.

2. Casbaneiro Phishing Targets Europe

A multi-pronged phishing campaign by a Brazilian threat actor is targeting Spanish-speaking organizations in Latin America and Europe to deploy banking trojans. The attack utilizes a complex delivery system involving WhatsApp automation, email hijacking, and deceptive PDF summons to spread malware like Casbaneiro and Horabot.

3. Chrome Zero Day CVE Under Exploit

Google recently launched security patches for Chrome to fix 21 different security issues, including a critical zero-day vulnerability that is already being used by attackers. This specific flaw affects the Dawn component of the browser and could allow hackers to run unauthorized code on a user’s computer through a malicious website.

For more alerts click here!

💥 Cyber Incidents

4. Vertex AI Flaw Exposes Cloud Data

Cybersecurity researchers have identified a flaw in Google Cloud’s Vertex AI platform where default service agent permissions allow for potential data exfiltration and unauthorized environment access. By exploiting the excessive scopes of the Agent Development Kit’s service identity, an attacker can extract credentials to bypass isolation and gain read access to a project’s entire cloud storage.

5. Cyberattack Disrupts Phones In MA Towns

A cybersecurity attack discovered early Tuesday has disrupted several Massachusetts towns connected to the Patriot Regional Emergency Communications Center, impacting administrative systems and business phone lines for local police and fire departments. Despite the breach, officials confirm that the 911 emergency system remains fully operational and there is currently no evidence that private citizen data has been compromised.

6. Mercor Hit By Supply Chain Cyberattack

Mercor, a ten billion dollar artificial intelligence recruiting firm, recently confirmed a major data breach originating from a supply chain attack on the open-source LiteLLM project. The incident has impacted thousands of global organizations relying on the library, with the Lapsus hacking group claiming to have stolen sensitive internal communications, ticketing data, and platform interaction videos.

For more incidents click here!

📢 Cyber News

7. Anthropic Responds To Claude Code Leak

Anthropic is currently working to mitigate the impact of a leak involving the foundational instructions for Claude Code, its popular AI agent for developers. After initially issuing a broad copyright takedown that removed thousands of copies from GitHub, the company has since narrowed its request to focus on a smaller number of specific repositories.

8. Proton Launches Privacy Meet Platform

Proton has launched Meet, a privacy-centric video conferencing tool designed to compete with major platforms by offering end-to-end encryption for all calls. The service is accessible for free without requiring a Proton account and provides a secure alternative for users wary of data collection and AI training practices.

9. Apple Expands iOS Update To Block Exploit

Apple has expanded the distribution of iOS 18.7.7 and iPadOS 18.7.7 to a wider selection of hardware to protect users against the DarkSword exploit kit. This unusual move allows individuals using older software versions to patch critical security vulnerabilities without being forced to upgrade to the newest major operating system.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mixed to slightly lower on Thursday, April 2, 2026, as the initial Q2 “relief rally” took a breather. While the broader market remains sensitive to interest rate speculation and shifting IT budgets, the cybersecurity sector continues to show lower beta compared to other high-growth software segments, reinforcing its status as a defensive tech play.

The price action today suggests a period of consolidation. Investors are closely monitoring the shift from “pure-play” endpoint protection toward holistic identity and secure access service edge (SASE) frameworks.

Platform Stability: Fortinet (FTNT) remained a pillar of relative strength, ending the period down only -0.82%. Its ability to hold near the flatline despite broader tech volatility underscores strong enterprise demand for firewall and hybrid-mesh security.
Identity Resilience: Okta (OKTA) also displayed relative outperformance, closing at -1.85%. As identity continues to be the primary attack vector for AI-driven phishing campaigns, OKTA remains a core holding for many institutional security portfolios.
Growth Sector Rebound: CrowdStrike (CRWD) showed signs of a floor forming, trading at -21.98%. While still down significantly for the period, the stock has clawed back some ground from its March lows as analysts re-evaluate its long-term AI-Falcon platform dominance.

Key Insight: We are seeing a “consolidation of trust.” Organizations are moving away from managing forty different security vendors and are instead doubling down on three or four core platforms. Today’s performance highlights that the market is currently rewarding vendors who can prove their platform’s “stickiness” in a tightening budgetary environment.

💡 Cyber Tip

🤖 Update Now: Chrome Zero-Day Under Active Attack.

🛠️ What You Should Do

Update Chrome Immediately: Click the three dots (⋮) in the top-right corner, go to Help > About Google Chrome.
Verify the Version: Ensure you are running version 146.0.7680.177 (Linux) or 146.0.7680.178 (Windows/Mac) or higher.
Relaunch the Browser: The patch is not fully applied until you click Relaunch; simply closing the window may not be enough.
Check Other Browsers: If you use Microsoft Edge, Brave, or Vivaldi, check their settings for updates as they also use the affected Chromium engine.

⚠️ Why This Matters

The Patient’s Playbook by Leslie Michelson

📚 Cyber Book

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.04.01

CyberMaterial — Wed, 01 Apr 2026 14:01:34 GMT

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

🚨 Cyber Alerts

1. Axios Attack Spreads RAT via npm Hack

The popular HTTP client Axios recently fell victim to a sophisticated supply chain attack after compromised maintainer credentials were used to publish malicious versions 1.14.1 and 0.30.4. These versions injected a trojanized dependency that targets Windows, macOS, and Linux systems, necessitating an immediate downgrade to safe versions and a rotation of all sensitive credentials.

2. DeepLoad Malware Steals Browser Data

A new campaign uses the ClickFix tactic to spread DeepLoad, a sophisticated malware loader that employs AI-generated obfuscation to bypass security scanners. Once active, the malware immediately targets browser credentials and uses advanced techniques like process injection and USB propagation to maintain a persistent, stealthy presence on infected systems.

3. Microsoft Warns Of WhatsApp VBS Malware

Microsoft has issued a warning regarding a recent cyberattack campaign that uses WhatsApp messages to spread harmful Visual Basic Script files. Starting in February 2026, this multi-stage attack establishes a permanent presence on infected devices to grant hackers remote access.

For more alerts click here!

4.Claude Code Source Leaked Via npm

💥 Cyber Incidents

Anthropic recently confirmed that a human error led to the accidental release of internal source code for its AI assistant, Claude Code, through a public package update. While no customer data was compromised, the leak exposed nearly 2,000 internal files and half a million lines of code, providing a detailed blueprint of the tool’s underlying architecture to the public.

5. Ransomware Crashes Jackson County Systems

The Jackson County Sheriff’s Office is currently rebuilding its entire computer network following a devastating ransomware attack that occurred last week. The breach has forced deputies to use paper-alternative methods for reporting and has potentially compromised critical files, including the local sex offender registry.

6. Hacker Takes Over School Facebook Page

A public school district near Schenectady is advising the community to avoid its Facebook page after a hacker took control and began sharing inappropriate videos. While local authorities and the FBI are investigating the breach, the district has confirmed that its internal servers and student data remain secure.

For more incidents click here!

📢 Cyber News

7. Android Dev Verification Rollout Begins

Google is implementing mandatory identity verification for all Android developers to prevent malicious actors from using anonymity to distribute harmful applications. This security initiative will launch in specific regions including Brazil and Southeast Asia this September before a worldwide rollout in 2026.

8. OpenAI Ends Sora App Over Deepfake Fears

OpenAI is shuttering Sora, its viral short-form video application, just months after its high-profile launch. The decision follows intense public scrutiny over deepfakes and the abrupt cancellation of a massive partnership with Disney.

9. Criminal Service Monetizes Ransomware Data

A new cybercrime platform called Leak Bazaar aims to transform raw stolen data into structured, profitable intelligence, escalating the threat of large-scale exploitation. By processing unorganized information into searchable formats, the service enables hackers to more effectively target individuals and businesses for extortion and fraud.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mixed to slightly higher on Wednesday, April 1, 2026, as the sector kicked off the second quarter with a focus on platform consolidation and cloud infrastructure security. While broader market sentiment remained cautious due to ongoing macroeconomic shifts, security “anchors” showed renewed momentum as organizations finalized their Q2 security spend allocations.

Market Summary

The start of the quarter highlights a widening gap between diversified security platforms and specialized point solutions. Investors are increasingly prioritizing vendors with integrated AI capabilities and “all-in-one” SecOps offerings.

Outperformance in Infrastructure: Fortinet (FTNT) led the pack with a solid gain, trading up +1.30% (+3.38% on the day). The stock continues to act as a sector bellwether, buoyed by the convergence of secure networking and hybrid cloud demand.
Identity Stabilization: Okta (OKTA) showed high resilience, ending the period nearly flat at -2.02%, indicating that identity access management remains a top-tier priority for enterprise risk officers.
Endpoint & Growth Pressure: CrowdStrike (CRWD) and Oracle (ORCL) saw continued volatility, trading down -23.32% and -27.16% respectively for the period. Despite the price action, CrowdStrike remains the dominant player in the AI-native XDR space, while Oracle’s security-linked cloud revenue remains a key metric for analysts.
Legacy Headwinds: Rapid7 (RPD) remained under significant pressure, down -64.86%, as the market continues to rotate away from traditional vulnerability management tools in favor of proactive exposure management platforms.

Key Insight: As we enter Q2, the narrative has shifted from “security at any cost” to “operational efficiency through security.” Large-cap winners are those successfully reducing “tool sprawl” for CISOs, a trend underscored by the relative strength of platform plays like FTNT in today’s session.

💡 Cyber Tip

Microsoft has identified a sophisticated campaign using WhatsApp to deliver malicious Visual Basic Script (VBS) files that bypass Windows security prompts. This multi-stage attack disguises itself as legitimate system tools and uses trusted cloud services to gain permanent remote access to your PC.

🛠️ What You Should Do

Verify the Sender: Never open attachments or click links in WhatsApp messages from unknown numbers, even if they look like official documents.
Check File Extensions: Be extremely wary of files ending in .vbs, .js, or .msi sent through chat apps; legitimate documents are rarely sent in these formats.
Keep Software Updated: Regularly install Windows Updates, as these often include patches for the “UAC Bypass” vulnerabilities that this malware exploits.
Use Robust Antivirus: Ensure Microsoft Defender or your preferred security suite is active, as they are being updated to flag the specific renamed tools (like “netapi.dll”) used in this attack.

⚠️ Why This Matters

This malware is particularly dangerous because it mimics standard Windows operations, making it nearly invisible to many traditional security scanners. By bypassing User Account Control (UAC), it can silently grant hackers administrative power over your computer, allowing them to steal data or monitor your activity indefinitely.

📚 Cyber Book

Gambling on AI by James Whittaker Screech

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.31

CyberMaterial — Tue, 31 Mar 2026 14:00:32 GMT

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1.Teampcp Pushes Malicious Telnyx On PyPI

TeamPCP has expanded its supply chain attacks by compromising the telnyx Python package with two malicious versions designed to steal sensitive data across multiple operating systems. Users are urged to downgrade to version 4.87.0 immediately as the infected versions, 4.87.1 and 4.87.2, have been quarantined on the PyPI repository.

2. TA446 Deploys DarkSword iOS Exploit

Proofpoint recently identified a Russian-aligned cyberattack using the DarkSword exploit kit to target iPhone users through deceptive emails. The operation, linked to the FSB-affiliated group TA446, used a fake invitation from the Atlantic Council to deliver GHOSTBLADE malware to high-profile figures.

3. CISA Adds CVE to KEV After F5 Exploit

CISA has added a critical remote code execution vulnerability in F5 BIG-IP Access Policy Manager to its list of known exploited flaws. Originally dismissed as a denial-of-service issue, the vulnerability is now confirmed to be under active exploitation by unknown threat actors.

For more alerts click here!

💥 Cyber Incidents

4. Dutch Police Reveal Phishing Security Breach

The Dutch National Police recently blocked a phishing attack that targeted their systems, though they maintain that no citizen or investigative data was compromised. Security experts are currently conducting a criminal investigation to determine the full scope of the breach and whether any internal employee information was accessed.

5. Stats SA Hit By Ransomware Data Leak

Statistics South Africa recently confirmed that a major ransomware attack compromised the personal information of numerous individuals seeking employment through their official channels. The breach, attributed to a group known as XP95, resulted in the theft of over 450,000 files from a database used to manage online job applications.

6. Lloyds Data Breach Hits 500K Customers

Lloyds Banking Group has issued compensation payments after a significant IT failure earlier this month compromised the private information of nearly half a million account holders. The technical error allowed customers across Lloyds, Halifax, and Bank of Scotland to view the transaction histories and personal data of other individuals.

For more incidents click here!

📢 Cyber News

7. Researcher Decompiled White House New App

The White House has launched a new mobile application on major platforms designed to provide direct access to administration updates and media. Technical analysis reveals the software is a React Native framework built using Expo and WordPress, featuring a specialized script that automatically bypasses paywalls and privacy consent banners on external websites.

8. US Charges Hacker In $53M Uranium Exploit

A crypto hacker who mocked digital assets as fake internet money is now in US custody for a fifty-three million dollar exploit that caused a decentralized exchange to collapse. Legal experts suggest this case signals a shift in how courts view smart contract exploits, moving away from the idea that technical loopholes justify theft.

9. Genesis Market: Check If You Were Targeted

In a major international crackdown known as Operation Cookie Monster, the FBI and Dutch National Police successfully dismantled Genesis Market, a massive criminal platform used to sell stolen digital identities. The National Crime Agency supported the effort by executing dozens of warrants across the UK to target users of the site and help victims secure their compromised accounts.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mixed to slightly higher on Tuesday, March 31, 2026, as the sector continued to act as a defensive hedge amid broader market volatility. Despite persistent headwinds from a partial DHS/CISA funding lapse and ongoing geopolitical uncertainty in the Middle East, high-quality security platforms saw a modest relief rally to close out the quarter.

The “flight to quality“ remains the dominant theme, with investors favoring consolidated platforms over standalone tools as enterprise “skills shortages” and AI-driven threats increase the demand for automated, integrated security.

Platform Leadership: Fortinet (FTNT) showed relative strength, finishing the period down only -6.85%, as it continues to benefit from the convergence of networking and security.
Identity Resilience: Okta (OKTA) showed signs of stabilization at -14.55%, despite a broader rotation out of high-multiple software earlier in the month, as identity remains a critical pillar of Zero Trust mandates.
Endpoint Volatility: CrowdStrike (CRWD) ended the session down -24.53% for the period. While long-term fundamentals remain robust, the stock has faced short-term pressure following a rapid valuation reset across the high-growth SaaS landscape.
Ongoing Disruption: Rapid7 (RPD) remained the primary laggard, down -70.98%, reflecting intense market skepticism toward legacy vulnerability management players in an era dominated by cloud-native security operations.

Key Insight: The “SecOps Consolidation” trend is accelerating. As seen in the recent Axios supply chain attack and the surge in Iranian-linked ransomware, organizations are prioritizing vendors that offer broad visibility across the entire attack surface rather than managing a fragmented “best-of-breed” stack.

💡 Cyber Tip

🤖 Urgent Action Required: F5 BIG-IP Remote Code Execution Vulnerability

CISA has upgraded CVE-2025-53521 to its Known Exploited Vulnerabilities (KEV) catalog following reports of active, sophisticated attacks. While initially thought to be a minor service disruption issue, this flaw is now confirmed to allow attackers full remote control over F5 BIG-IP Access Policy Manager (APM) servers.

🛠️ What You Should Do

Update Immediately: Apply the latest security patches provided by F5 to all BIG-IP APM instances to close the RCE loophole.
Audit System Integrity: Check for “fileless” webshells in system memory and inspect core utilities for unexpected file hash discrepancies or altered timestamps.
Monitor APIs and Logs: Look for unusual local user activity targeting internal management APIs or attempts to disable security features like SELinux.
Scan for Forensic Markers: Search for the presence of unexpected pipe files or suspicious HTTP traffic patterns that mimic legitimate response codes.

⚠️ Why This Matters

This vulnerability is particularly dangerous because it has evolved from a simple denial-of-service risk into a critical gateway for full network compromise. Because attackers are using sophisticated, memory-resident techniques to avoid detection, standard disk-based antivirus scans may not be enough to identify a breach.

📚 Cyber Book

Wired for Risk: The Rise of Online Gambling Addiction by Adam LeMoine

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.30

CyberMaterial — Mon, 30 Mar 2026 13:59:42 GMT

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Russian CTRL Toolkit Hijacks RDP Access

Cybersecurity researchers have identified a Russian-origin remote access toolkit named CTRL that spreads through malicious Windows shortcut files disguised as private key folders. This sophisticated .NET-based malware employs a multi-stage infection process to establish persistence, hijack desktop sessions, and harvest user credentials through deceptive phishing interfaces.

2. Apple Warns Old iPhones of Web Exploits

Apple is actively sending lock screen alerts to users of older iPhones and iPads to warn them about active web-based attacks. These notifications urge individuals to install critical security updates immediately to protect their devices from known exploits.

3. China Linked Clusters Target SE Asia Govt

Three Chinese-aligned threat groups launched a sophisticated, well-funded campaign against a government entity in Southeast Asia throughout much of 2025. This coordinated effort utilized an extensive array of custom malware and remote access trojans to infiltrate and maintain control over the target’s infrastructure.

For more alerts click here!

💥 Cyber Incidents

4. Iran Linked Hackers Breach FBI Email

Iranian-linked hackers successfully breached the personal email account of FBI Director Kash Patel, leaking a collection of photos and older documents online. Federal officials confirmed the intrusion but noted the data was historical in nature and did not contain sensitive government information.

5. EU Investigates Cyberattack on Websites

The European Commission is currently investigating a cyberattack on the Europa.eu platform that may have resulted in the theft of some data. Although the breach affected the cloud infrastructure used by various EU institutions, the Commission stated that the incident has been contained and its internal systems remain secure.

6. Ransomware Hits Goodwill Grand Rapids

Goodwill of Greater Grand Rapids is currently investigating a cybersecurity breach that has disrupted its internal network and retail operations. While the organization is working with law enforcement to restore its systems, local stores remain open but are restricted to cash-only transactions for the time being.

For more incidents click here!

📢 Cyber News

7. Spotify Seeks $300M From Anna’s Archive

Spotify and several major record labels have filed for a 322 million dollar default judgment against the shadow library Anna’s Archive following its failure to respond to a lawsuit regarding the scraping of millions of music files. The legal action seeks both significant financial damages and a permanent injunction to remove the site from the internet by targeting its domain and hosting providers.

8. CISA Chief Warns Shutdown Raises Cyber Risks

Acting Director Nick Andersen recently warned that the ongoing Department of Homeland Security shutdown is causing dangerous security gaps as the agency operates with a severely depleted workforce. With critical proactive measures paused and staff resigning, Andersen cautioned that the accumulating systemic risk leaves national infrastructure increasingly vulnerable to sophisticated adversaries.

9. India To Ban Hikvision TP Link CCTV

The Indian government is implementing a ban on internet-connected CCTV cameras from Chinese manufacturers like Hikvision, Dahua, and TP-Link starting April 1, 2026. This move enforces strict cybersecurity certifications and chipset disclosures to eliminate potential national security risks and foreign espionage vulnerabilities in the country’s surveillance infrastructure.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mixed to slightly higher on Friday, 27 March 2026, even as broader U.S. markets faced pressure from geopolitical tensions and rising oil prices.The sector showed relative resilience, with selective gains across endpoint, cloud, and identity security names.

Zscaler closed at 141.50 dollars and was higher, with the stock recovering despite continued caution around premium cloud security valuations.
Fortinet closed at 81.03 dollars and was higher, showing relative stability as investors balanced macro pressure against ongoing network and platform security demand.
Check Point Software Technologies closed at 142.82 dollars and was higher, with its more defensive positioning helping it hold up better during the broader tech selloff.
SentinelOne closed at 13.40 dollars and was slightly higher, indicating selective buying in endpoint security despite the risk-off market tone.
Rapid7 closed at 5.70 dollars and was higher, outperforming the broader market even as mid-cap software names remained volatile.

💡 Cyber Tip

🤖 Update Now: Defending Against “DarkSword” and “Coruna” Exploits

Apple is currently alerting users of older devices to urgent security risks posed by professional-grade exploit kits that can compromise your phone through malicious websites. To stay safe, you must prioritize software updates or activate specialized defense modes to block these sophisticated “Operation Triangulation” evolutions.

🛠️ What You Should Do

Update Immediately: Go to Settings > General > Software Update and install the latest available version for your device.
Turn on Lockdown Mode: If your device is too old for the latest OS, enable Lockdown Mode in your Privacy & Security settings to restrict vulnerable web features.
Browse Cautiously: Avoid clicking links from unknown SMS or email senders, as these exploits are often delivered via malicious URLs.
Set to Auto-Update: Toggle on Automatic Updates to ensure your device receives “Rapid Security Responses” without manual intervention.

⚠️ Why This Matters

These exploit kits, once reserved for elite state-sponsored hackers, are now widely available to common cybercriminals, significantly increasing the risk of mass malware infections. By staying updated, you close the “attack surface” that these professional frameworks rely on to steal your private data or monitor your activity.

📚 Cyber Book

Smart betting secret and scam expose by OG FSO

Get Book!

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.27

CyberMaterial — Fri, 27 Mar 2026 14:02:49 GMT

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Bearlyfy Targets 70+ Firms With Ransomware

The pro-Ukrainian hacking collective Bearlyfy has executed over 70 cyber attacks against Russian enterprises since its emergence in early 2025, recently deploying a proprietary ransomware known as GenieLocker. Operating with the dual motives of financial extortion and political sabotage, the group has evolved from targeting small businesses to compromising major corporations with ransom demands reaching hundreds of thousands of dollars.

2. LangChain, LangGraph Flaws Expose Data

Researchers have identified three critical security flaws in the LangChain and LangGraph frameworks that could allow unauthorized access to sensitive system files and private data. These vulnerabilities impact widely used tools for building AI applications, potentially exposing environment secrets and entire conversation histories to attackers.

3. Red Menshen Uses BPFDoor For Telecom Spy

A persistent espionage campaign by a Chinese-affiliated threat group has successfully infiltrated telecommunications networks across Asia and the Middle East to monitor government communications. By utilizing advanced kernel-level backdoors like BPFDoor, the attackers maintain invisible, long-term access to critical infrastructure without traditional detection signatures.

For more alerts click here!

💥 Cyber Incidents

4. Maine Agency Hit By Russian Ransomware

The Maine-based mental health provider AMHC recently suffered a ransomware attack reportedly carried out by the Russia-linked cybercrime group Qilin. Although the organization is investigating the network disruption with specialists, they have declined to negotiate with the hackers despite being listed on a dark web leak site.

5. Ransomware Disrupts Spain’s Vigo Port

A ransomware attack has crippled digital systems at Spain’s Port of Vigo, forcing the isolation of its computer servers and a shift to manual cargo management. Although physical ship movements continue, officials have refused to restore network connections until they receive absolute security guarantees, leaving logistics coordination dependent on paper documentation.

6. Ransomware Hits Museum Ticket Systems

The recent ransomware attack on Viva Ticket highlights the critical need for robust cybersecurity measures across both internal systems and external partnerships. The breach impacted approximately 3,500 partners, including prestigious institutions like the Louvre, demonstrating how a single point of failure can disrupt an entire network of high-profile venues.

For more incidents click here!

📢 Cyber News

7. $20B Crypto Scam Market Faces Crackdown

British authorities recently sanctioned Xinbi Guarantee, a massive Telegram-based marketplace that processed approximately $20 billion in illicit transactions. This Chinese-language platform served as a critical backbone for global cybercrime by facilitating money laundering and the sale of equipment used in human trafficking and scam operations.

8. Russian National Faces Prison In Botnet Case

A Russian national has been sentenced to two years in a United States federal prison and ordered to pay $1.6 million for his role in a major ransomware and botnet operation. Ilya Angelov pleaded guilty to managing the Mario Kart botnet, which compromised dozens of American corporate networks and facilitated millions of dollars in extortion payments.

9. Chinese Hackers In Telecom Backbone

A China-linked espionage group has embedded kernel-level implants and passive backdoors within global telecommunications infrastructure to maintain long-term access. These sophisticated sleeper cells target high-level government networks and critical environments using stealthy tools designed to inhabit systems rather than just breach them.

For more news click here!

📈Cyber Stocks

Zscaler closed at 141.50 dollars and was higher, with the stock recovering despite continued caution around premium cloud security valuations.
Fortinet closed at 81.03 dollars and was higher, showing relative stability as investors balanced macro pressure against ongoing network and platform security demand.
Check Point Software Technologies closed at 142.82 dollars and was higher, with its more defensive positioning helping it hold up better during the broader tech selloff.
SentinelOne closed at 13.40 dollars and was slightly higher, indicating selective buying in endpoint security despite the risk-off market tone.
Rapid7 closed at 5.70 dollars and was higher, outperforming the broader market even as mid-cap software names remained volatile.

💡 Cyber Tip

🤖 AI Framework Flaws Could Leak Sensitive Data

Critical vulnerabilities in LangChain and LangGraph could allow attackers to access system files, API keys, and even private AI conversation histories. These flaws impact widely used AI development tools and can expose sensitive data if left unpatched.

🛠️ What You Should Do

Update LangChain and LangGraph to the latest patched versions
Avoid loading untrusted templates or external data into AI workflows
Secure and rotate API keys and environment secrets regularly
Restrict database and file access permissions in your deployments

⚠️ Why This Matters
These flaws can expose sensitive internal data and AI interactions without obvious signs of compromise. In enterprise environments, this could lead to data leaks, credential theft, and deeper system access for attackers.

📚 Cyber Book

Don't Click That by Matthew F

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.26

CyberMaterial — Thu, 26 Mar 2026 14:03:03 GMT

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Coruna IOS Kit Reuses 2023 Exploit Code

The Coruna iOS exploit kit has been identified by researchers as an evolved version of the sophisticated Operation Triangulation framework used in 2023. While originally designed for precision espionage, the toolkit has been updated to support modern M3 chips and is now being deployed in broader, more indiscriminate attacks.

2. FBI Warns Of Russia, Iran Cyber Activity

The FBI and CISA have issued a warning regarding Russian and Iranian cyber operations that target high-profile individuals through popular messaging platforms like Signal. These campaigns use sophisticated phishing techniques to gain unauthorized access to thousands of accounts, allowing actors to bypass encryption by compromising the users themselves rather than the software.

3. WebRTC Skimmer Bypasses CSP Defenses

Researchers have identified a sophisticated payment skimmer that utilizes WebRTC data channels to deliver malicious payloads and exfiltrate sensitive information. By leveraging this peer-to-peer protocol, the malware successfully evades traditional security measures like Content Security Policies that are designed to block unauthorized HTTP traffic.

For more alerts click here!

💥 Cyber Incidents

4. New Horizons Breach Exposes Sensitive Data

New Horizons Behavioral Health in Columbus, Georgia, recently reported a data breach involving unauthorized access to its computer network in January 2026. The organization is currently identifying individuals whose personal and medical information was exposed and plans to provide credit monitoring services to those affected.

5. Ajax Breach Exposes 300K Fans’ Data

Ajax Amsterdam has confirmed a significant data breach resulting from a system vulnerability that allowed unauthorized access to sensitive information. While the club initially reported limited exposure, subsequent reports indicate that the personal data of approximately 300,000 fans may have been compromised.

6. Navia Breach Impacts HackerOne Data

A breach at third-party provider Navia Benefit Solutions has compromised the personal information of approximately 300 HackerOne employees. The incident underscores the persistent vulnerability cybersecurity firms face when their external partners fall victim to data theft.

For more incidents click here!

📢 Cyber News

7. State Dept Counters Iran Cyber, AI Threats

The State Department has established the Bureau of Emerging Threats to counter the weaponization of advanced technologies like artificial intelligence by adversaries such as Iran and China. This new entity is designed to protect national security by addressing modern dangers involving cyberattacks, outer space, and critical infrastructure.

8. Russia Arrests Alleged LeakBase Admin

Russian authorities have apprehended a resident of Taganrog suspected of managing LeakBase, a prominent marketplace for illicitly obtained personal information. The individual is accused of overseeing the platform’s operations since 2021, facilitating the exchange of stolen data among a massive global user base.

9. RedLine Malware Admin Extradited To US

Hambardzum Minasyan, an Armenian citizen, has been extradited to the United States to face charges for his alleged role in managing the infrastructure of the notorious RedLine infostealer. According to federal authorities, Minasyan was responsible for maintaining servers, processing cryptocurrency payments, and providing technical support for the malware-as-a-service operation.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks were mixed to weaker on Thursday, 26 March 2026, even as the broader U.S. market and tech benchmarks moved higher.

CrowdStrike closed at 385.86 dollars and declined, with high-multiple endpoint security stocks continuing to see selling even as the Nasdaq advanced.
Okta closed at 78.12 dollars and was higher, as identity security names saw selective buying after Tuesday’s pullback.
Zscaler closed at 139.44 dollars and was essentially flat to slightly higher, suggesting cloud security valuations stabilized after the sharp decline in the prior session.
Fortinet closed at 78.89 dollars and declined, as network security names continued to reflect cautious sentiment around enterprise software multiples.
Check Point Software Technologies closed at 142.41 dollars and declined, with its more defensive profile holding up better than some higher-growth peers but still finishing lower.

💡 Cyber Tip

🔐 FBI Warns of Russia & Iran Messaging Attacks

The FBI and CISA warn that Russian and Iranian hackers are targeting users on apps like Signal through phishing scams. These attacks trick people into sharing verification codes or linking devices, allowing attackers to access messages and impersonate victims.

🛠️ What You Should Do

Never share verification codes or login details with anyone
Avoid clicking links or responding to unexpected “support” messages
Regularly review and remove unknown linked devices from your accounts
Enable additional security features like PINs or app-level locks

⚠️ Why This Matters
These attacks bypass encryption by targeting users directly instead of the app itself. Once access is gained, attackers can read private messages and use trusted accounts to spread further attacks.

📚 Cyber Book

Gambling on AI by James Whittaker Screech

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.25

CyberMaterial — Wed, 25 Mar 2026 14:03:18 GMT

👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Hackers Use Fake Resumes to Breach

A phishing campaign named FAUX#ELEVATE is currently targeting French corporations by using malicious resume files to install data stealers and cryptocurrency miners. These attacks use sophisticated evasion techniques and legitimate cloud services to bypass security measures and quickly compromise enterprise workstations.

2. Ghost Campaign Uses npm to Steal Crypto

Cybersecurity researchers have identified a malicious campaign named Ghost that uses deceptive npm packages to steal cryptocurrency wallets and sensitive user data. These packages, often masquerading as legitimate developer tools or AI utilities, trick users into providing administrative passwords to execute a multi-stage infection process on macOS and Linux systems.

3. TeamPCP Backdoors LiteLLM via Trivy

TeamPCP, the group responsible for attacking Trivy and KICS, recently compromised the popular Python package litellm by releasing two malicious versions on PyPI. These tainted updates, versions 1.82.7 and 1.82.8, included a sophisticated toolkit designed to harvest credentials, move laterally through Kubernetes clusters, and establish a persistent backdoor.

For more alerts click here!

💥 Cyber Incidents

4. Dutch Finance Ministry Probes Breach

Dutch authorities are currently investigating a cyberattack on the Ministry of Finance after unauthorized access to several internal systems was discovered last week. While investigators work to determine the extent of the data exposure, primary government services like taxation and customs remain fully operational and unaffected.

5. Lapsus$ Claims AstraZeneca Hack

The cybercriminal group Lapsus$ has allegedly breached the pharmaceutical giant AstraZeneca, claiming to have exfiltrated roughly 3GB of internal data. This purported theft includes a variety of sensitive assets such as internal source code, employee records, and various system credentials.

6. Kaplan Breach Exposes 230K Records

Kaplan is currently managing a major data breach that exposed the personal records of more than 230,000 individuals across multiple states. The company discovered that hackers had access to their systems for three weeks in late 2025, stealing sensitive data including Social Security numbers and driver’s license information.

For more incidents click here!

📢 Cyber News

7. FCC Bans Foreign Routers Over Risks

The FCC has announced a ban on the importation of new foreign-made consumer routers, citing severe risks to national security and critical infrastructure. New models will be prohibited from the U.S. market unless they receive specific conditional approval from federal agencies after a rigorous safety determination.

8. Verdict Says Meta Harmed Children

A jury in New Mexico recently ruled that Meta Platforms is liable for failing to protect minors from online risks such as sexual exploitation and human trafficking. The court ordered Meta to pay 375 million dollars in civil penalties for misleading the public about safety and violating consumer protection laws.

9. Crypto Fugitive Seeks U.S. Pardon

A lobbying firm based in Washington, D.C., is reportedly seeking a presidential pardon for Andean Medjedovic, a Canadian man wanted for a multi-million dollar cryptocurrency exploit. Documents filed with the U.S. Department of Justice reveal that the firm intends to pressure government officials to clear the 23-year-old of federal charges.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Wednesday, 25th March 2026, declined broadly in the latest session as weakness across the broader technology sector weighed on high-growth software names.

Okta closed near ~83–85 dollars and declined, with identity security stocks tracking broader SaaS multiple compression.
Zscaler traded near ~178–182 dollars and was lower, reflecting continued pressure on premium cloud security valuations.
Fortinet closed at 79.34 dollars and declined, underperforming alongside broader market weakness and sector peers.
Check Point Software Technologies closed near ~162–164 dollars and was slightly lower, showing relatively defensive movement but still aligned with sector trends.
SentinelOne traded near ~13 dollars and declined, as unprofitable growth cybersecurity firms remained under pressure.

💡 Cyber Tip

📄 Fake Resumes Used to Hack Companies

Hackers are sending fake resume files in phishing emails to trick employees into opening malicious scripts. Once opened, the file silently disables security, steals data, and installs crypto miners, targeting corporate systems within seconds.

🛠️ What You Should Do

Do not open resume files or attachments from unknown or unverified senders
Verify job applications through official channels before downloading files
Block or restrict script files like .vbs from email attachments
Monitor systems for unusual security changes or disabled antivirus

⚠️ Why This Matters
These attacks combine social engineering with stealthy malware to quickly compromise enterprise systems. A single click can lead to data theft, financial loss, and long-term unauthorized access inside corporate networks.

📚 Cyber Book

Wired for Risk: The Rise of Online Gambling Addiction by Adam LeMoine

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.24

CyberMaterial — Tue, 24 Mar 2026 14:00:52 GMT

👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Teampcp Hacks Checkmarx via Stolen CI

Two GitHub Actions workflows maintained by Checkmarx have been compromised by a credential-stealing malware campaign orchestrated by the threat actor TeamPCP. This attack follows a similar breach of the Trivy vulnerability scanner and utilizes sophisticated exfiltration methods, including the use of typosquatted domains, to harvest a wide array of cloud and development secrets.

2. Citrix Warns of NetScaler Data Leak Flaw

Citrix has issued urgent security patches for two vulnerabilities in NetScaler ADC and NetScaler Gateway, including a critical flaw that allows unauthenticated attackers to steal sensitive data from device memory. Because these devices are frequent targets for enterprise breaches, administrators are advised to verify their configurations and update to the latest firmware versions immediately.

3. NK Hackers Use VS Code Auto-Run Malware

North Korean threat actors known as WaterPlum are using malicious Microsoft Visual Studio Code projects to distribute a malware family called StoatWaffle. These attacks leverage a specific configuration file to automatically execute malicious code and download payloads whenever a developer opens the infected project folder.

For more alerts click here!

💥 Cyber Incidents

4. Verizon Customer Data Allegedly for Sale

A major data breach has allegedly hit Russell Cellular, one of the largest Verizon authorized retailers, potentially exposing the personal records of over 6.3 million customers. A database weighing 61GB and containing sensitive details like names, account numbers, and employee credentials is reportedly being sold on a cybercrime forum for $1,200.

5. Heritage Bank Breach Exposes SSNs

Heritage Bank, a community institution established in 1927, recently reported a security breach involving an internal file share server that occurred on March 1, 2026. After identifying the unauthorized access the following day, the bank launched an investigation which confirmed that sensitive employee and customer information was copied during the incident.

6. Moorhead Parks Vendor Hit by Cyberattack

The City of Moorhead recently announced that its third-party Parks and Recreation registration vendor, Sportsman Software, was the target of a cyber attack. While the city’s own internal systems remained secure, an investigation is underway to determine if any personal customer or employee data was compromised during the breach.

For more incidents click here!

📢 Cyber News

7. Russian Hacker Sentenced for Ransomware

A 26-year-old Russian national has been sentenced to 81 months in federal prison for serving as an initial access broker for major cybercrime organizations, including the Yanluowang ransomware group. His activities facilitated dozens of network breaches across the United States, resulting in over 9 million dollars in actual financial damages and significantly higher intended losses.

8. Hacker Steals $24.5M from Resolv

The decentralized finance platform Resolv recently suffered a major security breach where a hacker used a compromised private key to illicitly mint $80 million in uncollateralized USR stablecoins. This exploit caused the stablecoin to collapse from its dollar peg to approximately 26 cents after the attacker traded the fake assets for roughly $24.5 million in Ethereum.

9. Space Force Adds Cyber Launch Defense

The U.S. Space Force has officially stationed specialized cybersecurity squadrons at its major launch facilities in Florida and California to defend against digital interference. These teams are tasked with real-time monitoring of launch infrastructure to ensure that adversaries cannot disrupt or halt missions through network attacks.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks traded with a cautiously positive tone on Tuesday, 24 March 2026, as broader technology markets showed signs of stabilization following recent volatility.

Palo Alto Networks closed near ~158–162 dollars and was slightly higher, as the stock continued to recover from prior post-earnings pressure tied to margin outlook adjustments.
CrowdStrike ended near ~415–418 dollars and was modestly higher, with endpoint security names benefiting from improving sentiment in high-growth software.
Okta closed near ~85–87 dollars and was slightly higher, as identity security stocks showed early signs of stabilization after recent declines.
Zscaler traded near ~185–190 dollars and was higher, reflecting renewed interest in zero trust and cloud-native security platforms.
Fortinet closed near ~84–86 dollars and was modestly higher, supported by steady demand for network security and SASE-driven solutions.

💡 Cyber Tip

💻 VS Code Projects Used to Spread Malware

North Korean hackers are hiding malware inside Visual Studio Code project files that automatically run when opened. This tactic uses a built-in configuration to execute malicious code silently, allowing attackers to steal data and gain remote access to a developer’s system.

🛠️ What You Should Do

Avoid opening code projects from untrusted or unknown sources
Review VS Code configuration files like tasks.json before running projects
Disable auto-run tasks or restrict execution of unknown scripts
Keep your system, VS Code, and security tools up to date

⚠️ Why This Matters
Developers often trust project files, making this attack especially dangerous. Once executed, the malware can steal credentials and give attackers full control, potentially compromising entire development environments or organizations.

📚 Cyber Book

Smart betting secret and scam expose by OG FSO

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.23

CyberMaterial — Mon, 23 Mar 2026 14:02:15 GMT

👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Microsoft Warns IRS Phish Hits 29K Users

Microsoft is cautioning users about a surge in tax-themed phishing campaigns designed to steal sensitive credentials and install malicious software. These attacks exploit the seasonal urgency of tax filing by impersonating the IRS and tax professionals to trick victims into clicking dangerous links or downloading remote access tools.

2. FBI Warns Of Signal, WhatsApp Phishing

Russian intelligence services are utilizing sophisticated phishing schemes to hijack WhatsApp and Signal accounts of high-profile targets like government officials and journalists. These operations bypass encryption by tricking users into providing verification codes or linking malicious devices, allowing attackers to read messages and impersonate victims.

3. Oracle Patches Critical Identity RCE

Oracle has issued urgent patches for a critical remote code execution vulnerability affecting its Identity Manager and Web Services Manager platforms. This security flaw, identified as CVE-2026-21992, has received a nearly perfect severity rating of 9.8 because it allows unauthenticated attackers to seize control of systems over the network.

For more alerts click here!

💥 Cyber Incidents

4. Trivy GitHub Action Breach Hits CI/CD.

Aqua Security’s open-source scanner Trivy was recently compromised for the second time in a month to distribute malware designed to steal sensitive CI/CD secrets. Attackers force-pushed malicious code to numerous version tags in official GitHub Actions repositories to exfiltrate credentials and establish persistence on developer machines.

5. ‘Researcher’ Hacks Gambling Regulator.

The Malta Gaming Authority recently discovered a digital security breach and launched an immediate response to contain the threat. Early evidence suggests the unauthorized access was gained by an individual who was likely impersonating a security researcher to deceive the agency.

6. Crunchyroll Breach Claims 100GB Leak.

The Sony-owned anime streaming service Crunchyroll has reportedly experienced a major data breach involving the theft of nearly 100GB of sensitive user information on March 12, 2026. While the company has yet to officially confirm the incident, the leak is believed to have originated from a malware infection on a third-party employee’s system at the outsourcing firm Telus.

For more incidents click here!

📢 Cyber News

7. Tycoon 2FA Still Active After Takedown

Tycoon 2FA remains a dominant phishing-as-a-service platform that effectively bypasses multi-factor authentication to compromise thousands of organizations globally. Despite a significant international law enforcement operation led by Europol and Microsoft to seize its infrastructure, the service has rapidly recovered to its previous activity levels.

8. 3 Men Charged In AI Smuggling Plot

Federal authorities have charged a senior vice president from Super Micro Computer and two associates with conspiring to smuggle over 2 billion dollars worth of high-performance servers to China. The indictment alleges the group bypassed U.S. export controls on advanced Nvidia AI chips by using falsified documents and a pass-through company to hide the true destination of the equipment.

9. Operation Alice Dismantles 373K Sites

Operation Alice successfully dismantled a massive dark web network consisting of over 373,000 fraudulent sites designed to lure and expose individuals seeking child sexual abuse material. This international law enforcement effort identified a primary operator in China and led to the seizure of over 100 servers used to facilitate this vast criminal infrastructure.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks began the week with a mixed but stabilizing tone as broader technology markets showed signs of consolidation after recent volatility.

Okta closed near ~84–86 dollars and was relatively flat, as identity security stocks continued consolidating after prior declines.
Fortinet closed near ~84–85 dollars and was modestly higher, supported by steady demand in network and SASE-driven security offerings.
Check Point Software Technologies closed near ~164–166 dollars and held steady, with its more defensive positioning continuing to provide stability.
SentinelOne traded near ~13–14 dollars and was slightly higher, showing tentative recovery within AI-driven endpoint security names.
CrowdStrike ended near ~412–415 dollars and was modestly higher, with endpoint security names benefiting from stabilization across high-growth software.

💡 Cyber Tip

🔐 FBI Warns of WhatsApp & Signal Phishing Attacks

Hackers are targeting WhatsApp and Signal users with phishing scams that trick people into sharing verification codes or linking rogue devices. These attacks don’t break encryption, but instead exploit trust to take over accounts, read messages, and impersonate victims.

🛠️ What You Should Do

Never share verification codes or PINs with anyone
Do not click on unexpected links or scan unknown QR codes
Regularly check and remove unknown linked devices in app settings
Be cautious of messages claiming to be from “support” or security teams

⚠️ Why This Matters
Once attackers gain access, they can monitor conversations and impersonate you to target others. This can lead to further phishing, data theft, and loss of trust across personal and professional networks.

📚 Cyber Book

The Parents Guide for Roblox by The Roblox Expert

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.20

CyberMaterial — Fri, 20 Mar 2026 14:03:05 GMT

👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Darksword Ios Kit Uses 3 Zero-Days

A new iOS exploit kit called DarkSword has been active since late 2025, used by various state-sponsored and commercial actors to steal data from iPhones. The kit targets devices running older versions of iOS 18 to exfiltrate credentials and cryptocurrency information through a sophisticated chain of six vulnerabilities.

2. Cisa Warns Of Zimbra, Cisco Zero-Day

CISA has issued an urgent directive for government agencies to patch actively exploited vulnerabilities in Synacor Zimbra Collaboration Suite and Microsoft Office SharePoint. These security flaws are being weaponized by sophisticated threat actors to execute remote code and steal sensitive data from federal networks.

3. Speagle Malware Hijacks Cobra Docguard

Speagle malware has compromised the servers of Cobra DocGuard to distribute malicious payloads and hijack legitimate software updates. This sophisticated attack allows threat actors to bypass security protocols and exfiltrate sensitive data from targeted corporate networks.

For more alerts click here!

💥 Cyber Incidents

4. Breathalyzer Firm Breach Stops Cars

A major cybersecurity attack on the breathalyzer company Intoxalock has left thousands of drivers with previous DWI convictions unable to operate their vehicles. The security breach began on Saturday, preventing necessary system calibrations and leaving customers with little information or means of transportation.

5. Nordstrom Email Abuse Sends Crypto Scams

Nordstrom customers were recently targeted by a sophisticated phishing campaign that sent fraudulent cryptocurrency offers directly from an official company email address. The messages exploited the Nordstrom brand and a St. Patrick’s Day theme to trick recipients into sending digital currency to a scammer’s wallet under the guise of a promotional giveaway.

6. Police Warn Of Phishing After City Loss

Police Chief Shane Washburn is warning the public to remain vigilant after a scammer impersonating a construction firm nearly defrauded the city of Arab out of over four hundred thousand dollars.

For more incidents click here!

📢 Cyber News

7. US Takes Down Botnets In Cyberattack

The US Justice Department successfully dismantled four major botnets—Aisuru, Kimwolf, JackSkid, and Mossad—which had compromised over 3 million devices worldwide. These networks of hijacked home computers were responsible for launching some of the largest recorded distributed denial-of-service attacks before being wiped from the internet by federal law enforcement.

8. Musician Admits To $10M Streaming Fraud

Michael Smith, a musician from North Carolina, has pleaded guilty to orchestrating a massive fraud scheme that used artificial intelligence and bot accounts to steal over $10 million in streaming royalties. Between 2017 and 2024, Smith manipulated platforms like Spotify and Amazon Music by streaming hundreds of thousands of AI-generated tracks billions of times to illicitly collect payouts.

9. Justice Dept Seizes Iran Hacker Domains

The Justice Department recently seized several domains used by Iranian intelligence to conduct cyberattacks against a U.S. medical technology firm and to harass dissidents. These platforms served as hubs for leaking sensitive data and issuing death threats to journalists and individuals critical of the Iranian government.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks closed the week under continued pressure as broader technology markets remained volatile, with investors still recalibrating valuations across high-growth software.

Zscaler traded near ~175–180 dollars and was lower, reflecting ongoing valuation pressure on premium cloud security platforms.
Fortinet closed near ~83–84 dollars and was slightly lower, tracking broader weakness in network security and enterprise IT spending sentiment.
Check Point Software Technologies closed near ~163–165 dollars and held relatively stable, supported by its more defensive positioning within the sector.
SentinelOne traded near ~13–14 dollars and was lower, as unprofitable growth cybersecurity firms remained under pressure.
Rapid7 traded near ~46–48 dollars and declined, with mid-cap cybersecurity names continuing to follow broader software sector weakness.

💡 Cyber Tip

🚨 CISA Warns of Actively Exploited Zero-Day Flaws

CISA has alerted organizations about critical vulnerabilities in Zimbra and Microsoft SharePoint that are actively being exploited. Attackers are using these flaws to run malicious code and steal sensitive data, often through stealthy, browser-based attacks that require no downloads.

🛠️ What You Should Do

Apply the latest security patches for Zimbra, SharePoint, and affected systems immediately
Monitor email activity and web sessions for unusual behavior
Train users to be cautious of unexpected emails, even without links or attachments
Implement network monitoring to detect data exfiltration over DNS or HTTPS

⚠️ Why This Matters
These attacks show a shift toward fileless techniques that are harder to detect with traditional security tools. If left unpatched, attackers can gain access to credentials, emails, and internal systems without triggering obvious alerts.

📚 Cyber Book

Surviving a Cyberattack: Securing Social Media and Protecting Your Home by Todd Shipley and Bowker Art

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.19

CyberMaterial — Thu, 19 Mar 2026 14:02:52 GMT

👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Rondodox Botnet Targets 174 Flaws Daily

The RondoDox botnet has significantly intensified its operations, executing up to 15,000 daily exploit attempts against a library of 174 distinct vulnerabilities. Recent analysis shows the campaign has shifted toward a more strategic approach, targeting a wide range of devices from consumer routers to enterprise servers.

2. Apple Urges iPhone Update After Hacks

Apple is urging iPhone users to update their software following discoveries that hackers from Russia and China are using exploit kits called DarkSword and Coruna to hijack devices running older iOS versions. These tools allow for deep remote access to a phone’s private data, including messages, passwords, and location history, though Apple confirms that keeping software up to date prevents these specific attacks.

3. TelnetD Flaw Allows Unauth Root RCE

Security researchers have identified a critical vulnerability in the GNU InetUtils telnet daemon that allows remote, unauthenticated attackers to gain full administrative control over a system. By sending a malicious handshake message during the initial connection process, an attacker can trigger a memory corruption flaw to execute arbitrary code as the root user.

For more alerts click here!

💥 Cyber Incidents

4. Aura Data Breach Exposes 900K Contacts

Aura, a provider of digital safety services, recently confirmed a data breach affecting nearly 900,000 records after an employee fell victim to a voice phishing attack. While the total number of records is high, the company specified that the breach impacted the sensitive data of approximately 20,000 current and 15,000 former customers.

5. Hackers Claim China Supercomputing Breach

A suspected cyberattack on China’s National Supercomputing Center in Tianjin has reportedly compromised 10 petabytes of sensitive data involving aerospace, defense, and nuclear research. An individual known as Flaming China is allegedly auctioning this massive dataset on hacker forums for Monero cryptocurrency, threatening the security of over 1,600 critical Chinese institutions.

6. Crime Stoppers Hack Exposes 8.3M Tips

Modern digital tip platforms have replaced traditional methods like dead drops, but a massive leak from P3 Global Intel proves that digital anonymity remains a fragile illusion. The breach of 8.3 million records from the Texas-based provider exposed nearly four decades of sensitive data, compromising the identities of individuals reporting on everything from cartel activity to school safety.

For more incidents click here!

📢 Cyber News

7. EU Sanctions Chinese And Iranian Firms

The Council of the European Union has imposed sanctions on three companies and two individuals from China and Iran for their roles in orchestrating cyberattacks against critical infrastructure and digital devices. These measures target entities responsible for large-scale hacking operations, data theft, and influence campaigns that have compromised the security of several member states.

8. Microsoft Stops Copilot App Install

Microsoft has paused the automatic deployment of its Copilot app for Windows users who have the Microsoft 365 desktop suite installed. While the rollout was originally intended to simplify access to AI tools, the company has temporarily halted the process without providing a specific reason for the change.

9. Russia Uses Vienna As Spy Hub

Russia has transformed Vienna into its primary intelligence hub in the West by utilizing diplomatic compounds and satellite technology to intercept sensitive global communications. These surveillance operations target NATO and military networks across Europe, the Middle East, and Africa, reviving a massive signals intelligence infrastructure reminiscent of the Cold War.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks showed a mixed to slightly stabilizing trend on Thursday, 19 March 2026, as broader technology markets attempted to find direction following recent volatility.

Fortinet closed near ~83–84 dollars and was slightly lower, tracking cautious sentiment around enterprise and network security spending.
Check Point Software Technologies closed near ~163–165 dollars and held steady, with its more defensive positioning continuing to provide stability.
SentinelOne traded near ~13–14 dollars and was slightly higher, showing mild recovery within AI-driven endpoint security names.
Rapid7 traded near ~47–48 dollars and was mixed, with mid-cap cybersecurity names reflecting broader software sector indecision.
CyberArk Software traded near ~405–410 dollars and was relatively stable, supported by steady demand in identity and privileged access security.

💡 Cyber Tip

🔐 Apple Warns iPhone Users to Update Now

Apple is urging users to update their iPhones after researchers found exploit kits like DarkSword and Coruna targeting outdated iOS versions. These tools can access sensitive data such as messages, passwords, and location history, but only work on devices that have not been updated.

🧰 What You Should Do

Update your iPhone to the latest iOS version immediately
Enable automatic updates to stay protected against new threats
Avoid using devices that no longer receive security updates
Be cautious of unusual device behavior or unknown apps

⚡ Why This Matters
Outdated devices are a prime target for advanced surveillance tools. Without updates, attackers can bypass protections and gain deep access to personal data, making regular updates essential for security.

📚 Cyber Book

Securing Your Digital Social Life by Joseph R. Dyer

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.18

CyberMaterial — Wed, 18 Mar 2026 14:03:06 GMT

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Ubuntu CVE-2026-3888 Root Exploit

A high-severity vulnerability in default Ubuntu Desktop installations starting from version 24.04 allows local users to gain full root access by exploiting a flaw in how system components interact. By manipulating the timing of temporary file cleanup processes, an attacker can bypass security sandboxes to execute malicious code with administrative privileges.

2. Apple Fixes WebKit Security Flaw

Apple has launched its initial set of Background Security Improvements to resolve a critical cross-origin vulnerability within the WebKit engine across its major operating systems. These lightweight patches specifically target a flaw discovered by researcher Thomas Espach that could allow malicious web content to bypass standard security boundaries.

3. LeakNet Ransomware Uses ClickFix Tactic

The ransomware group LeakNet is now using the ClickFix social engineering technique to gain initial access by tricking users on compromised websites into executing malicious commands. This shift toward self-managed access methods reduces their reliance on external brokers and uses a JavaScript-based loader to run payloads directly in memory.

For more alerts click here!

Click Here to RSVP

💥 Cyber Incidents

4. Intuitive Reports Data Breach

Intuitive, a leader in robotic surgical systems, recently experienced a data breach after a targeted phishing attack compromised an employee account. While internal business and employee data were accessed, the company confirmed that its surgical platforms and hospital networks remained secure and unaffected due to strict network segmentation.

5. China-Linked Group Steals $7M Crypto

A Chinese hacker group operating under the guise of a legitimate cybersecurity firm allegedly stole 7 million dollars through wallet supply chain attacks targeting platforms like Trust Wallet. The operation was exposed after an internal dispute over profit sharing prompted a whistleblower to leak details of the group’s illicit activities and technical methods.

6. Medusa Ransomware Claims New Victims

A notorious cybercriminal organization has claimed responsibility for major ransomware attacks targeting the primary medical center in Mississippi and a high-population county in New Jersey. These incidents forced critical infrastructure to go offline, disrupting essential healthcare services and government operations while the attackers demanded substantial ransom payments.

For more incidents click here!

📢 Cyber News

7. Apple Releases Security Update.

Apple has launched a new Background Security Improvements update to resolve a WebKit vulnerability known as CVE-2026-20643 across iPhone, iPad, and Mac devices. This delivery method allows the company to patch critical flaws in system libraries and browser components without requiring users to perform a full operating system upgrade or restart.

8. Feds Charge DigitalMint Negotiator

Angelo John Martino III, a 41-year-old former negotiator at DigitalMint, faces federal charges for allegedly orchestrating at least 10 ransomware attacks that netted $75.25 million in payments. Prosecutors claim he played both sides by negotiating on behalf of victims he had personally targeted through his secret affiliation with the ALPHV ransomware group.

9. Convicted Scammer Runs New Scam From Prison

A 34-year-old Georgia man allegedly defrauded professional athletes and an OnlyFans model by impersonating an adult film star to steal financial data and engage in sex trafficking. Kwamaine Jerell Ford is accused of running this extensive social-engineering scheme for nearly four years, beginning while he was still serving a federal prison sentence for a similar phishing scam.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks traded with a cautious tone on Wednesday, 18 March 2026, as broader technology markets remained volatile following recent earnings reactions and valuation resets.

CrowdStrike ended near ~408–412 dollars and was lower, as high-growth endpoint security names continued to see mild profit-taking.
Okta closed at 84.91 dollars and declined, with identity security stocks remaining sensitive to broader SaaS multiple compression.
Zscaler traded near ~180–185 dollars and was lower, reflecting continued pressure on premium cloud security valuations during tech rotation.
Fortinet closed at 84.26 dollars and declined, tracking broader weakness across network security and enterprise IT spending sentiment.
Check Point Software Technologies closed at 164.47 dollars and declined, showing relatively defensive but still negative movement in line with sector trends.

💡 Cyber Tip

🚨 Ransomware Uses Fake “Fix” Trick to Hack Users

The LeakNet ransomware group is using a ClickFix tactic that tricks users into running malicious commands through fake error messages or CAPTCHA prompts on compromised websites. By making the action look like a normal system fix, attackers can gain access without exploiting software vulnerabilities.

🛠️ What You Should Do

Never run commands from pop-ups, websites, or unknown instructions
Close suspicious pages that ask you to “fix” errors manually
Train users to recognize social engineering tactics like fake CAPTCHA or alerts
Use endpoint protection that detects unusual command execution

⚠️ Why This Matters
This tactic bypasses traditional security by targeting human behavior instead of software flaws. Once access is gained, attackers can move through systems and deploy ransomware, leading to data loss and operational disruption.

📚 Cyber Book

Digital Security for Celebrities by Martín Obiols Herrera

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.17

CyberMaterial — Tue, 17 Mar 2026 13:59:16 GMT

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Konni Spreads EndRAT via Phishing

North Korean threat actors known as Konni are currently using spear-phishing emails to gain unauthorized access to desktop KakaoTalk applications. Once inside a system, they steal sensitive documents and leverage the victim’s trusted messaging account to distribute malware to specific contacts.

2. CISA Warns of Exploited Wing FTP Flaw

CISA has officially added a medium-severity information disclosure flaw in Wing FTP Server to its list of actively exploited vulnerabilities. This bug, identified as CVE-2025-47813, allows attackers to discover the local installation path of the software, which can subsequently be used to facilitate more destructive attacks.

3. ClickFix Spreads MacSync macOS Stealer

Recent ClickFix campaigns are using social engineering to trick macOS users into executing terminal commands that install an information stealer known as MacSync. By leveraging trusted platforms like ChatGPT and GitHub as bait, attackers bypass traditional security exploits by convincing victims to manually run malicious scripts that exfiltrate sensitive data.

For more alerts click here!

Click Here to RSVP

💥 Cyber Incidents

4. Telus Digital Suffers Major Data Breach

Telus Digital is currently investigating a significant cyberattack carried out by the extortion group ShinyHunters, which claims to have exfiltrated nearly one petabyte of data from the company and its clients. While the business process outsourcing provider has confirmed unauthorized access to its systems, it maintains that all operations remain functional and that there is no current evidence of service disruption.

5. England Hockey Investigates Ransomware Data Attack Incident

England Hockey is treating a potential data breach as a matter of urgent importance following claims by a ransomware group that it has compromised the organization’s systems. The cybercriminal collective known as AiLock reportedly managed to exfiltrate 129GB of data and has added the national governing body to its public list of victims.

6. UK Companies House Data Flaw Exposed

Companies House has restored its WebFiling service following a temporary shutdown to address a security vulnerability that had been active since October 2025. The flaw, which was reported by Dan Neidle of Tax Policy Associates after an initial discovery by John Hewitt, allowed unauthorized access to the private dashboards and sensitive data of five million registered UK companies.

For more incidents click here!

📢 Cyber News

7. Microsoft Fixes RRAS RCE in Windows

Microsoft has launched an emergency hotpatch to address critical security flaws in Windows 11 Enterprise systems that utilize specialized update paths. This specific update, KB5084597, eliminates remote code execution risks within the Routing and Remote Access Service management tool for devices that cannot easily undergo a standard reboot.

8. FBI Seeks Victims of Malicious Steam Games

The FBI is seeking information from gamers who downloaded eight specific Steam titles containing malware between May 2024 and January 2026. This investigation focuses on identifying victims of cryptocurrency theft and account hijacking linked to games such as BlockBlasters, Chemia, and Tokenova.

9.Tech, Retail Unite Against Global Scams

Eleven major tech and retail giants like Google, Amazon, and OpenAI have committed to a new pact to exchange data on how fraudsters exploit their platforms. This collaborative effort, first reported by Axios, aims to create a unified front against increasingly sophisticated digital scams.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Tuesday, 17 March 2026 traded with a slightly negative bias as broader technology markets remained under pressure from valuation resets and continued rotation within high-growth software.

Palo Alto Networks closed at 167.45 dollars and was lower, as the stock continued to reflect post-earnings positioning and margin-related concerns tied to platform strategy.
CrowdStrike ended near 411.54 dollars and was lower, with high-growth endpoint security names seeing mild profit-taking amid broader SaaS weakness.
Okta closed at 84.91 dollars and declined, as identity security equities remained sensitive to ongoing multiple compression across software.
Zscaler traded near ~183–185 dollars and was lower, with premium cloud security valuations facing pressure during continued tech rotation.
Fortinet closed at 84.26 dollars and was modestly lower, tracking softer sentiment in network security and enterprise spending outlooks.

💡 Cyber Tip

🚨 Don’t Run Copy-Paste Terminal Commands from Unverified Sources

ClickFix campaigns are tricking macOS users into manually running malicious terminal commands that install the MacSync information-stealing malware. By disguising instructions as legitimate AI tool setups or trusted platforms like GitHub, attackers steal credentials, passwords, and cryptocurrency wallet data.

What to Do:

Never copy and paste terminal commands from pop-ups, ads, or unsolicited websites.
Only install software directly from official vendor websites or the Mac App Store.
Be cautious of instructions that require disabling security settings or entering your system password.
Verify links carefully, especially when they reference popular tools like AI platforms or developer services.
Use up-to-date security software and enable multi-factor authentication (MFA) wherever possible.
If unsure, consult your IT team or a trusted security source before running any command.

🔐Why It Matters:
Because this attack relies on social engineering rather than technical exploits, traditional security tools may not stop it if users execute the commands themselves. Once installed, MacSync can steal sensitive data like system credentials and crypto wallet information, putting both personal and professional accounts at serious risk.

📚 Cyber Book

Declutter & Defend by Alessio rocchI

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.16

CyberMaterial — Mon, 16 Mar 2026 13:59:13 GMT

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. GlassWorm Supply Chain Targets VSX Devs

Cybersecurity researchers have uncovered a sophisticated evolution of the GlassWorm malware campaign that exploits the Open VSX registry by using legitimate extension dependencies to deliver malicious payloads. By mimicking popular developer tools and using AI-generated commits to appear authentic, the attackers have successfully compromised numerous extensions and over 150 GitHub repositories to steal credentials and cryptocurrency.

2. Hive0163 Uses AI Malware For Ransomware

Experts have identified Slopoly, a suspected AI-generated malware framework utilized by a financially motivated threat actor known as Hive0163 to maintain persistence in compromised networks. While the script lacks true polymorphic capabilities, its structured design highlights how attackers are leveraging large language models to rapidly develop functional malicious tools for data exfiltration and extortion.

3. Google Fixes Two Chrome Zero-Day Flaws

Google has released emergency security updates for Chrome to patch two high-severity vulnerabilities that are currently being exploited by attackers. These flaws, found in the Skia graphics library and the V8 engine, require users to update their browsers immediately to version 146.0.7680.75 or higher.

For more alerts click here!

💥 Cyber Incidents

4.McKinsey Fixes AI System After Hack

McKinsey & Company recently corrected a critical security vulnerability in its internal AI platform, Lilli, after a security firm demonstrated it could access millions of employee messages and internal configurations within two hours. While researchers claimed they gained full access to the firm’s intellectual crown jewels, McKinsey maintains that the actual sensitive files remained secure despite the visibility of their names.

5. Payload Ransomware Claims Hospital Hack

The Royal Bahrain Hospital has reportedly been targeted by the Payload ransomware group, which claims to have exfiltrated 110 GB of sensitive information. The attackers have posted proof of the breach on their leak site and set a payment deadline of March 23 to prevent the public release of the stolen data.

6. Poland Nuclear Research Centre Hit

Poland’s National Centre for Nuclear Research successfully blocked a cyberattack on its IT infrastructure before any damage occurred. While investigators have noted potential links to Iran, they remain cautious of false flags, and the Maria research reactor continues to operate safely at full power.

For more incidents click here!

📢 Cyber News

7. Meta Ends Instagram Encrypted Chat

Meta will remove the option for end-to-end encrypted chats on Instagram starting May 8, 2026, due to low user adoption. The company is directing individuals who prioritize this level of privacy to use WhatsApp for their encrypted communications instead.

8. Android 17 Restricts Accessibility API

Google is introducing a security update for Android Advanced Protection Mode that restricts non-essential applications from accessing the accessibility services API. This change, appearing in the latest Android 17 Beta, builds on the specialized security state first launched with Android 16 to protect users from high-level cyber threats.

9. Interpol Disrupts Global Cybercrime

INTERPOL recently concluded a massive international crackdown known as Operation Synergia III, resulting in the dismantling of 45,000 malicious servers and the arrest of 94 individuals across 72 countries. This coordinated effort targeted a wide range of cyber threats, including ransomware, phishing, and social engineering schemes that victimized people globally.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Monday, 16 March 2026 traded with continuing sensitivity to broader technology rotation and competitive AI narratives, even as structural demand for cloud, identity, and zero-trust security solutions remains strong.

Zscaler ended near 153.81 dollars and was higher, as cloud zero-trust security names held relative resilience.
Fortinet closed at 83.48 dollars and was modestly higher, with network and converged security demand helping support the stock.
Check Point Software Technologies closed near ~150-155 dollars and held steady to modestly up, with defensive firewall and threat prevention technologies providing stability.
SentinelOne traded near ~13 dollars and was slightly lower, with AI-driven endpoint security equities sensitive to competitive pressures.
Rapid7 was near ~6-7 dollars and traded modestly lower, with vulnerability management and SIEM names tracking broader mid-cap tech flows.

💡 Cyber Tip

🚨 Beware of Fake VPN Downloads in Search Results

Cybercriminals linked to Storm-2561 are manipulating search engine results to push fake VPN software that secretly steals login credentials. Victims searching for legitimate enterprise VPN clients may unknowingly download trojanized installers that harvest sensitive access information.

What to Do:

Only download VPN or enterprise software directly from the vendor’s official website.
Avoid clicking sponsored or top search results without verifying the domain.
Check the website URL carefully for misspellings or look-alike domains.
Use endpoint security tools that can detect malicious or trojanized installers.
Enable multi-factor authentication (MFA) for VPN and corporate accounts.

🔐Why It Matters:
Stolen VPN credentials can allow attackers to bypass security defenses and gain direct access to corporate networks. Once inside, they may deploy additional malware, steal sensitive data, or launch ransomware attacks.

📚 Cyber Book

Your Digital Privacy Playbook by Gabe Herrera

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.13

CyberMaterial — Fri, 13 Mar 2026 14:03:17 GMT

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Critical SQLi Bug Hits Ally Plugin Sites

A critical security vulnerability identified as CVE-2026-2413 has been discovered in the Ally WordPress plugin, potentially exposing over 400,000 websites to data theft. This unauthenticated SQL injection flaw allows attackers to bypass security measures and extract sensitive information, such as password hashes, directly from a site’s database.

2. Hive0163 Uses AI Malware For Ransomware

3. Google Fixes Two Chrome Zero-Day Flaws

For more alerts click here!

💥 Cyber Incidents

4. Starbucks Reports Employee Data Breach

Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts.

5. Stryker Hit By Iran-Linked Wiper Attack

Stryker, a major medical technology firm, has experienced a massive global system failure following a wiper malware attack. The disruption was claimed by Handala, a hacktivist group with reported Iranian ties, which asserts it destroyed thousands of systems after exfiltrating 50 terabytes of data.

6. Viking Line Hit By Cyberattack Crisis

Viking Line Senior Vice President Johanna Boijer-Svahnström confirmed that the company fell victim to a widespread DDoS attack targeting major European shipping firms on Thursday. The assault caused significant website outages, and the company’s IT department is currently working to restore services.

For more incidents click here!

📢 Cyber News

7. Socksescort Botnet Disrupted By Authorities

An international legal operation has successfully shut down SocksEscort, a criminal proxy service that hijacked hundreds of thousands of residential routers to facilitate global fraud. By infecting devices with malware, the service sold access to compromised IP addresses, allowing cybercriminals to hide their identities and steal millions of dollars from victims.

8. Google Paid $17.1M For Bugs In 2025.

Google distributed a record-breaking $17 million to 747 security researchers through its Vulnerability Reward Program in 2025. This significant investment highlights the company’s commitment to collaborating with the global research community to identify and resolve software flaws across its diverse platforms.

9. Teen Group Busted For DDoS Tool Sales

Police recently apprehended six minors across Poland for orchestrating large-scale cyberattacks against various commercial and service-oriented websites to generate illicit profit. These individuals collaborated to manage and deploy infrastructure for DDoS attacks, leading authorities to refer their cases to family courts for legal resolution.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Friday, 13 March 2026 trended lower with broad technology selling pressure, driven in part by market reactions to new AI-driven security tooling that spooked parts of the sector.

CrowdStrike Holdings finished around 411.54 dollars and moved lower, reflecting profit-taking in cloud-native endpoint and identity protection stocks.
Okta closed at 84.91 dollars and declined, with identity and access management names tracking broader sector weakness.
Zscaler ended near 153.81 dollars and was modestly lower, as zero-trust cloud security equities followed broader tech pressure.
Fortinet closed at 84.26 dollars and edged down, with network security demand steady but share performance tied to broader risk-off flows.
Check Point Software Technologies finished around 164.47 dollars and declined, with defensive firewall and threat prevention stocks lagging in the session.

💡 Cyber Tip

🚨 Critical SQLi Bug in WordPress Plugin

A serious vulnerability (CVE-2026-2413) in the Ally WordPress plugin could allow attackers to steal sensitive data from more than 400,000 websites. The flaw lets attackers inject malicious database queries without logging in, potentially exposing information such as password hashes and other stored data. The issue has been fixed in version 4.1.0.

🛠️ What You Should Do

Update the Ally (One Click Accessibility) plugin to version 4.1.0 or later immediately
Monitor your website logs for unusual database activity
Enable strong passwords and multi-factor authentication for admin accounts

⚠️ Why This Matters
SQL injection vulnerabilities allow attackers to interact directly with a website’s database. If exploited, they can expose sensitive information, compromise accounts, or give attackers deeper access to the system. Prompt updates help close the attack path before it can be abused.

📚 Cyber Book

Unsearchable by William Crawford

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.12

CyberMaterial — Thu, 12 Mar 2026 14:02:54 GMT

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. FKadNap Bot Hijacks 14K+ Devices

The KadNap malware has compromised over 14,000 edge devices, primarily ASUS routers, to create a stealthy proxy botnet for routing malicious traffic. By utilizing a peer-to-peer system based on the Kademlia protocol, the botnet masks its command infrastructure and sells access to its hijacked network through a service called Doppelganger.

2. Attackers Exploit FortiGate Devices

Cybercriminals are actively compromising FortiGate devices to infiltrate corporate networks and harvest sensitive configuration data, including service account credentials and architectural details. Researchers have observed these attacks targeting critical sectors like healthcare and government, often using the gained access to move laterally through the internal environment before being detected.

3. Apple Patches Coruna WebKit Exploit

Apple has recently extended security patches for a critical WebKit vulnerability to older device models after discovering the flaw was exploited by the Coruna exploit kit. These updates ensure that users unable to run the latest operating systems are protected against memory corruption risks triggered by malicious web content.

For more alerts click here!

💥 Cyber Incidents

4. Iran-Linked Hackers Hit Albania Parliament

Albania’s parliament recently reported a sophisticated cyberattack intended to wipe data and disable internal systems, though the official website remained functional. The hack, which disrupted email and computer access for lawmakers, was claimed by the group Homeland Justice in retaliation for Albania hosting members of an Iranian opposition movement.

5. Hackers Hijack Bonk.fun Domain

The Bonk.fun platform has warned users to stay away from its website following a security breach where hackers took control of a team account to deploy a phishing scam. The incident involved a malicious wallet-draining prompt that appeared on the site after the domain was compromised.

6. 235K Affected In Wisconsin Ambulance Hack

Wisconsin’s largest ambulance provider, Bell Ambulance, recently confirmed that a 2024 cyberattack by the Medusa ransomware gang compromised the sensitive data of over 235,000 individuals. The stolen information included highly private details such as Social Security numbers, medical records, and financial accounts, leading the FBI to issue warnings about the hacking group’s aggressive tactics against critical infrastructure.

For more incidents click here!

📢 Cyber News

7. US Charges BlackCat Ransomware Negotiator

The U.S. Department of Justice has charged Angelo Martino, a former DigitalMint employee, for his role in a scheme where ransomware negotiators secretly collaborated with the BlackCat cybercrime group. Working alongside other industry insiders, Martino allegedly leaked confidential negotiation details to attackers and shared ransom payments with the gang’s administrators.

8. WhatsApp Launches Parent-Managed Accounts

WhatsApp is introducing specialized accounts for pre-teens that allow parents to oversee contact lists and group memberships. While parents manage the security settings and connections, the platform maintains privacy by ensuring that messages and calls remain end-to-end encrypted and inaccessible to anyone else.

9. Meta Adds New Anti-Scam Tools

Meta is rolling out enhanced security measures across its social media and messaging platforms to preemptively block fraudulent activities. These updates focus on identifying suspicious behavioral patterns to warn users before they interact with potential scammers or compromise their account access.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Thursday, 12 March 2026 traded with continued sensitivity to broader technology rotation and AI-driven competitive narratives.

Okta closed near around 78 dollars and was softer, with identity and access management names influenced by broader tech flows.
Zscaler ended near about 153 dollars and was modestly lower, reflecting cloud zero-trust security stocks tracking sector volatility.
Fortinet closed around approximately 84 dollars and was modestly lower, with network security demand steady but price action affected by broader tech rotation.
Check Point Software Technologies finished near around 150-155 dollars and was modestly softer, with defensive firewall demand balanced against sector headwinds.
SentinelOne closed at around 13 dollars and was slightly lower, reflecting pressure on smaller AI-focused endpoint names.

💡 Cyber Tip

🌐 Apple Patches WebKit Exploit Targeting Older iPhones

Apple has released new security updates for older iPhones, iPads, and Macs after a WebKit vulnerability was actively exploited through the Coruna exploit kit. The flaw could allow attackers to trigger memory corruption simply by getting a victim to open a malicious web page. Apple has now extended fixes to older systems such as iOS 15.8.7 and 16.7.15 to protect legacy devices.

🛠️ What You Should Do

Install the latest available software update for your device immediately
Enable automatic updates so security patches are applied quickly
Avoid visiting unknown or suspicious websites on older devices
Use reputable mobile security tools or safe browsing features
Consider upgrading devices that no longer receive security updates

⚠️ Why This Matters
Many people continue using older Apple devices that do not run the newest operating systems. When vulnerabilities like this remain unpatched, attackers can exploit them through malicious websites to gain unauthorized access or execute harmful code. Regular updates significantly reduce that risk.

📚 Cyber Book

Protecting Your Digital Footprint by Isaac Hungbeme

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.11

CyberMaterial — Wed, 11 Mar 2026 14:02:45 GMT

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. FBI Warns Of Zoning Permit Applicant Scams

The FBI is alerting the public to a phishing scheme where scammers impersonate local government officials to target people seeking planning and zoning permits. By using public records to reference specific permit details, these criminals trick victims into sending fraudulent payments via wire transfers or cryptocurrency.

2. Teams Phishing Spreads A0Backdoor Malware

Cybercriminals are targeting financial and healthcare workers via Microsoft Teams by posing as IT support to gain remote access through Quick Assist and install a new malware dubbed A0Backdoor. This social engineering tactic begins with an intentional spam flood to the victim’s inbox, providing a false pretext for the attacker to reach out and offer “help” with the issue.

3. Microsoft Fixes 84 Flaws In March Update

Microsoft has addressed 84 security vulnerabilities in its March 2026 update, including two flaws that were already public knowledge before the release. The patches cover a wide range of issues, with a significant majority focused on preventing unauthorized privilege escalation across various Windows components.

For more alerts click here!

💥 Cyber Incidents

4. Insightin Health Reports New Data Breach

Insightin Health recently notified the California Attorney General of a data breach occurring in September 2025 that stemmed from a vulnerability in the GoAnywhere file-transfer tool. Although the company confirmed that member names and insurance details were accessed, they have not addressed reports that the Medusa ransomware gang claimed responsibility for stealing 378 GB of data.

5. ELECQ EV Charger Firm Hit By Ransomware

Smart EV charger manufacturer ELECQ recently informed customers of a ransomware attack that resulted in the theft of personal account information from its cloud infrastructure. Although the company confirmed that payment data and physical charging devices were not affected, hackers managed to encrypt and copy databases containing names, contact details, and home addresses.

6. Hebrew Language Academy Website Hacked

The Academy of the Hebrew Language has had its official websites disabled by hackers who replaced the content with a message suggesting the language will soon be obsolete. The digital attack features Palestinian resistance imagery and occurs against the backdrop of heightened regional conflict between Israel and Iran.

For more incidents click here!

📢 Cyber News

7. HHS Settles MMG Fusion HIPAA Case

The U.S. Department of Health and Human Services reached a settlement with MMG Fusion following an investigation into a massive data breach that exposed the private information of millions of patients. The software company agreed to pay a fine and implement a three-year corrective action plan to address systemic failures in its security and breach notification protocols.

8. Foreign Hacker Breached Epstein FBI Files

A foreign hacker accessed files concerning the FBI investigation into Jeffrey Epstein during a 2021 breach of the bureau’s New York Field Office. Newly released documents and internal sources confirmed the intrusion, which targeted sensitive data involving the late financier’s high-profile global connections.

9. Salt Typhoon Hits Global Telecom Giants

Salt Typhoon has executed a massive cyberespionage campaign against global telecommunications giants to steal millions of phone records belonging to high-ranking government officials. Attributed to China, this group targets critical infrastructure to gather intelligence and monitor sensitive communications, prompting significant national security concerns.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Wednesday, 11 March 2026 traded with continued mixed momentum as broader tech rotation persisted.

Check Point Software Technologies finished near 156.82 dollars and was slightly lower, with defensive firewall and threat prevention demand providing relative resilience.
SentinelOne closed at approximately 13.48 dollars and was modestly higher, as smaller AI-enabled endpoint protection names saw selective buying.
Rapid7 finished around 6.51 dollars and was modestly lower, reflecting mid-cap vulnerability management and SIEM exposures tracking broader tech trends.
CyberArk Software closed near 412.30 dollars and was modestly higher, supported by privileged access management demand within identity security frameworks.
Tenable Holdings finished around 20.98 dollars and was slightly higher, as exposure management and risk posture solutions continued to attract steady interest.

💡 Cyber Tip

🏛️ FBI Warns of Zoning Permit Applicant Scams

The FBI is warning about phishing scams where attackers impersonate local government officials to target people applying for zoning or planning permits. Using public records, scammers include real project details in emails and send fake invoices demanding payment through wire transfers or cryptocurrency.

🛠️ What You Should Do

Verify any permit-related payment requests directly with local government offices
Check sender email domains carefully for misspellings or non-government addresses
Avoid paying permit fees through cryptocurrency, wire transfers, or payment apps
Do not click links or open attachments from unexpected emails
Report suspicious messages to the FBI Internet Crime Complaint Center

⚠️ Why This Matters
These scams use real project information to appear legitimate. Victims can lose large sums quickly because payments are routed through irreversible methods like crypto or wire transfers.

📚 Cyber Book

Digital Footprint Defense by Eduardo Maschietto

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.10

CyberMaterial — Tue, 10 Mar 2026 14:01:47 GMT

👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Threat Actors Scan Salesforce AuraInspector

Salesforce has reported that hackers are using a modified version of the open-source tool AuraInspector to scan for and exploit misconfigured Experience Cloud sites. By targeting overly permissive guest user settings, these attackers can bypass standard restrictions to scrape sensitive data from public-facing profiles.

2. CISA Flags Actively Exploited Vulns

The U.S. Cybersecurity and Infrastructure Security Agency has expanded its list of actively exploited vulnerabilities by adding three specific flaws affecting Omnissa, SolarWinds, and Ivanti products. Federal agencies are now required to patch these security gaps within the month to mitigate the risk of data breaches and ransomware attacks.

3. UNC4899 Hits Crypto Firm via Trojan

A state-sponsored North Korean threat actor known as UNC4899 recently executed a sophisticated cloud compromise against a cryptocurrency firm to facilitate a multi-million dollar theft. The operation was characterized by a complex progression from social engineering a single developer to manipulating core cloud databases through advanced technical pivots.

For more alerts click here!

💥 Cyber Incidents

4. Beaver County College Hit by Ransomware

The Community College of Beaver County is currently paralyzed by a ransomware attack that has encrypted its entire data system and resulted in a ransom demand from unidentified hackers. College officials have shut down the campus and restricted all network access while working with insurance investigators to recover vital records including grades, transcripts, and financial information.

5. Cyberattack Costs Laurens County $1.5M

Laurens County has filed a legal claim against unidentified cyber criminals after falling victim to a fraudulent scheme that resulted in the loss of over 1.5 million dollars. The county is seeking to recover the stolen funds through emergency legal action while pursuing damages and investigative costs.

6. Ericsson US Confirms Third-Party Breach

Ericsson’s U.S. subsidiary recently disclosed a data breach resulting from a cyberattack on one of its external service providers. The incident led to the unauthorized access of personal data belonging to an undisclosed number of employees and customers.

For more incidents click here!

📢 Cyber News

7. Tycoon 2FA Phishing Platform Disrupted

A major law enforcement and industry collaboration spearheaded by Microsoft and Europol has successfully dismantled Tycoon 2FA, a massive phishing-as-a-service operation targeting over 500,000 organizations. By taking down this infrastructure, authorities have neutralized a platform that was responsible for tens of millions of fraudulent emails and tens of thousands of compromised accounts worldwide.

8. Microsoft Enables Windows Hotpatches

Starting in May 2026, Microsoft will enable hotpatch security updates by default for eligible Windows devices managed via Microsoft Intune and the Microsoft Graph API. This transition utilizes Windows Autopatch to deliver updates that eliminate the need for immediate system restarts, significantly accelerating the patch compliance process for organizations.

9. Teams to Tag Third-Party Bots

Microsoft is preparing to launch a security update for Teams that identifies and labels third-party bots waiting in meeting lobbies. This enhancement gives organizers the power to vet automated accounts separately from human participants to prevent unauthorized access.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Tuesday, 10 March 2026 traded with mixed performance amid ongoing technology rotation and selective sector optimism.

Okta closed at 73.85 dollars and edged lower, as identity and access management stocks tracked broader tech sentiment.
Zscaler closed at 149.22 dollars and was slightly higher, with zero-trust and secure access demand providing underlying support.
Fortinet closed at 83.94 dollars and moved higher, benefiting from steady network security demand and defensive positioning.
Check Point Software Technologies closed at 153.60 dollars and was modestly higher, supported by its firewall and threat prevention portfolio.
SentinelOne closed at 13.28 dollars and moved higher, as selective buying returned to AI-driven endpoint security names.
Rapid7 closed at 6.41 dollars and was slightly lower, reflecting continued volatility in mid-cap vulnerability management stocks.

💡 Cyber Tip

☁️ Threat Actors Scan Salesforce AuraInspector

Salesforce warns that attackers are using a modified version of AuraInspector to scan Experience Cloud sites for misconfigured guest access. If guest user permissions are too broad, attackers can scrape sensitive CRM data such as employee details and internal records.

🛠️ What You Should Do

Audit Experience Cloud guest user permissions immediately
Set default external access for CRM objects to private
Disable guest access to public APIs where possible
Monitor logs for high-volume or unusual queries
Apply least-privilege policies to all external user profiles

⚠️ Why This Matters
This attack does not exploit a software bug but misconfigurations. Exposed guest permissions can allow attackers to harvest internal data and use it for phishing, vishing, or deeper intrusion attempts.

📚 Cyber Book

Protecting Your Digital Footprint by Nicholas Lucia

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium

Cyber Briefing: 2026.03.09

CyberMaterial — Mon, 09 Mar 2026 14:03:17 GMT

👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

🚨 Cyber Alerts

1. Chrome Extension Goes Rogue After Sale

Two Chrome extensions, QuickLens and ShotBird, recently transitioned to new ownership and were subsequently updated with malicious code. These compromised tools now allow attackers to bypass security headers, inject unauthorized scripts, and extract private data from nearly 8,000 users.

2. Web Exploits, Mimikatz Hit Asian Infra

A Chinese threat actor known as CL-UNK-1068 has spent years conducting a cyber espionage campaign against high-value organizations across South, Southeast, and East Asia. By targeting critical sectors like aviation, energy, and government using a mix of custom malware and open-source tools, the group maintains persistent access to steal sensitive data and credentials.

3. GitHub Malware Campaign Spreads BoryptGrab

Trend Micro discovered a campaign utilizing more than 100 GitHub repositories to distribute the BoryptGrab information stealer. This malware targets a wide range of sensitive data, including browser credentials, cryptocurrency wallets, system information, and personal files, often deploying a reverse SSH tunnel for persistent attacker access.

For more alerts click here!

💥 Cyber Incidents

4. TriZetto Breach Hits 3.4M Patients

A massive data breach at Cognizant’s TriZetto Provider Solutions has resulted in the exposure of sensitive medical and personal records for over 3.4 million individuals. Although the source of the intrusion remains unknown and no ransomware groups have claimed credit, the company has begun notifying the public of the security failure.

5. Children’s Council SF Breach Probe

The Children’s Council of San Francisco recently experienced a significant cyberattack where unauthorized users infiltrated their network and accessed sensitive personal information. This breach impacted clients and staff, potentially exposing data such as Social Security numbers and financial details, leading to ongoing investigations into legal claims for those affected.

6. HungerRush Breach Exposes 28M Users

HungerRush, a cloud-based point-of-sale platform catering to pizza and fast-casual chains, is reportedly the victim of a significant data breach. A threat actor on a cybercrime forum is currently advertising a database for sale that claims to hold sensitive records for more than 28 million customers and restaurant entities.

For more incidents click here!

📢 Cyber News

7. Russian Hackers Target Dutch Messaging

Dutch intelligence agencies warned on Monday that Russian state hackers are targeting Signal and WhatsApp accounts belonging to government officials, military staff, and journalists to bypass secure communications. Officials clarified that the hackers are not exploiting software vulnerabilities but are instead using social engineering tactics, such as impersonating support bots, to hijack individual user sessions and monitor private group chats.

8. Claude AI Finds 22 Firefox Bugs

Anthropic utilized the Claude Opus 4.6 AI model to identify 22 security vulnerabilities within the Firefox browser, many of which were categorized as high severity. Mozilla successfully resolved all of these discovered flaws with the release of Firefox 148 in January 2026.

9. Banks Must Refund Phishing Victims

Athanasios Rantos, the Advocate General of the Court of Justice of the EU, has issued a legal opinion stating that banks should immediately refund victims of unauthorized transactions even if the customer’s negligence is suspected. This preliminary guidance suggests that the burden of proof rests with the financial institution, which must first restore the funds before pursuing legal action to prove a customer’s gross negligence.

For more news click here!

📈Cyber Stocks

Cybersecurity stocks on Monday, 9 March 2026 traded with mixed momentum as broader technology rotation continued. Ongoing geopolitical tensions and documented warnings about elevated state-linked cyber activity reinforced long-term enterprise and government security spending expectations, even as near-term investor sentiment remained cautious.

Palo Alto Networks closed at 148.92 dollars and was modestly lower, as platform and integrated cloud security names remained sensitive to software sector volatility despite sustained enterprise demand.
CrowdStrike closed at 371.98 dollars and moved lower, reflecting short-term pressure in high-growth endpoint and identity protection stocks amid broader tech rotation.
Okta closed at 72.50 dollars and was softer, with identity and access management equities tracking overall market sentiment.
Zscaler closed at 146.99 dollars and was lower, as zero-trust and secure access service edge names saw continued profit-taking.
Fortinet closed at 79.03 dollars and edged down, with network security demand stable but shares pressured alongside broader tech names.

💡 Cyber Tip

🧩 Chrome Extensions Turn Malicious After Ownership Change

Two Chrome extensions, QuickLens and ShotBird, became malicious after being transferred to new owners. The updated versions inject scripts, bypass browser security protections, and collect sensitive browsing data from thousands of users.

🛠️ What You Should Do

Remove QuickLens and ShotBird extensions immediately
Audit all installed browser extensions for recent ownership changes
Limit extensions to trusted developers and essential tools only
Review extension permissions that allow access to all websites
Monitor accounts for suspicious activity if the extensions were used

⚠️ Why This Matters
Extension ownership transfers can quietly turn legitimate tools into malware. Once compromised, these extensions can inject scripts into websites, steal session data, and track users across every page they visit.

📚 Cyber Book

Keep Your Kids Safe on Roblox by Fiona Stephens