👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. VolkLocker Ransomware Keys Unlock Files

The pro-Russian hacktivist group CyberVolk (also known as GLORIAMIST) introduced a new ransomware-as-a-service offering called VolkLocker, but it contains critical flaws in its implementation that allow victims to decrypt their files without paying the ransom. This new RaaS platform, also tracked as CyberVolk 2.x, emerged in August 2025 and is a Golang-written threat designed to target both Windows and Linux operating systems.

2. GhostPoster Malware Hits Firefox Addons

The GhostPoster campaign utilized logo files from 17 Mozilla Firefox add-ons to hide malicious JavaScript, which was used to hijack affiliate links, inject tracking code, and perpetrate click and ad fraud. Security firm Koi Security identified the campaign, noting that the extensions, which have been downloaded over 50,000 times, are now unavailable.

3. FortiGate Hit By SAML SSO Attacks Active

Cybersecurity firm Arctic Wolf observed intrusions leveraging the critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS 9.8) to perform malicious SSO logins on FortiGate appliances against the “admin” account, followed by exporting device configurations. Fortinet has released patches for the vulnerabilities, which allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled, a setting that can be automatically enabled during FortiCare registration.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. PornHub Facing Extortion After Data Theft

The extortion gang ShinyHunters is reportedly threatening the adult video platform PornHub after allegedly obtaining the search and viewing history of its Premium members through a recent data breach at the analytics vendor Mixpanel. While PornHub confirmed it was impacted by the Mixpanel breach, which occurred in November 2025 via a smishing attack, Mixpanel has stated it does not believe the data used for extortion originated from that incident.

5. Cyberattack Disrupts Venezuelan Oil Firm

The state-owned Venezuelan oil company, Petróleos de Venezuela (PDVSA), reportedly experienced a cyberattack that disrupted its export activities, although the company officially denied any operational impact. PDVSA stated the incident was limited to administrative systems and blamed foreign interests and domestic conspirators for the attempt to destabilize the nation.

6. Westminster Loses Funds In Cyber Attack

A cyber attack compromised some of the City of Westminster’s information technology systems, prompting involvement from the Westminster Police Department, SLED, and the FBI. Although the attack resulted in a loss of public funds, officials believe no customer or personnel personal data was compromised, and payments to contractors and staff will still be made.

For more incidents click here!

Get Help

📢 Cyber News

7. Texas Sues TV Makers Over Screen Data

The Texas Attorney General has filed lawsuits against five major television manufacturers, including Sony, Samsung, LG, Hisense, and TCL Technology Group Corporation, accusing them of illegally using Automated Content Recognition (ACR) technology to secretly collect and record users’ viewing data. These legal actions also raise concerns about the two Chinese-based companies, Hisense and TCL, and the potential for the Chinese government to access U.S. consumer data under China’s National Security Law.

8. Europe Dismantles Ukraine Call Scam

European law enforcement agencies dismantled a major fraud network that used call centers in Ukraine to defraud victims across Europe of over ten million euros. Authorities from multiple countries arrested suspects and seized significant assets, disrupting the criminal enterprise.

9. Google To Close Dark Web Tool

Google is shutting down its dark web report tool in February 2026, which was designed to help users check if their personal information appeared on the dark web. The decision, made less than two years after its launch, is based on user feedback indicating the tool lacked clear, actionable guidance for next steps.

For more news click here!

Register Here

📈Cyber Stocks

On Wednesday, 17th December, cybersecurity stocks traded with mild strength as investors balanced defensive demand against broader market uncertainty. Ongoing enterprise focus on cloud, identity and perimeter security continued to underpin the sector, while selective buying supported several names amid mixed tech sentiment.

• Palo Alto Networks closed at 187.09 dollars and moved higher, supported by sustained confidence in its unified, AI-driven security platform and ongoing enterprise investment in cloud and threat detection.

• Fortinet closed at 82.47 dollars and gained modestly, reflecting continued interest in zero-trust and network-security solutions as broader market rotation showed pockets of defensive positioning.

• Zscaler closed at 232.78 dollars and posted a small uptick, supported by steady adoption of cloud-delivered security and zero-trust architectures despite mixed macro sentiment.

• Check Point Software Technologies closed at 188.19 dollars and edged higher, buoyed by ongoing demand for firewall and perimeter defenses amid heightened global cyber-threat activity.

• Okta closed at 90.59 dollars and moved higher, supported by sustained enterprise investment in identity and access management as organisations prioritise defence against identity-centric attacks.

💡 Cyber Tip

🦊 GhostPoster Malware Hits Firefox Add ons

A malicious campaign called GhostPoster infected 17 Firefox extensions with over 50,000 downloads. Attackers hid JavaScript inside extension logo files to hijack affiliate links, inject tracking code, commit ad fraud, and quietly open a backdoor for remote code execution. The compromised add ons posed as VPNs, ad blockers, utilities, and even Google Translate clones.

🔐 What You Should Do

• Remove unknown or unnecessary Firefox extensions immediately

• Install add ons only from well known publishers with strong reputations

• Review extension permissions and avoid those that request excessive access

• Keep Firefox and all extensions fully updated

• Monitor for unusual browser behavior like redirects or injected ads

⚠️ Why This Matters

Browser extensions run with deep access to your browsing activity. A single malicious add on can disable security protections, track everything you do online, and allow remote compromise without obvious warning signs.

Visit Book Club

📚 Cyber Book

The Little Cyber Engineer by Amber DeVilbiss

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium