👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. New Macsync Malware Bypasses Macos

The latest MacSync malware variant represents a significant evolution in macOS threats by utilizing a code-signed and notarized Swift application to bypass Apple’s Gatekeeper security. By moving away from primitive terminal-based installation tactics, this version uses a legitimate developer certificate to appear as a trusted messenger installer, though Apple has since revoked the specific credentials used.

2. Malicious Chrome Extensions Steal Data

Two deceptive Chrome extensions named Phantom Shuttle are currently active in the official Web Store, posing as network proxy tools to hijack web traffic and steal sensitive user information. Despite being available since 2017, researchers recently discovered that these plugins route data through attacker-controlled servers to capture credentials, session cookies, and financial details.

3. Webrat Malware Spreads On Github

Threat actors are now distributing WebRAT malware through GitHub repositories that falsely claim to offer proof-of-concept exploits for high-profile vulnerabilities. This backdoor, which previously targeted gamers through pirated software, has evolved its distribution strategy to lure security researchers and IT professionals into downloading password-protected malicious payloads.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. Nissan Customers Exposed In Red Hat Breach

Nissan Motor Co. Ltd. recently confirmed that a third-party data breach at software provider Red Hat led to the exposure of personal information belonging to 21,000 customers in Japan. While sensitive data like names and addresses were compromised, the automaker clarified that no financial details were leaked and there is currently no evidence that the stolen information has been misused.

5. Malicious Npm Package Steals Whatsapp

A malicious NPM package named lotusbail masquerades as a legitimate WhatsApp API library to intercept private messages and exfiltrate contact lists. By embedding itself within a popular library fork, the malware gains persistent account access and employs advanced obfuscation to evade detection by developers.

6. Romanian Water Agency Ransomware Hit

The Romanian national water management authority, Administrația Națională Apele Române, recently suffered a ransomware attack that compromised roughly 1,000 systems across its national and regional offices. While the breach encrypted administrative data and email services using the Windows BitLocker tool, officials confirmed that the operational technology controlling water infrastructure remains secure and functional.

For more incidents click here!

Get Help

📢 Cyber News

7. Court Clears Former Vastaamo CEO

The Helsinki Court of Appeal has cleared Ville Tapio, the former CEO of Vastaamo, by overturning his previous conviction related to a massive data breach. The court determined that Tapio cannot be held criminally responsible for the security failures that led to the exposure of thousands of patients’ sensitive records.

8. Man Charged In Fraudulent Id Market

Federal authorities have indicted a Bangladeshi national for operating illegal online marketplaces that sold digital templates for fraudulent identity documents, including passports and social security cards. As part of the law enforcement action, the United States successfully seized three domains used to facilitate these global transactions.

9. Interpol Action Breaks Ransomware

The international law enforcement effort focused heavily on African nations to combat the rapid growth of sophisticated cyberattacks targeting the energy and financial sectors. In Senegal, authorities successfully froze accounts to stop a 7.9 million dollar wire transfer intended for a petroleum company before the stolen funds could be withdrawn. Meanwhile, in Benin, the operation led to over one hundred arrests and the removal of thousands of social media accounts and domains used for various online scams.

For more news click here!

Register Here

💡 Cyber Tip

🧩 Malicious Chrome Extensions Steal Data

Deceptive Chrome extensions like Phantom Shuttle can hijack browser traffic to steal credentials, session cookies, and financial information.

🔐 What You Should Do

• Immediately remove unknown or suspicious Chrome extensions

• Verify and restrict browser extensions to trusted developers only

• Review permissions requested by extensions before installation

• Monitor accounts for unusual activity, especially after using extensions

🚨 Why This Matters

These extensions act as man-in-the-middle attacks, allowing attackers to capture sensitive data directly from web requests, risking both personal and professional account security.

Visit Book Club

📚 Cyber Book

Cybersecurity Fundamentals by Bruce Brown

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium