👉 What’s the latest in the cyber world today?

PODCAST

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. China Linked Evasive Panda Spreads MgBot

A China-linked hacking group known as Evasive Panda has been identified conducting a targeted cyber espionage campaign using DNS poisoning to distribute the MgBot backdoor. Operating between late 2022 and late 2024, the group focused its efforts on specific victims located in Türkiye, India, and China.

2. Fortinet Warns FortiOS VPN TwoFA Bug

Fortinet has reported new activity involving a five-year-old security flaw in FortiOS SSL VPN that allows attackers to bypass two-factor authentication. The vulnerability, tracked as CVE-2020-12812, stems from a discrepancy in how usernames are handled between local FortiGate settings and remote LDAP servers.

3. CISA Flags Actively Exploited Digiever RCE Bug

The Cybersecurity and Infrastructure Security Agency has officially added a critical command injection flaw affecting Digiever DS-2105 Pro video recorders to its list of actively exploited vulnerabilities. Because the device has reached end-of-life status and will not receive a patch, federal agencies and private users are urged to stop using the equipment or strictly limit its network exposure.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. Hacker Claims WIRED Data Leak Millions

A hacker known as Lovely has leaked a database containing over 2.3 million WIRED subscriber records and claims to possess 40 million more from various Condé Nast publications. The breach was reportedly motivated by the company’s alleged failure to address security vulnerabilities, and independent analysis has confirmed the authenticity of several records within the leaked dataset.

5. Rainbow Six Siege Breach Gives Free Credits

Hackers recently breached Ubisoft’s internal systems for Rainbow Six Siege, allowing them to manipulate player bans, broadcast fake messages, and distribute millions of dollars worth of premium currency and rare cosmetics to the global player base. In response, Ubisoft disabled the game’s servers and marketplace to perform a database rollback and investigate the extent of the unauthorized access.

6. Pro Russian Hackers Claim French Post Attack

A pro-Russian hacking group named Noname057 claimed responsibility for a major cyberattack that disrupted France’s national postal service, La Poste, during the peak Christmas delivery season. French intelligence agencies are now investigating the incident, which follows a pattern of similar hybrid warfare attacks targeting European infrastructure and government sites.

For more incidents click here!

Get Help

📢 Cyber News

77. LastPass 2022 Breach Tied To Crypto Thefts

Recent investigations by TRM Labs reveal that encrypted vault backups stolen during the 2022 LastPass breach are still being exploited by Russian cybercriminals to drain cryptocurrency wallets as late as 2025. By targeting vaults protected by weak master passwords, these actors have successfully siphoned over 35 million dollars in digital assets by utilizing high-risk Russian exchanges and sophisticated laundering techniques.

8. Italy Fines Apple Over App Store Rules

Italy’s antitrust authority has fined Apple 98.6 million euros after concluding that the company’s App Tracking Transparency framework unfairly restricted competition within the App Store. The regulator found that while the privacy goals were valid, the implementation forced third-party developers to use redundant and burdensome consent prompts that Apple’s own services were able to avoid.

9.Africa Cybercrime Operation Nets 574 Arrests

Authorities across 19 countries arrested 574 suspects and seized approximately 3 million dollars during a month-long operation targeting cybercrime throughout Africa. The initiative successfully dismantled over 6,000 malicious links and recovered millions in stolen funds by focusing on business email compromise, digital extortion, and ransomware.

For more news click here!

Register Here

💡 Cyber Tip

🧩 Fortinet FortiOS VPN TwoFA Bug

A five-year-old FortiOS SSL VPN flaw allows attackers to bypass two-factor authentication by exploiting username case differences.

🔐 What You Should Do

• Update FortiOS to the latest patched version immediately

• Review and correct username configurations to enforce case-sensitive authentication

• Audit VPN and admin accounts to ensure 2FA policies are correctly applied
  Monitor login attempts for unusual or repeated failed authentications

🚨 Why This Matters

Exploiting this vulnerability lets attackers access VPNs or administrative systems without two-factor authentication, putting sensitive networks at high risk.

Visit Book Club

📚 Cyber Book

Bytes of Wisdom: Cybersecurity Tips for Teens by Donald McLean

Get book: https://amzn.to/4smUn0q

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium