Cyber Briefing: 2025.12.30
AI investment scams surge as Mac malware bypasses Gatekeeper, critical software flaws emerge, ransomware hits universities, and massive breaches expose millions.
👉 What’s the latest in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Nomani Investment Scam Rises Using AI
The fraudulent Nomani investment scheme has surged by 62 percent as it expands its reach from Facebook to platforms like YouTube. Cybersecurity firm ESET has blocked over 64,000 malicious URLs related to the scam this year, with the highest activity concentrated in countries such as Czechia, Japan, and Spain.
2. LangChain Core Flaw Enables Prompt Injection
A critical vulnerability in the LangChain Core package allows attackers to exploit prompt injection to trigger malicious object instantiation during data serialization. This flaw, dubbed LangGrinch, puts sensitive secrets and system integrity at risk by misinterpreting user-controlled data as legitimate internal commands.
3. New MacSync Stealer Bypasses Gatekeeper
Cybersecurity researchers have identified a new version of the MacSync information stealer that bypasses Apple’s Gatekeeper security by masquerading as a notarized Swift-based messaging app installer. This variant marks a shift in strategy by using legitimate digital signatures to avoid detection while employing a dropper that enforces execution delays and modified network commands to retrieve its malicious payload.
For more alerts click here!
💥 Cyber Incidents
4. University Of Phoenix Ransomware Hits
The University of Phoenix recently disclosed a major cyberattack by the Clop ransomware group that compromised the personal and financial data of nearly 3.5 million people. The breach exploited a previously unknown vulnerability in Oracle software and remained undetected for several months before the attackers publicized the stolen information.
5. Aflac Data Breach Impacts Millions
A data breach recently confirmed by Aflac exposed the sensitive personal and health information of approximately 22.7 million individuals. The incident, linked to the cybercriminal group Scattered Spider, has prompted the company to offer two years of identity protection services to those affected.
6. Korean Air Data Hit In Oracle Hack
Korean Air recently confirmed that a cyberattack on its catering supplier, Korean Air Catering and Duty-Free, resulted in a data breach exposing the records of 30,000 current and former employees. While hackers accessed names and bank account numbers, the airline stated that no passenger information was compromised during the incident.
For more incidents click here!
📢 Cyber News
7. Fake Bank Sites Linked To 28 Million Fraud
The Justice Department recently seized web3adspanels.org, a domain used to facilitate bank account takeover schemes that caused over $14 million in actual losses. Using deceptive search engine advertisements and counterfeit websites, the criminal operation targeted U.S. victims to steal login credentials and drain their accounts.
8. Coupang To Issue Vouchers After Breach
South Korean ecommerce leader Coupang has pledged approximately 1.17 trillion won to compensate nearly 34 million users following a massive data breach linked to a former employee. Impacted customers, including former users and non-subscribers, will receive 50,000 won shopping vouchers starting in mid-January 2026 to help restore brand loyalty.
9. Hacker Arrested In KMSAuto Malware Case
A Lithuanian national was extradited from Georgia to South Korea for allegedly infecting nearly three million computers with cryptocurrency-stealing malware hidden within illegal software activators. The suspect is accused of stealing over one million dollars by intercepting and modifying digital wallet addresses during transactions.
For more news click here!
📈Cyber Stocks
On Tuesday, 30th December, cybersecurity stocks mostly traded lower as broader market caution and year-end profit-taking influenced performance across the tech sector. Despite persistent demand for cloud, identity and perimeter security, rotation into other sectors and macro volatility kept gains in check, even as defensive positioning remained evident.
SentinelOne closed at 15.03 dollars and was largely flat, as broader market volatility balanced steady interest in AI-augmented endpoint detection and response.
Rapid7 closed at 15.41 dollars and remained steady, supported by ongoing enterprise investment in vulnerability management and detection-response services as compliance needs increase.
CyberArk Software closed at 451.19 dollars and edged lower, with selective profit-taking weighing on the stock even as demand for privileged access management and identity security held up.
CrowdStrike closed at 475.91 dollars and moved lower, as profit-taking trimmed recent strong gains even though demand for cloud-native endpoint protection and threat intelligence remained robust.
Okta closed at 88.08 dollars and declined modestly, with broader market pressure offsetting steady enterprise investment in identity and access management.
💡 Cyber Tip
📈 Nomani Investment Scam Rises Using AI
A growing investment scam known as Nomani is spreading rapidly across social platforms like Facebook and YouTube. The campaign uses AI generated videos, fake endorsements, and polished ads to promote non-existent investment opportunities. Security researchers report a sharp increase in activity, with tens of thousands of malicious links already blocked worldwide.
🔐 What You Should Do
Be skeptical of investment ads on social media promising guaranteed or unusually high returns
Do not trust video testimonials or celebrity endorsements without independent verification
Avoid clicking sponsored links that redirect to unknown investment platforms
Never share ID documents or credit card details to “unlock” or “recover” profits
Verify investments through regulated financial institutions or official registries
⚠️ Why This Matters
AI powered scams are becoming more convincing and harder to spot. Once money is deposited, victims are often pressured for more fees or targeted again with fake recovery services. Awareness and verification are the strongest defenses against modern investment fraud.
📚 Cyber Book
Cybersecurity for Seniors by David Sterling
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2025CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium
The SentinelOne section caught my eye bc trading flat at 15.03 while the endpoint market is supposedly booming seems off. The note about AI-augmented EDR demand staying steady makes sense but there's a disconnect when you look at how CrowdStrike moved lower and still closed near 476. Market's probably factoring in the commoditization risk for EDR now that every vendor is slapping AI onto their product. I ran into this last quarter when evaluating vendors and found differentiation getting tougher tospot. If SentinelOne can't break out from this range soon the flatness might turn into a slow grind down especially if enterprise budgets tighten in Q1.