👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. New ErrTraffic Service Enables ClickFix

ErrTraffic is a newly identified cybercrime tool that automates ClickFix social engineering attacks by generating fake technical glitches to trick users into downloading malicious payloads. This platform is sold on underground forums for a flat fee and claims to achieve conversion rates as high as sixty percent by tailoring its lures to the specific operating system of the target.

2. Zoom Stealer Extensions Harvest Meetings

A recently identified campaign dubbed Zoom Stealer has compromised 2.2 million users across major browsers through 18 extensions designed to harvest sensitive meeting data and passwords. This operation is part of a larger, seven-year effort by a China-linked threat actor known as DarkSpectre, which has affected a total of 7.8 million people.

3. CISA Directs Feds To Patch MongoBleed

The Cybersecurity and Infrastructure Security Agency has issued a mandate for federal agencies to patch a critical MongoDB vulnerability known as MongoBleed that is currently being exploited by attackers. This security flaw allows remote actors to steal sensitive credentials and private data from unpatched servers without requiring any user interaction or authentication.

For more alerts click here!

Subscribe

💥 Cyber Incidents

4. ESA Confirms Breach Of External Servers

The European Space Agency recently confirmed a cyberattack on several external servers used for unclassified engineering projects and scientific collaboration. Although the agency is currently conducting a forensic analysis, hackers claim to have spent a week inside the systems and exfiltrated over 200 gigabytes of data.

5. Goldman Sachs Clients Data May Be Exposed

Goldman Sachs recently informed investors in its alternative investment funds that their personal information may have been compromised due to a cyberattack at the law firm Fried Frank Harris Shriver & Jacobson LLP. While Goldman Sachs confirmed its own internal systems remain secure, the incident has already led to a proposed class-action lawsuit against the law firm by an affected investor.

6. Thousands Of Medical Records Found

Thousands of medical records containing social security numbers and private health data were discovered by a hobbyist who purchased a delinquent storage unit at auction in Memphis. The files belonged to a former dentist whose license expired in 2023, prompting a police investigation into the massive breach of sensitive patient information.

For more incidents click here!

Get Help

📢 Cyber News

7. ServiceNow To Buy Cyber Firm Armis

ServiceNow has entered into an agreement to acquire the cybersecurity firm Armis for 7.75 billion dollars in a move to bolster its security and automation portfolio. The acquisition, expected to close in the second half of 2026, aims to integrate advanced cyber exposure management and proactive vulnerability response into ServiceNow’s existing platform.

8. Treasury Lifts Sanctions On Intellexa Execs

The Treasury Department has removed three individuals associated with the Intellexa Consortium and its Predator spyware from a federal sanctions list. This move reverses 2024 penalties imposed on Merom Harpaz, Andrea Gambazzi, and Sara Hamou for their roles in a corporate network that facilitated global surveillance.

9. Georgia Arrests Ex Spy Chief Over Scam Aid

Georgian authorities have detained Grigol Liluashvili, the former chief of the state security service, on various bribery charges. He is accused of accepting over a million dollars to protect international scam call centers from law enforcement.

For more news click here!

Register Here

💡 Cyber Tip

🎥 Zoom Stealer Extensions Harvest Meeting Data

A large scale campaign called Zoom Stealer has compromised millions of users through malicious browser extensions that secretly collect meeting links, IDs, embedded passwords, and credentials from Zoom and Microsoft Teams. These extensions often work as advertised, such as video downloaders or audio tools, while quietly exfiltrating sensitive corporate data in the background.

🔐 What You Should Do

• Remove browser extensions you do not actively need

• Install extensions only from trusted publishers with long standing reputations

• Review extension permissions, especially access to tabs, browsing data, and websites

• Restrict browser extensions on corporate systems through policy controls

• Rotate meeting links and enable waiting rooms and passwords for calls

⚠️ Why This Matters
Meeting data equals corporate intelligence. Stolen links and passwords allow attackers to silently access private discussions, gather sensitive information, and conduct long term espionage without triggering alerts. Browser extension hygiene is now a critical security control.

Visit Book Club

📚 Cyber Book

How to Land Your First Cybersecurity Job: A Step-by-Step Guide to Launching Your Career in Cybersecurity by Yehyun Park

Get Book

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium