Cyber Briefing: 2026.01.19
CrashFix ClickFix, StackWarp AMD VM flaw, GootLoader ZIP evasion, major ransomware and regulator breaches, Black Basta crackdown, and quantum cyber tools.
👉 What’s going on in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Malicious Chrome Extension Crashes
A new ClickFix attack variant called CrashFix uses a fake ad blocker extension to trick users into running malicious commands that install malware. Discovered by Huntress, this campaign specifically targets corporate systems by overwhelming the browser until it crashes, then displaying a fraudulent repair prompt.
2. StackWarp Attack Threatens AMD VMs
Researchers from the CISPA Helmholtz Center for Information Security have uncovered StackWarp, a hardware vulnerability in AMD Zen 1 through Zen 5 processors that allows attackers to compromise confidential virtual machines. By exploiting a synchronization failure in the CPU stack engine, malicious hosts can manipulate guest VM stack pointers to steal encryption keys or achieve remote code execution.
3. GootLoader Bypasses Security With ZIPs
GootLoader malware utilizes malformed ZIP files consisting of hundreds of concatenated archives to bypass security tools while remaining functional on Windows systems. This initial access tool is frequently employed by ransomware groups to compromise environments before deploying secondary payloads like Cobalt Strike or Rhysida.
For more alerts click here!
💥 Cyber Incidents
4. Ingram Micro Ransomware Hits 42,000
IT distributor Ingram Micro is notifying over 42,000 individuals that their sensitive personal data, including Social Security and passport numbers, was stolen during a July 2025 ransomware attack. Although the company restored its systems within a week, the Safepay ransomware group later leaked several terabytes of stolen employee and applicant records online.
5. Canadian Investment Watchdog Breach
The Canadian Investment Regulatory Organization recently announced that a sophisticated phishing attack in August 2025 led to a data breach affecting 750,000 people. While the organization stated that its critical functions remained intact, the compromised data includes sensitive details such as social insurance numbers, account statements, and government identification.
6. Ransomware Disrupts Kyowon Operations
The South Korean conglomerate Kyowon Group is currently investigating a significant ransomware attack that has disrupted its operations and potentially compromised the personal information of millions of customers. After detecting suspicious activity on January 10, the company isolated its servers and reported the breach to the Korea Internet and Security Agency to begin a full forensic assessment.
For more incidents click here!
📢 Cyber News
7. Ukraine Germany Target Black Basta
Ukrainian and German authorities have identified two key suspects linked to the Black Basta ransomware group and issued an international warrant for its Russian leader. The investigation focused on individuals responsible for cracking passwords and facilitating network breaches that crippled hundreds of organizations worldwide.
8. Tennessee Man Hacks Supreme Court System
Nicholas Moore, a 24-year-old from Tennessee, pleaded guilty on Friday to hacking the U.S. Supreme Court filing system and illegally accessing records from AmeriCorps and the Department of Veterans Affairs. He faces up to one year in prison for a misdemeanor count of computer fraud, with sentencing scheduled for April 17 in Washington, D.C.
9. China Tests Quantum Cyber Weapons
The Chinese military has disclosed that it is developing and testing over ten quantum cyberwarfare tools designed to extract intelligence from public cyberspace during active missions. Led by the National University of Defense Technology, this initiative integrates quantum computing with artificial intelligence to achieve data processing speeds that could redefine decision-making in future conflicts.
For more news click here!
📈Cyber Stocks
On Monday, 19th January, cybersecurity stocks traded with mixed outcomes as broader market volatility and geopolitical tensions impacted defensive tech valuations.
Palo Alto Networks closed at around 187 to 190 dollars and was modestly lower, with broader market caution and sector rotation outweighing ongoing confidence in its unified AI-driven security platform. Analysts continue to view its long-term platform strategy as compelling even amid short-term volatility.
CrowdStrike closed at approximately 460 to 470 dollars and edged down, as profit-taking and broader tech pressures tempered gains despite sustained demand for its cloud-native Falcon endpoint protection and analytics platform.
Okta closed at near the mid-90 dollars level and was slightly lower, with macro caution balancing steady enterprise investment in identity and access management solutions.
Zscaler closed at around low-to-mid 210s dollars and dipped modestly, reflecting light profit-taking, even though cloud-delivered security and zero-trust architectures remain key drivers of its long-term adoption.
Fortinet closed at around mid-70s dollars and retreated, with broader sector volatility and rotation limiting near-term upside, while steady interest in zero-trust and network-security solutions persisted.
💡 Cyber Tip
🧩 Malicious Chrome Extension Triggers CrashFix Attacks
A new ClickFix variant called CrashFix abuses fake Chrome ad blocker extensions to infect corporate systems. The malicious extension intentionally crashes the browser, then displays a fake repair message that tricks users into running clipboard based commands. These commands silently install a remote access trojan designed specifically for domain joined business machines.
🔐 What You Should Do
Install browser extensions only from verified publishers
Block users from installing extensions without admin approval
Never run commands copied from browser popups or error messages
Monitor PowerShell usage and clipboard manipulation activity
Educate staff to treat browser crashes followed by repair prompts as suspicious
⚠️ Why This Matters
CrashFix turns a browser failure into a social engineering weapon. Once users run the fake fix, attackers gain persistent remote access to corporate systems, bypassing many traditional perimeter defenses.
📚 Cyber Book
Beyond the Algorithm: AI, Security, Privacy, and Ethics by Omar Santos, Petar Radanliev
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium