Cyber Briefing: 2026.01.21
Gemini prompt abuse leaks data as ransomware targets enterprises, major state breaches emerge, DDoS attacks rise, and regulators push tougher cyber rules.
👉 What’s going on in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Gemini Prompt Flaw Exposed Calendar Data
Security researchers recently uncovered a vulnerability in Google Gemini where indirect prompt injection could be used to bypass security protocols and exfiltrate data via Google Calendar. By embedding hidden instructions in a meeting invite, attackers could force the AI to summarize private schedule details into a new event visible to the unauthorized party.
2. New PDFsider Windows Malware Deployed
Cybersecurity researchers recently identified a sophisticated malware strain called PDFSider being used by ransomware groups to infiltrate Fortune 100 financial firms through a combination of social engineering and technical exploits. The attack involves impersonating technical support to trick employees into installing remote assistance tools, which then facilitates the deployment of a stealthy backdoor designed for long-term network access.
3. LastPass Warns Of Fake Maintenance Scams
LastPass is warning its customers about an ongoing phishing attack that uses fraudulent emails to steal vault master passwords. The scam attempts to deceive users by claiming that immediate action is required to secure their data before a scheduled system update.
For more alerts click here!
💥 Cyber Incidents
4. Everest Ransomware Claims McDonalds Breach
The Everest ransomware group has announced a significant breach of McDonald’s India, claiming to have stolen 861 GB of data including customer records and internal financial documents. The group posted evidence of the intrusion on their leak site on January 20, 2026, and has given the company a two-day deadline to respond before the information is released.
5. Luxembourg State Sites Hit By Cyberattack
On Tuesday morning, the Luxembourg State Information Technology Centre confirmed that several government websites were temporarily offline following a targeted cyberattack. The disruption was identified as a distributed denial-of-service attack that affected key public portals for less than an hour before services were fully restored without any data being compromised.
6. Illinois DHS Breach Exposes 700K
The Illinois Department of Human Services recently disclosed a data breach that compromised the personal records of approximately 700,000 residents who interacted with state assistance programs. The unauthorized access exposed sensitive information, prompting the agency to begin notifying affected individuals while an investigation into the intrusion continues.
For more incidents click here!
📢 Cyber News
7. SK Telecom Sues To Revoke Breach Fine
South Korea’s top mobile provider, SK Telecom, has initiated a lawsuit to cancel a record 135 billion-won fine issued by the state data regulator following a massive breach of its entire 23 million user base. The company filed the legal challenge just before the deadline, arguing that the penalty is excessive given their extensive compensation efforts and the lack of confirmed financial harm to customers.
8. EU Plans Cybersecurity Overhaul
The European Commission has introduced a new cybersecurity legislative package that mandates the removal of high-risk suppliers from telecommunications networks to protect against state-sponsored threats. This proposal transitions previous voluntary security guidelines into a binding regulatory framework that allows for EU-wide risk assessments across eighteen critical sectors.
9. UK NCSC Warns Of Russia Linked Ddos
The UK government has issued a warning regarding persistent DDoS attacks from Russia-linked hacktivists targeting critical national infrastructure and local government systems. Authorities are urging these organizations to bolster their cyber resilience and prepare response plans to mitigate potential operational and financial disruptions.
For more news click here!
📈Cyber Stocks
Midweek trading on Wednesday, 21st January saw cybersecurity stocks trade mostly lower, reflecting broader weakness across U.S. technology names. While long-term enterprise security demand remains intact, near-term sentiment was influenced by profit-taking in growth stocks and cautious positioning ahead of macro and policy signals. Larger platform vendors showed relative resilience, while mid-cap names faced greater pressure.
Palo Alto Networks closed at 184.06 dollars and moved lower, reflecting pressure on platform security valuations in broader tech-led profit taking while demand for integrated network and cloud security remains structurally strong.
CrowdStrike closed at 442.73 dollars and was down, consistent with endpoint and cloud security leaders experiencing short-term pullbacks as investors reprice growth equities within a cautious trading environment.
Okta closed at 87.71 dollars and declined, with identity and access management stocks underperforming modestly as markets weighed near-term growth expectations against broader risk-off flows.
Zscaler closed at 206.32 dollars and was lower, as cloud-centric zero-trust security names faced sector-wide softness despite ongoing enterprise digital transformation demand.
Fortinet closed at 75.46 dollars and was essentially flat, showing relative stability in network security hardware valuations even as peers adjusted lower.
💡 Cyber Tip
🔐 LastPass Warns of Fake Maintenance Scams
LastPass is alerting users to an active phishing campaign that uses fake maintenance emails to steal vault master passwords. The messages create urgency by claiming users must secure or back up their vault before a system update, then redirect victims to spoofed LastPass pages designed to capture credentials.
🔐 What You Should Do
Do not click links in LastPass maintenance or security emails
Never enter your master password outside the official LastPass app or website
Verify account alerts by logging in directly, not through email links
Report suspicious emails to LastPass and delete them
Enable strong multi factor authentication on your account
⚠️ Why This Matters
Anyone who obtains a master password gains full access to all stored credentials. Urgent sounding maintenance notices are a common social engineering tactic designed to bypass caution and lead to complete account compromise.
📚 Cyber Book
Cybersecurity: A Self-Teaching Introduction by K.K. Goyal and Amit Garg
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium