Cyber Briefing: 2026.01.23
GitLab auth bypasses, phishing installs RMM backdoors, new ransomware strains, supply-chain leaks, DeFi hacks, GDPR fines surge, and policy shifts emerge.
👉 What are the latest cybersecurity alerts, incidents, and news?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. GitLab Warns Of High Severity Auth Flaws
GitLab recently addressed a high-severity security flaw that allowed attackers to bypass two-factor authentication in both Community and Enterprise editions. By exploiting a weakness in how the platform verifies device responses, individuals with a target’s account ID could gain unauthorized access, though patches are now available in the latest software versions.
2. Phishing Attack Installs LogMeIn RMM
Security experts have identified a dual-stage cyberattack that uses phished login credentials to install authorized remote management tools for long-term system access. By masquerading as a digital invitation service, the attackers trick users into providing account information that is then used to deploy legitimate software as a permanent hidden backdoor.
3. New Osiris Ransomware Uses BYOVD
In November 2025, a food service operator in Southeast Asia was targeted by a brand-new ransomware family named Osiris, which utilized a specialized malicious driver to disable security software. Researchers have linked the campaign to the threat actors behind INC ransomware based on shared tools and data exfiltration methods.
For more alerts click here!
💥 Cyber Incidents
4. Hackers threaten to release ‘exact’ details of unreleased Apple products
Apple faces a significant security crisis as a major manufacturing supplier, Luxshare, fell victim to a ransomware attack that potentially exposed highly confidential product data. The hacking group RansomHub claims to possess sensitive engineering files and internal personnel details, threatening to leak the information unless a ransom is paid.
5. Everest Ransomware Hits Under Armour
Approximately 72.7 million Under Armour accounts have been added to the Have I Been Pwned database following an alleged ransomware attack. The leaked data, reportedly released by the Everest ransomware group, includes personal details like names, birthdays, and purchase histories that the company has not yet officially acknowledged.
6. Saga Falls Victim To DeFi Hack
Saga has halted its EVM blockchain following an exploit that resulted in the theft of approximately $7 million. While the exact cause is still being debated, the attacker successfully bridged stolen assets to Ethereum and converted them into ether to avoid a freeze on the funds.
For more incidents click here!
📢 Cyber News
7. Europe GDPR Fines Hit 1.2B Euros
Europe’s data protection landscape shifted significantly in 2025 as total annual fines exceeded 1.2 billion euros amid a surge in reported security incidents. Organizations now face an average of over 400 daily breach notifications, signaling a new era of heightened regulatory pressure and complex legal challenges.
8. UK Launches New Report Fraud Service
British authorities have officially introduced Report Fraud, a central national service designed to modernize how the public reports cybercrime and improve subsequent police investigations. This initiative seeks to restore confidence in law enforcement by providing a more responsive and effective way to combat the country’s most prevalent criminal activities.
9. eBay Bans Illicit Automated Shopping
eBay recently updated its User Agreement to explicitly forbid unauthorized third-party buy-for-me agents and AI chatbots from placing orders on its platform. This policy shift highlights the growing tension between major retailers and the rise of agentic commerce tools designed to automate the online shopping experience.
For more news click here!
📈Cyber Stocks
Equities in cybersecurity largely finished the week positively on Friday, 23 January, as tech sentiment improved and investors rotated back into high-growth and defensive tech names. Rising interest in cloud security, identity management and AI-enabled threat protection supported demand narratives. Sector performance reflected broader optimism in enterprise security spending alongside modest market breadth
Fortinet closed at 77.62 dollars and advanced, as enterprise network and converged security hardware demand showed relative strength into week’s end.
Check Point Software Technologies finished at 178.16 dollars and moved higher, with legacy and integrated threat prevention offerings maintaining steady interest.
SentinelOne closed at 14.19 dollars and rose, reflecting selective buying in AI-driven endpoint and cloud threat protection stocks.
Rapid7 ended at 13.10 dollars and was up, with vulnerability management and SIEM exposure benefiting from renewed risk appetite.
CyberArk Software closed at 442.75 dollars and trended higher, supported by privileged access management demand and identity security focus in enterprise IT budgets.
💡 Cyber Tip
🔒 New Osiris Ransomware Uses BYOVD
A newly identified ransomware strain called Osiris has been observed using a bring your own vulnerable driver technique to disable security tools before encryption. The attackers deployed a custom malicious driver to gain elevated privileges, shut down defenses, and move laterally inside the network. Researchers link the activity to operators associated with INC ransomware based on shared tools and data theft methods.
🔐 What You Should Do
Block untrusted and unsigned drivers using kernel mode protection
Enable driver block rules and vulnerable driver lists in endpoint security
Monitor for abnormal driver loading and sudden AV termination
Restrict administrative privileges and credential dumping tools
Maintain offline and immutable backups
⚠️ Why This Matters
BYOVD allows ransomware to neutralize security controls at the kernel level. Once defenses are disabled, attackers can encrypt systems and exfiltrate data with little resistance, making detection and prevention far more difficult without strong driver controls.
📚 Cyber Book
Teaching Cyber: Building the Bridge Between Education and Industry by L. Ben Crenshaw
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium