Cyber Briefing: 2026.02.05
Zendesk abuse fuels spam, SolarWinds RCE exploited, AI and finance breaches mount, lawmakers target scam ads, and insider threats intensify.
👉 What’s trending in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Zendesk Spam Wave Floods User Emails
A widespread surge of automated spam is bypassing filters by exploiting unsecured Zendesk support systems to flood inboxes globally. These messages appear as legitimate account activation or support notifications, leaving many users receiving hundreds of unwanted emails in a short period.
2. CISA Adds Solarwinds RCE To KEV
The Cybersecurity and Infrastructure Security Agency has officially added a critical SolarWinds Web Help Desk flaw to its list of known exploited vulnerabilities due to active attacks. This specific security hole allows unauthenticated attackers to execute remote commands by exploiting a weakness in how the system handles untrusted data.
3. Docker Fixes Critical Ask Gordon AI Flaw
Cybersecurity experts recently uncovered a critical vulnerability in Docker’s Ask Gordon AI assistant that allowed attackers to run unauthorized code or steal data via malicious image metadata. Docker has since resolved the issue, known as DockerDash, with the release of version 4.50.0 to prevent these automated injection attacks.
For more alerts click here!
💥 Cyber Incidents
4. Data Breach At Betterment Exposes Accounts
A security breach at the automated investment platform Betterment in January resulted in the theft of personal data from over 1.4 million accounts. Although the company suggests customer accounts themselves were not compromised, hackers managed to exfiltrate email addresses, names, and physical locations to launch fraudulent cryptocurrency scams.
5. Mexican Government Faces Leak Allegations
A hacktivist collective known as Chronus Group claims to have leaked 2.3 terabytes of data belonging to 36 million Mexican citizens. While the leak involves a massive portion of the population, government officials maintain the data originates from older breaches and contains no new sensitive information.
6. Cyberattack At Trocaire College Exposes Data
Trocaire College is facing three class-action lawsuits following a cyberattack that exposed the personal data of over 23,000 individuals, including Social Security numbers. Although the breach was detected in March 2025, the college did not begin notifying affected students and staff until January 2026, leading to allegations of gross negligence regarding security and transparency.
For more incidents click here!
📢 Cyber News
7. Senators Introduce Bill Targeting Scam Ads
Senators Ruben Gallego and Bernie Moreno have introduced the Safeguarding Consumers from Advertising Misconduct Act to force online platforms to actively prevent fraudulent advertisements from reaching their users. This bipartisan legislation follows reports that major tech companies are generating billions in revenue from deceptive ads while consumers suffer significant financial losses.
8. Man Faces More Charges In Geisinger Breach
A California man originally charged in the 2023 Geisinger Health System data breach now faces additional counts of making false statements to federal investigators. Max Vance is accused of lying to FBI agents about downloading unauthorized patient data onto his personal devices following his termination from a Microsoft subsidiary.
9. Hackers Recruit Insiders To Bypass Security
Threat actors are increasingly bypassing technical defenses by recruiting disgruntled employees through social media and email with promises of financial gain. This strategy exploits economic anxieties like layoffs and AI displacement, making insider cooperation a primary security vulnerability for modern enterprises.
For more news click here!
📈Cyber Stocks
On Thursday, 5 February 2026, cybersecurity stocks showed mixed intraday trading with slight rotation within security subsectors. Investors balanced persistent enterprise demand for protection tools against broader tech volatility, while leadership in identity, cloud protection, and platform security remained focal points.
Fortinet Inc was at 81.12 dollars and modestly higher, with steady demand for network security and converged firewall solutions.
Check Point Software Technologies traded near 176.49 dollars and was up, supported by persistent interest in defensive threat prevention platforms.
SentinelOne Inc was around 13.62 dollars and modestly higher, as smaller AI-driven endpoint security stocks attracted selective buying.
Rapid7 Inc was near 11.04 dollars and climbed, indicating some resilience in vulnerability management and SIEM exposure.
CyberArk Software Ltd stood around 407.02 dollars and was essentially flat, with privileged access management demand a structural support.
💡 Cyber Tip
📨 Zendesk Spam Wave Floods User Emails
Attackers are abusing unsecured Zendesk support forms to trigger massive waves of automated emails. The messages look like legitimate account activations or support tickets and bypass spam filters because they originate from trusted Zendesk infrastructure, leaving users overwhelmed with hundreds of emails in a short time.
🛠️ What You Should Do
Do not click links in unexpected account or support emails
Check directly with the service provider if an alert seems suspicious
Use email rules or temporary filters to manage inbox flooding
Report abuse to the affected company and mark messages as spam
Watch for important security alerts that could be buried in the noise
⚠️ Why This Matters
Email flooding can be used to hide real security warnings or fraud alerts. By exploiting trusted platforms, attackers turn legitimate systems into spam cannons, increasing the risk of missed breaches or financial loss.
📚 Cyber Book
Tactical Wireless Security by Daniel W. Dieterle
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium











Strong roundup of emerging threat vectors. The insider recruitment angle is partcularly concerning because it sidesteps technical defenses entirely by targeting human vulnerabilities during economic uncertainty. I've seen this play out in a few organizations where the security team was focused on perimeter hardening while ignoring internal social engineering risks.