👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get BlueSleuth-Lite

🚨 Cyber Alerts

1. Microsoft Warns on ClickFix DNS Attack

Microsoft has issued a warning regarding an evolved ClickFix malware campaign that uses deceptive browser error messages to trick users into executing malicious commands. This latest variant specifically leverages custom DNS lookups to bypass standard security filters and deliver a remote access trojan known as ModeloRAT.

2. Lazarus APT Tied to Malicious npm & PyPI

Researchers identified malicious npm and PyPI packages linked to a fake recruitment campaign run by the North Korean Lazarus Group. This operation, active since May 2025, uses deceptive job interview tasks to trick developers into installing compromised code on their systems.

3. ZeroDayRAT Spyware Enables Real-Time Spying

Security experts have identified a sophisticated mobile spyware known as ZeroDayRAT that targets both Android and iOS users through a professionalized sales model on Telegram. This malicious platform enables attackers to conduct deep surveillance, monitor real-time activities, and execute direct financial theft by compromising payment applications and digital wallets.

For more alerts click here!

RSVP Here

💥 Cyber Incidents

4. Tenga Says Hacker Stole Customer Data

Tenga recently alerted customers that an unauthorized individual gained access to an employee’s professional email account, exposing personal data like names and order histories. The breach led to the distribution of spam emails to the company’s contacts, prompting Tenga to implement multi-factor authentication across its systems to prevent further security lapses.

5. North Dakota School District Loses $4.9M

The Dickinson Public School District recently fell victim to a business email compromise scam resulting in the fraudulent diversion of 4.92 million dollars. While the district is working with federal law enforcement to investigate the theft, officials confirmed that student data remains secure and classroom operations will not be affected.

6. York City Cyberattack Led to $500K Ransom

York City paid a $500,000 ransom to regain control of its computer systems following a major cyberattack that occurred last summer. Former Mayor Michael Helfrich revealed the payment represented approximately half of the initial demand made by the hackers who crippled the city’s digital infrastructure.

For more incidents click here!

Get Help

📢 Cyber News

7. Amazon Ends Surveillance Firm Partnership

Amazon has ended its partnership with Flock Safety, a license-plate surveillance firm, following public outcry over a Ring Super Bowl advertisement that showcased AI-powered tracking capabilities. Although the companies claim the split was due to resource constraints rather than the controversy, the decision comes as lawmakers and privacy advocates ramp up criticism of Ring’s biometric features.

8. California AG Announces $2.75M Disney Deal

California Attorney General Rob Bonta has reached a 2.75 million dollar settlement with the Walt Disney Company following allegations that it failed to honor consumer requests to opt out of data sharing. The settlement requires Disney to overhaul its privacy systems to ensure that a single opt-out request effectively applies to all devices and services linked to a user’s account.

9. Google Links Russian Actor to CANFAIL

A newly discovered hacking group linked to Russian intelligence is actively targeting Ukrainian infrastructure with a specialized malware strain called CANFAIL. While initially focused on government and military sectors, the group has expanded its reach to include aerospace, nuclear research, and international humanitarian organizations.

For more news click here!

Click Here

💡 Cyber Tip

🌐 Microsoft Warns on ClickFix DNS Attack

Microsoft is alerting organizations to an evolved ClickFix campaign that tricks users into running malicious commands through fake browser error messages. This variant uses custom DNS lookups to retrieve attack instructions and ultimately deploys ModeloRAT, giving attackers persistent remote access.

🛠️ What You Should Do

• Never run terminal or PowerShell commands prompted by a website

• Block outbound DNS requests to unknown or hard-coded resolvers

• Monitor for unusual command-line activity and DNS queries

• Restrict administrative privileges on corporate systems

• Train employees to treat browser-based “fix” prompts as malicious

⚠️ Why This Matters
This attack bypasses traditional filters by hiding instructions inside DNS traffic. Once users execute the command, attackers gain remote control, enabling data theft and long-term compromise inside corporate networks.

Visit BookClub

📚 Cyber Book

AI in the Surveillance: The Digital Eye of Control by Sebestyén István

Get Book

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium