Cyber Briefing: 2026.03.17
Cybercriminals are exploiting supply chains, SEO poisoning, hijacked SDKs, and malicious apps to steal credentials, deploy crypto-stealing code, and spread ransomware
👉 What are the latest cybersecurity alerts, incidents, and news?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Konni Spreads EndRAT via Phishing
North Korean threat actors known as Konni are currently using spear-phishing emails to gain unauthorized access to desktop KakaoTalk applications. Once inside a system, they steal sensitive documents and leverage the victim’s trusted messaging account to distribute malware to specific contacts.
2. CISA Warns of Exploited Wing FTP Flaw
CISA has officially added a medium-severity information disclosure flaw in Wing FTP Server to its list of actively exploited vulnerabilities. This bug, identified as CVE-2025-47813, allows attackers to discover the local installation path of the software, which can subsequently be used to facilitate more destructive attacks.
3. ClickFix Spreads MacSync macOS Stealer
Recent ClickFix campaigns are using social engineering to trick macOS users into executing terminal commands that install an information stealer known as MacSync. By leveraging trusted platforms like ChatGPT and GitHub as bait, attackers bypass traditional security exploits by convincing victims to manually run malicious scripts that exfiltrate sensitive data.
For more alerts click here!
💥 Cyber Incidents
4. Telus Digital Suffers Major Data Breach
Telus Digital is currently investigating a significant cyberattack carried out by the extortion group ShinyHunters, which claims to have exfiltrated nearly one petabyte of data from the company and its clients. While the business process outsourcing provider has confirmed unauthorized access to its systems, it maintains that all operations remain functional and that there is no current evidence of service disruption.
5. England Hockey Investigates Ransomware Data Attack Incident
England Hockey is treating a potential data breach as a matter of urgent importance following claims by a ransomware group that it has compromised the organization’s systems. The cybercriminal collective known as AiLock reportedly managed to exfiltrate 129GB of data and has added the national governing body to its public list of victims.
6. UK Companies House Data Flaw Exposed
Companies House has restored its WebFiling service following a temporary shutdown to address a security vulnerability that had been active since October 2025. The flaw, which was reported by Dan Neidle of Tax Policy Associates after an initial discovery by John Hewitt, allowed unauthorized access to the private dashboards and sensitive data of five million registered UK companies.
For more incidents click here!
📢 Cyber News
7. Microsoft Fixes RRAS RCE in Windows
Microsoft has launched an emergency hotpatch to address critical security flaws in Windows 11 Enterprise systems that utilize specialized update paths. This specific update, KB5084597, eliminates remote code execution risks within the Routing and Remote Access Service management tool for devices that cannot easily undergo a standard reboot.
8. FBI Seeks Victims of Malicious Steam Games
The FBI is seeking information from gamers who downloaded eight specific Steam titles containing malware between May 2024 and January 2026. This investigation focuses on identifying victims of cryptocurrency theft and account hijacking linked to games such as BlockBlasters, Chemia, and Tokenova.
9.Tech, Retail Unite Against Global Scams
Eleven major tech and retail giants like Google, Amazon, and OpenAI have committed to a new pact to exchange data on how fraudsters exploit their platforms. This collaborative effort, first reported by Axios, aims to create a unified front against increasingly sophisticated digital scams.
For more news click here!
📈Cyber Stocks
Cybersecurity stocks on Tuesday, 17 March 2026 traded with a slightly negative bias as broader technology markets remained under pressure from valuation resets and continued rotation within high-growth software.
Palo Alto Networks closed at 167.45 dollars and was lower, as the stock continued to reflect post-earnings positioning and margin-related concerns tied to platform strategy.
CrowdStrike ended near 411.54 dollars and was lower, with high-growth endpoint security names seeing mild profit-taking amid broader SaaS weakness.
Okta closed at 84.91 dollars and declined, as identity security equities remained sensitive to ongoing multiple compression across software.
Zscaler traded near ~183–185 dollars and was lower, with premium cloud security valuations facing pressure during continued tech rotation.
Fortinet closed at 84.26 dollars and was modestly lower, tracking softer sentiment in network security and enterprise spending outlooks.
💡 Cyber Tip
🚨 Don’t Run Copy-Paste Terminal Commands from Unverified Sources
ClickFix campaigns are tricking macOS users into manually running malicious terminal commands that install the MacSync information-stealing malware. By disguising instructions as legitimate AI tool setups or trusted platforms like GitHub, attackers steal credentials, passwords, and cryptocurrency wallet data.
What to Do:
Never copy and paste terminal commands from pop-ups, ads, or unsolicited websites.
Only install software directly from official vendor websites or the Mac App Store.
Be cautious of instructions that require disabling security settings or entering your system password.
Verify links carefully, especially when they reference popular tools like AI platforms or developer services.
Use up-to-date security software and enable multi-factor authentication (MFA) wherever possible.
If unsure, consult your IT team or a trusted security source before running any command.
🔐Why It Matters:
Because this attack relies on social engineering rather than technical exploits, traditional security tools may not stop it if users execute the commands themselves. Once installed, MacSync can steal sensitive data like system credentials and crypto wallet information, putting both personal and professional accounts at serious risk.
📚 Cyber Book
Declutter & Defend by Alessio rocchI
Copyright © 2026 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium