Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

The cybersecurity landscape has shifted toward high-consequence identity fraud and supply chain vulnerability. This week was defined by the sentencing of U.S. nationals facilitating North Korean “laptop farms,” highlighting a sophisticated bypass of remote hiring protocols. Simultaneously, we saw the automotive sector reach a critical tipping point with ransomware attacks doubling, largely driven by the rapid expansion of connected vehicle ecosystems and unpatched cloud APIs. These trends underscore a transition from generic phishing to targeted, sector-specific exploitation of digital transformation.

Defensive strategies are adapting in real-time, marked by both platform hardening and insurance sector retreats. Raspberry Pi OS took a major step in IoT security by disabling passwordless sudo, while major insurance carriers are significantly tightening AI coverage due to the “unpredictable” nature of algorithmic risks. Meanwhile, massive data exposures at Fiverr and McGraw Hill serve as a stark reminder that even mature platforms face persistent risks from misconfigured cloud storage and SaaS-level extortion. Staying resilient now requires a blend of strict identity verification and aggressive “in-the-lab” red teaming.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

From tightening IoT defaults to precision targeting of the logistics sector, staying ahead of evolving attack vectors is essential for maintaining a resilient defense.

Raspberry Pi OS 6.2 Disables Passwordless Sudo

The latest update to Raspberry Pi OS (version 6.2, based on Debian “Trixie”) marks a significant shift in security posture by disabling passwordless sudo by default for new installations. For years, the platform prioritized ease of use for hobbyists, allowing administrative commands to run without authentication. To mitigate risks from physical access and remote session compromise, users are now prompted for their password, which then remains cached for a five-minute grace period.

• Action Required: Users can revert this via the “Admin Password” toggle in the Control Centre or raspi-config, but keeping it enabled is recommended for production environments. Read More →

Cargo Theft Malware Actor Observed for a Month

Proofpoint researchers recently monitored a sophisticated threat actor targeting the trucking and logistics sector within a controlled decoy environment for over 30 days. The attacker utilized a “signing-as-a-service” capability to bypass security warnings and deployed multiple Remote Management and Monitoring (RMM) tools—such as ScreenConnect and Pulseway—for redundancy. Their reconnaissance focused heavily on fuel card services, fleet payment platforms, and load boards to facilitate freight fraud and physical cargo theft.

• Action Required: Transportation companies should monitor for unauthorized RMM software and implement strict multi-factor authentication (MFA) on financial and logistics-related portals. Read More →

NWHStealer Malware Campaign Targets Windows Users

A widespread campaign is distributing NWHStealer, a potent infostealer, through deceptive lures like fake VPN installers, gaming mods, and hardware utilities. Hosted on platforms like GitHub, SourceForge, and fake “Proton VPN” sites, the malware uses DLL side-loading and UAC bypass techniques to evade detection. Once active, it harvests browser credentials, session cookies, and sensitive data from over 25 different cryptocurrency wallet extensions.

• Action Required: Ensure users only download software from verified official sources and utilize endpoint detection and response (EDR) tools to flag unusual process injections into RegAsm.exe or cmstp.exe. Read More →

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

From high-profile extortion leaks to misconfigured storage exposing personal IDs, this week’s incidents highlight the persistent vulnerability of centralized user data and the fragility of social infrastructure.

Fiverr Exposed User Files to Google Search

A critical configuration error on Fiverr’s platform allowed private user-uploaded documents—including tax records, driver’s licenses, and internal API keys—to be indexed by Google Search. The exposure stemmed from mismanaged Cloudinary URLs that were served without authentication, effectively turning a private exchange into a public file host. While Fiverr has stated this is not a “cybersecurity incident” but rather the result of users sharing samples in the marketplace, researchers verified that sensitive PII was discoverable via simple search queries.

• Action Required: Users should audit their “Manage Sales” and “Manage Orders” history to remove any sensitive documents and ensure that any shared files do not contain unencrypted personal data. Read More →

McGraw Hill Data Breach Affects 13.5 Million Accounts

The notorious extortion group ShinyHunters has claimed responsibility for a massive data breach at McGraw Hill, affecting approximately 13.5 million user accounts. The breach, which occurred in early 2026, reportedly involved an intrusion into the company’s Salesforce environment. This incident appears to be part of a broader “SaaS data theft” campaign by the group, utilizing sophisticated voice phishing and MFA manipulation to bypass identity layers and exfiltrate bulk cloud data.

• Action Required: Affected educators and students should immediately update their login credentials and be on high alert for targeted phishing attempts using their leaked account details. Read More →

Bluesky Down as Users Face Access Issues

Bluesky, the decentralized social media alternative, has faced a series of recent outages and regional access barriers. While the platform has dealt with technical “hiccups” causing feed-loading issues and login failures for thousands of US users, a more permanent disruption has emerged in Russia, where the communications watchdog Roskomnadzor has reportedly added the site to its registry of banned services. These events underscore the ongoing challenges for decentralized platforms in maintaining both technical stability and global accessibility.

• Action Required: Users experiencing connectivity issues can check the official status page at status.bsky.app. Those in restricted regions may require a VPN to maintain access to their feeds. Read More →

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

As automotive ransomware incidents double and insurers pull back on AI coverage, the gap between rapid technological adoption and financial risk mitigation is widening.

Insurance Carriers Rethink AI Coverage

Entering 2026, the insurance industry has shifted from “AI curiosity” to “AI caution.” Major carriers are significantly tightening underwriting standards for companies utilizing generative and agentic AI, with some increasing premiums by over 25% or declining coverage for AI-specific hallucinations and algorithmic bias claims. This “rethink” is driven by the unpredictable nature of autonomous AI outputs, which traditional liability models struggle to price. Insurers are now demanding “explainability” as a baseline, rewarding firms that have established dedicated AI centers of excellence and transparent governance frameworks. Read More →

Automotive Ransomware Attacks Double in 2025

The automotive and smart mobility sector has seen a staggering 100% increase in ransomware incidents over the past year, with these attacks now accounting for 44% of all cyber incidents in the industry. According to the 2026 Global Automotive and Smart Mobility Cybersecurity Report, 92% of these attacks are executed remotely, targeting backend cloud infrastructure, APIs, and telematics systems rather than the physical vehicles themselves. Organized threat groups are increasingly focusing on the “connected ecosystem,” leading to massive production halts and supply chain disruptions that have cost OEMs billions. Read More →

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

High-profile sentences and federal crackdowns signal a zero-tolerance approach to domestic enablers of foreign state-sponsored fraud and sanctions evasion.

US Nationals Jailed for North Korean Scheme

Two New Jersey men, Kejia “Tony” Wang and Zhenxing “Danny” Wang, have been sentenced to prison (108 and 92 months, respectively) for managing a massive “laptop farm” operation. Between 2021 and late 2024, the duo facilitated a scheme that allowed North Korean IT workers to infiltrate over 100 U.S. companies—including Fortune 500 firms and a defense contractor—by utilizing the stolen identities of 80 Americans. The operation generated over $5 million in illicit revenue intended for the North Korean government’s weapons programs and led to the exfiltration of sensitive data subject to export controls. Read More →

💻 CAREER ENABLEMENT

From hands-on virtual labs to the North’s largest tech gathering, these events offer critical opportunities to bridge the gap between AI theory and defensive practice.

Manchester Tech Event on AI and Cyber Trust

Manchester Tech Week returns this April (29–30), anchored by the DTX + UCX Manchester expo at Manchester Central. The 2026 program, themed “From Purpose to Practice,” features a powerhouse keynote session with Howard Marshall (former FBI Cyber Deputy) and Kelly Bissell (former Microsoft VP). The event is designed for tech leaders moving beyond AI experimentation into operational rollout, with specific tracks on “Agentic AI” and the mental health pressures facing SOC teams during major breaches. Read More →

AI Red and Blue Teaming Summit by Packt

Scheduled for April 17th–18th, 2026, this two-day live virtual summit moves past theoretical slides to focus on “in-the-lab” simulations. Day 1 (Red Team) focuses on exploiting LLM workflows and autonomous agent attack chains, while Day 2 (Blue Team) pivots to building Sigma detection rules and AI-specific incident response playbooks. Participants walk away with a “60-day security roadmap” and an LLM Prompt Injection checklist mapped to OWASP standards. Read More →

Click Here To Read

BOOK OF THE DAY

Trust Your Instincts: If a deal feels too good to be true or creates artificial urgency, step back By Dr. Juan Rodriguez

Every day, seniors lose thousands of dollars to scams. Phone calls. Emails. Text messages. Fake websites. And the worst part? Most victims never see it coming. Scammers are trained to create fear, urgency, and confusion, especially for those unfamiliar with modern technology. This book was written to stop that.

Get book: https://amzn.to/4tLsaA4

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium