Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Today’s edition highlights a surge in sophisticated cyber threats and high-stakes breaches, notably the PureRAT malware campaign using steganography to hide payloads in images and the $290 million Kelp DAO crypto heist. Major organizational risks are also detailed, including the Gentlemen ransomware targeting hypervisors and a significant API flaw in the Lovable AI builder that exposed source code and credentials.

On the corporate and regulatory front, the landscape is shifting with ServiceNow’s $7.75 billion acquisition of Armis to bolster asset security and Poste Italiane’s €12.5 million fine for data privacy violations. Additionally, new compliance measures like PlayStation’s age-gating in the UK and offers professional growth opportunities through medical device cybersecurity summits and free youth AI camps.

First time seeing this? Please Subscribe

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

PureRAT Hides PE Payloads in PNGs

A new cyberattack campaign using PureRAT malware hides executable files within PNG images to evade detection. This sophisticated attack employs techniques such as steganography, PowerShell scripts, and process hollowing to execute malicious payloads in memory, making it difficult for security systems to detect. Organizations should enhance their security measures by monitoring for unusual file behaviors and employing advanced threat detection tools. Read More

SideWinder Phishing Campaign Targets Governments

The SideWinder advanced persistent threat group has launched a phishing campaign targeting South Asian government organizations, including the Bangladesh Navy and Pakistan’s Ministry of Foreign Affairs. The attack uses a fake Chrome PDF viewer and a cloned Zimbra email login portal to steal credentials. Affected organizations should immediately rotate credentials, notify relevant cybersecurity teams, and report malicious activities to Cloudflare Trust and Safety. Read More

Gentlemen RaaS Targets Multiple Platforms

The Gentlemen ransomware-as-a-service operation is expanding its reach by targeting multiple platforms, including Windows, Linux, NAS, BSD, and VMware ESXi. This new threat employs a locker written in C specifically for hypervisor environments, making it a significant risk to corporate networks worldwide. Organizations should enhance their cybersecurity measures and ensure regular backups to mitigate potential impacts. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

$290 Million Kelp DAO Crypto Heist

Hackers have stolen $290 million from Kelp DAO by targeting LayerZero’s decentralized virtual network. They compromised specific remote procedure calls and launched distributed denial-of-service attacks to redirect traffic to malicious infrastructure. Organizations using LayerZero should review their security measures and monitor for unusual activity to prevent similar breaches. Read More

ANTS Data Breach Exposes User Personal Details

A data breach at the ANTS portal in France has exposed personal information such as login IDs, names, and email addresses of users, raising concerns about potential phishing risks. The breach does not involve documents submitted during administrative procedures, and affected users are being notified as investigations continue. Authorities have reported the incident to regulatory bodies and are working to determine the breach’s origin and scope while reinforcing security measures.Read More

Lovable AI App Builder API Flaw

The AI application builder Lovable is experiencing a significant data breach due to an unpatched API vulnerability. This flaw exposes sensitive project data, source code, and user credentials for projects created on the platform before November 2025. Users should immediately review their projects for any unauthorized access and update their credentials to mitigate potential risks. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

ServiceNow acquires Armis for $7.75bn

ServiceNow has acquired Armis for $7.75 billion to enhance its cybersecurity capabilities by integrating Armis’ asset security technology into its platform. This acquisition aims to improve visibility and security controls across digital and physical environments, benefiting industries like manufacturing, healthcare, and critical infrastructure. Organizations using ServiceNow can now leverage real-time monitoring and automated risk management features to better handle the complexity of connected devices and machine identities. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

PlayStation age-gating in UK

Sony is implementing age verification requirements for PlayStation users in the UK and Ireland to comply with the UK’s Online Safety Act. Starting June 2026, users who do not verify their age will lose access to features like voice chats, messaging, and third-party communication services. To maintain full access to these features, users must complete the age verification process. Read More

Poste Italiane Fined €12.5M for Data Violations

The Italian Data Protection Authority has fined Poste Italiane and Postepay a total of €12.5 million for unlawful data processing practices affecting millions of users. The fines were imposed due to intrusive data collection through mobile apps, insufficient transparency, and inadequate data protection assessments. Both companies must cease the disputed practices, align their data retention policies with regulations, and report compliance to the Authority. Read More

💻 CAREER ENABLEMENT

AdvaMed Cybersecurity Summit

The AdvaMed Cybersecurity Summit focused on the evolving cybersecurity challenges and strategies in the medical device sector. Key discussions included the FDA’s updated cybersecurity framework, end-of-life device management, and fostering a security-conscious corporate culture. Attendees were advised to integrate cybersecurity into all stages of product development and operations, collaborate across sectors, and stay informed about regulatory changes. Read More

Free Summer Cyber and AI Experience Camps

The University of West Florida Center for Cybersecurity and AI, in partnership with Regions Foundation, is offering free Summer Cyber and AI Experience Camps in 2026 for students aged 13 and up. These camps provide hands-on learning opportunities in cybersecurity and AI, featuring activities, games, and professional insights. Interested students can register for the camps, which will be held in Pensacola, by visiting the university’s website. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium