Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Today’s threat landscape highlights a sophisticated blend of technical and psychological exploits, ranging from malicious AI browser extensions capable of stealing passwords to the hijacking of legitimate PayPal email systems for tech support scams.

The real-world impact is visible in the defacement and holding of Naturalsciences.org via ransomware, while the legal front saw significant victories with Europol dismantling a €50 million Albanian scam ring and the extradition of a major cybercrime platform operator. To counter these evolving risks, the industry is leaning into AI-driven security partnerships like Datalink and Arctic Wolf, alongside structured community defenses such as Patchstack’s specific bug bounty guidelines for WordPress vulnerabilities.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

High-Risk AI Browser Extensions Exposed

Unit 42 has identified high-risk AI browser extensions that pose a significant threat to users by stealing data, intercepting prompts, and exfiltrating passwords. These extensions are often disguised as productivity tools, making them difficult to detect. Users should protect their browsers by being cautious about the extensions they install and regularly reviewing their permissions. Read More

PayPal Emails Hijacked for Tech Support Scams

Scammers are exploiting PayPal’s email system to send deceptive messages that appear legitimate, tricking recipients into calling fake tech support numbers. These emails, which originate from a genuine PayPal address, contain misleading subject lines suggesting unauthorized charges, prompting recipients to contact scammers posing as PayPal support. To protect yourself, avoid calling numbers from suspicious emails, report such emails to PayPal, and use official contact methods to verify any claims. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Ransom note appears on Naturalsciences.org

Naturalsciences.org was targeted by a cyberattack, resulting in a ransom note appearing on the website. The site was temporarily taken offline with a message indicating it was down for construction. It is unclear if the organization paid the ransom, but the site is partially back online; affected parties should monitor for further updates and ensure their cybersecurity measures are robust. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Datalink Partners with Arctic Wolf for AI Security

Datalink Networks has partnered with Arctic Wolf to provide AI-driven security operations to its customers in the U.S. and Canada. This collaboration allows Datalink’s clients to access Arctic Wolf’s security operations portfolio, which enhances detection, investigation, response, and recovery capabilities without the need for a full in-house security operations center. Customers are advised to leverage this partnership to improve their security posture, especially if they lack the internal resources to manage security operations independently. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Europol Busts Albanian Scam Call Centers

Europol has dismantled a sophisticated Albanian scam call center operation, arresting 10 individuals and seizing significant assets. The network, which defrauded victims across multiple countries including Austria, Italy, and the UK, used professional tactics to lure individuals into fake investment schemes, resulting in losses of at least €50 million. Affected individuals are advised to be cautious of unsolicited investment offers and to report any suspicious activities to authorities. Read More

Versus Project Operator Extradited to US

A German national residing in Colombia has been extradited to the United States on charges related to operating ‘The Versus Project’, a cybercrime platform. This extradition is part of a broader effort by the Department of Justice to combat cybercrime, which also included sentencing two individuals involved with BlackCat ransomware. Organizations should remain vigilant and ensure their cybersecurity measures are up-to-date to protect against such threats. Read More

💻 CAREER ENABLEMENT

Patchstack Bug Bounty Guidelines

Patchstack has outlined specific guidelines for their Bug Bounty Program, focusing on vulnerabilities in WordPress core, plugins, and themes distributed through recognized repositories. The program targets vulnerabilities with a significant security impact, requiring a CVSS v3.1 base score of 6.5 or higher, and components with a substantial number of active installs. Reports must adhere to these guidelines, and submissions that fall outside the defined scope or lack verifiable information will be rejected. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium