Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Recent cyber threats have highlighted sophisticated social engineering and deceptive distribution methods designed to bypass standard security measures. Attackers are currently leveraging “VaultJacking” techniques to compromise Google Password Manager PINs, granting them full access to synced credentials and passkeys. Simultaneously, a cross-platform malware campaign is using a fraudulent ChatGPT website to deploy credential-stealers on Windows and “Atomic Stealer” on macOS, specifically targeting cryptocurrency wallets. Beyond external actors, internal app behaviors have surfaced as a concern, notably with Motorola’s preinstalled “Smart Feed” app being caught hijacking Amazon Shopping sessions to inject affiliate codes for unauthorized revenue generation.

On the organizational and professional front, the landscape is shifting toward data extortion and the valuation of crisis experience. The Silent Ransom Group is actively targeting U.S. law firms through IT support impersonation to exfiltrate sensitive data without the use of encryption, while Dutch authorities have recently apprehended a suspect involved in a massive breach of the Ajax football club affecting 300,000 fans. These incidents underscore a growing industry sentiment revealed in recent surveys: for cybersecurity leadership, technical certifications are increasingly being overshadowed by the credibility gained through managing real-world security incidents and demonstrating strategic communication during a crisis.

Listen to our podcast here ⏬

PODCAST

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

VaultJacking: Google Password Manager PIN Compromise

Security researchers have disclosed a phishing attack called VaultJacking that compromises Google Password Manager by capturing a user’s PIN code. Once attackers obtain this single PIN, they can access the victim’s entire password vault, including credentials and passkeys stored in Google’s sync infrastructure. Users should enable additional authentication protections and remain vigilant against phishing attempts targeting their Google Password Manager PIN. Read More

Fake ChatGPT site delivers malware to Windows/Mac

A fake website impersonating OpenAI’s ChatGPT download page is distributing malware to both Windows and macOS users through a convincing replica site at openew[.]app. Windows users receive credential-stealing malware that opens backdoor access to attacker servers, while Mac users get Atomic Stealer (AMOS), which targets cryptocurrency wallets and can replace legitimate Ledger and Trezor applications with trojanized versions. Users who downloaded ChatGPT from anywhere other than OpenAI’s official page or the Microsoft Store should immediately sign out of all accounts from a clean device, change passwords, move cryptocurrency funds, and reinstall their operating system. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Motorola Smart Feed App Hijacks Amazon Shopping

Motorola’s preinstalled Smart Feed app was discovered silently intercepting launches of the Amazon Shopping app to inject affiliate referral codes, redirecting a portion of user purchases to generate revenue for Motorola without user knowledge or consent. The behavior affected users of Motorola Android phones with the Smart Feed app preinstalled and has since been disabled following public backlash. Users should check for Smart Feed app updates, review app permissions, and consider disabling or uninstalling bloatware apps that came preinstalled on their devices. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Silent Ransom Group Targets Law Firms

The Silent Ransom Group (also known as Luna Moth, Chatty Spider, and UNC3753) is targeting US law firms through social engineering attacks that impersonate IT support staff to steal sensitive data without using encryption. Active since 2022, the group uses legitimate remote access tools to avoid detection, exfiltrates confidential files, and threatens to publish stolen data on their leak site unless victims pay. The FBI recommends organizations verify IT staff identities, disable unnecessary remote access, implement phishing-resistant multi-factor authentication, and train employees to recognize social engineering tactics. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Dutch Police Arrest Ajax Hacking Suspect

Dutch police arrested a 35-year-old man from Buren on suspicion of repeatedly hacking into AFC Ajax football club’s computer systems, potentially exposing records of 300,000 fans. The investigation started after Ajax discovered unauthorized access to their systems. Organizations should review access logs for suspicious activity, implement multi-factor authentication, and ensure incident response plans are current. Read More

💻 CAREER ENABLEMENT

CISOs Need Real Incident Experience, Survey Shows

A survey of 796 cybersecurity professionals by ISC2 found that 76% believe CISOs gain credibility from having managed a major security incident, regardless of the outcome. The research shows that 71% of respondents value both technical expertise and strategic leadership skills in security leaders, with emphasis on clear communication, consistent decision-making, and cross-departmental collaboration. The findings suggest that real-world incident experience matters more than technical certifications alone when evaluating CISO effectiveness. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium