Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Recent developments in the technical landscape highlight a significant push for both infrastructure hardening and defensive hygiene. Google’s release of Chrome 148 serves as a massive maintenance milestone, patching 151 vulnerabilities, including critical remote code execution flaws. Simultaneously, the developer ecosystem is facing a sophisticated wave of supply chain threats. Attackers are increasingly leveraging typosquatted npm packages and weaponized developer tools, such as malicious VS Code extensions, to siphon cloud secrets and CI/CD credentials. This shift necessitates a move toward rigorous dependency auditing and the enforcement of mandatory authentication protocols like SPF, DKIM, and DMARC, especially as global email deliverability rates for high-volume senders have plummeted to historic lows.

On the operational front, state-sponsored activity and internal misconduct are creating new precedents for risk. The Los Angeles Transit Network fell victim to an Iranian-linked attack that resulted in the theft of 700GB of data and the destruction of backup infrastructure, highlighting the vulnerability of critical urban services. Legal boundaries are also being tested in the “cybernomics” sphere, evidenced by a Google security engineer facing insider trading charges for leveraging confidential data to profit on the decentralized platform Polymarket. Amidst these pressures, initiatives like the UK’s CyCOS program are expanding to provide peer-led cybersecurity support for SMEs, transitioning to professional leadership under CIISec to bridge the security gap for smaller organizations.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

Chrome 148 Update Patches 151 Vulnerabilities

Google has released Chrome 148, addressing 151 security vulnerabilities including critical-severity flaws that could enable remote code execution. The update affects all Chrome users across desktop and mobile platforms. Users should update their browsers immediately through Chrome’s built-in update mechanism to protect against potential exploitation of these security defects. Read More

Typosquatted npm Packages Steal Cloud Secrets

Attackers have published typosquatted npm packages that mimic legitimate OpenSearch and ElasticSearch libraries to steal cloud credentials and CI/CD secrets from developers. The malicious packages use names like opensearch-setup and elastic-opensearch-helper while falsely linking to official repositories to appear legitimate. Organizations using these tools should audit their npm dependencies immediately and rotate any exposed credentials. Read More

Trusted Dev Tools Abused in Supply Chain Attacks

CISA has issued warnings about multiple active campaigns where attackers weaponize legitimate developer tools to compromise software supply chains. Recent incidents include a malicious Visual Studio Code extension and a large-scale operation called “Megalodon” that target CI/CD pipelines and developer workflows. These attacks exploit trusted development tools to steal source code and credentials from software development environments. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Iranian Hackers Hit LA Transit Network

A March 2024 cyberattack on the Los Angeles County Metropolitan Transportation Authority (LACMTA) has been attributed to Iranian state-linked hackers by Israeli cybersecurity firm Gambit Security. The attackers, operating as “Ababil of Minab,” stole approximately 700 gigabytes of data including emails, backups, and databases, while also destroying virtual machines and backup infrastructure to hinder recovery. The attack disrupted passenger-facing digital services such as arrival time displays and fare card systems, though LACMTA maintains that transportation operations and customer data were not compromised. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Email Deliverability Tools Market Growth

Global email inbox placement rates dropped to 83.5% in 2024, meaning one in six legitimate emails never reach recipients, prompting Gmail, Yahoo, and Microsoft to enforce mandatory authentication requirements (SPF, DKIM, DMARC) for bulk senders. High-volume senders saw inbox placement fall by 22 percentage points year-over-year, with very high-volume senders dropping below 28% placement rates. Organizations must implement proper authentication protocols, separate transactional and marketing email streams, and monitor deliverability metrics by provider to maintain inbox access. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Google engineer charged with insider trading

A Google security engineer faces insider trading charges after allegedly using confidential company information to win $1.2 million on Polymarket, a cryptocurrency-based prediction platform. The engineer reportedly accessed non-public data about Google’s business operations and used it to place informed bets on market outcomes. Federal prosecutors have filed criminal charges, marking a notable case of insider trading extending beyond traditional stock markets into decentralized prediction platforms. Read More

💻 CAREER ENABLEMENT

CyCOS Expands UK SME Cybersecurity Support

The UK’s Cybersecurity Communities of Support (CyCOS) pilot program is expanding from two to seven peer-led communities to help small and medium enterprises improve their cybersecurity practices. Launched in late 2023 by academics from three UK universities, CyCOS connects small groups of businesses with volunteer cybersecurity practitioners through webinars, live Q&A sessions, and an online platform. The program is transitioning from academic leadership to the Chartered Institute of Information Security (CIISec), with new communities organized around geography, industry sectors, or supply chains. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium