Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Advanced cyber threat actors are significantly expanding their reach and evasion tactics by leveraging new cross-platform capabilities and exploiting trusted enterprise communication channels. ESET researchers identified that the China-linked SprySOCKS backdoor, originally restricted to Linux, has evolved to target Windows environments via two new variants (WIN_DRV and WIN_PLUS). Simultaneously, the DragonForce ransomware group is evading detection by routing its command-and-control communications directly through Microsoft Teams relay infrastructure. While defense teams look to scale operations against these stealthy tactics, Sophos researchers demonstrated a breakthrough in Security Operations Center (SOC) efficiency, using a multi-layered AI detection system to successfully filter 11.8 trillion raw events down to roughly 81,573 highly actionable alerts to combat severe infostealer attacks and analyst fatigue.

Beyond direct technical threats, the broader landscape is grappling with structural software transformations, widespread patient data exposure, and critical international legal enforcement. Enterprises are increasingly shifting toward “headless ERP” architectures to build custom, AI-driven interfaces separate from traditional legacy systems like SAP, heavily influenced by a Rimini Street survey showing 70% of executives do not see traditional ERP as the future. Meanwhile, the healthcare sector faces severe real-world impact, with data breaches at Clinical Registry Solutions, First Sight Family Vision, and VHC Health exposing highly sensitive patient data and Social Security numbers. On the regulatory front, US and French authorities successfully executed the first major actions under the TAKE IT DOWN Act, seizing prominent deepfake pornography sites CFake.com and SOCFake.com and arresting an operator in France following a staggering rise in nonconsensual, AI-generated imagery.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

China-Linked SprySOCKS Backdoor Expands to Windows

Cybersecurity researchers at ESET have discovered two new Windows versions of SprySOCKS, a backdoor previously thought to target only Linux systems. The variants, labeled WIN_DRV and WIN_PLUS, include hard-coded command-and-control configurations and support TCP and UDP communication protocols. Organizations running Windows environments should review network traffic for unusual TCP/UDP connections and update endpoint detection systems to identify these new backdoor variants. Read More

DragonForce abuses Microsoft Teams relays

The DragonForce ransomware group has deployed custom malware called Backdoor.Turn that conceals command-and-control communications within Microsoft Teams relay infrastructure. This technique allows attackers to blend malicious traffic with legitimate enterprise communications, making detection significantly harder for security teams. Organizations using Microsoft Teams should review network traffic patterns and implement enhanced monitoring for unusual relay activity. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

Three Healthcare Orgs Report Data Breaches

Three healthcare organizations have disclosed data breaches affecting patient information. Clinical Registry Solutions in New York suffered an April 2026 cyberattack (possibly by Akira ransomware) exposing patient names, procedure dates, and medical record numbers from Dignity Health’s St. Mary’s Medical Center. First Sight Family Vision in Washington and VHC Health in Virginia were impacted by breaches at third-party vendors RXNT and Xsolis respectively, with compromised data including Social Security numbers, medical records, and prescription information. All three organizations are offering complimentary credit monitoring and identity theft protection services to affected patients. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Headless ERP concept gaining traction among enterprises

Enterprise software vendors are promoting “headless ERP” architectures that decouple user interfaces from core business systems, allowing organizations to build custom AI-driven interfaces atop existing ERP platforms like SAP. Research commissioned by third-party support vendor Rimini Street found 70 percent of surveyed executives do not view traditional ERP as the future, with many favoring modular, API-driven approaches or AI-powered autonomous systems. SAP reversed its policy restricting AI agents to cloud-only deployments after customer demand, while only 39 percent of its legacy ECC customers have begun transitioning to the newer S/4HANA platform. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

US, France seize deepfake sites; operators arrested

US and French authorities seized two major deepfake pornography sites (CFake.com and SOCFake.com) under the new TAKE IT DOWN Act, which criminalizes nonconsensual intimate imagery including AI-generated forgeries. French police arrested an IT professional in Nice who allegedly operated CFake.com, which hosted approximately 300,000 images and 7,000 videos depicting 14,000 people and generated $64,000 in cryptocurrency revenue. The arrests follow a 257% increase in deepfake incidents in 2024, with girls accounting for 94% of victims in AI-generated child sexual abuse cases. Read More

💻 CAREER ENABLEMENT

Hunting Infostealers with AI in Large-Scale SOCs

Sophos researchers presented a multi-layered AI detection system that reduces SOC alert volume from 11.8 trillion events to approximately 81,573 actionable alerts over two weeks, enabling analysts to identify genuine infostealer attacks. The system combines rule-based detectors, machine learning models, deduplication, suppression, and prioritization to filter security events at scale. SOC teams struggling with alert fatigue should consider implementing layered detection pipelines that progressively filter events using increasing complexity rather than relying on single-stage detection systems. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium