Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

A phishing campaign on WhatsApp is spreading malicious VBScript files to gain remote system access, while security researchers have uncovered a new supply chain risk on ClawHub where weaponized AI skills are evading scanners to deploy info-stealers and commit financial fraud. On the data breach and legal front, Canadian utility London Hydro suffered a significant exposure of customer and billing data, and two teenage members of the Scattered Spider hacking group pleaded guilty in the UK to a cyberattack on Transport for London that caused £39 million in damages.

In an effort to reshape web privacy and traffic verification, Cloudflare alongside major browsers launched the Private Access Control Tokens (PACTs) protocol, which aims to replace traditional CAPTCHAs with anonymous human-verification tokens—though critics warn it doesn’t solve browser fingerprinting and could block legitimate traffic.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

WhatsApp phishing campaign distributes VBScript malware

A phishing campaign is targeting WhatsApp users across multiple countries with malicious messages containing VBScript files that enable remote system access. Attackers are using social engineering tactics through WhatsApp to trick users into downloading and executing these malicious scripts. Users should avoid opening unexpected files received via WhatsApp, verify sender identities before clicking links, and ensure endpoint security software is active and updated. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

London Hydro customer data breach

London Hydro, a Canadian utility company, disclosed a data breach exposing customer information including names, addresses, email addresses, phone numbers, account numbers, billing details, service addresses, pricing plans, contract start dates, and meter information. The utility has not specified how many customers were affected or how the breach occurred. Affected customers should monitor their accounts for suspicious activity and remain alert for potential phishing attempts using the exposed information. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Cloudflare, browsers launch privacy token protocol

Cloudflare, Google Chrome, Microsoft Edge, and Mozilla Firefox announced a joint effort to develop Private Access Control Tokens (PACTs), a protocol that lets websites issue anonymous tokens to verify legitimate traffic without traditional CAPTCHAs or identity checks. The tokens act as shareable proof that a browsing session comes from a human or authorized bot rather than abusive traffic, though technical details on what constitutes legitimate “personhood” remain unclear. While promoted as privacy-preserving, critics note the tokens do not address existing browser fingerprinting methods and could create new access barriers for traffic deemed undesirable. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

Two Scattered Spider members plead guilty to £39m in damages

Two members of the Scattered Spider hacking group, Thalha Jubair (20) and Owen Flowers (18), pleaded guilty to a cyberattack on Transport for London that caused £39 million in damages and forced password resets for 28,000 employees. The attack, which occurred between August 29 and September 6, 2024, compromised the Oyster refund system, delayed customer refunds, and suspended applications for youth travel cards. Both defendants will be sentenced in July, with Flowers also admitting to targeting US healthcare organizations. Read More

💻 CAREER ENABLEMENT

OpenClaw AI Marketplace Malicious Skills

Security researchers at Unit 42 discovered malicious AI skills on ClawHub, an AI marketplace, that evade automated security scanners. These malicious skills deploy information-stealing malware and enable automated financial fraud through AI agents. The findings highlight emerging supply chain risks in AI marketplaces where pre-built capabilities can be weaponized. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium