Welcome to Cyber Briefing, your daily source for all things cybersecurity. We bring you the latest advisories, alerts, incidents, and news every weekday.

Cybercriminals and state-sponsored actors are actively exploiting trust via targeted phishing campaigns and tainted supply chains, as seen in TONResolver malware attacks utilizing blockchain infrastructure against Japanese hotels and Chinese-linked malware compromising Japanese military computers via discounted USB drives. Simultaneously, newly discovered vulnerabilities in AirDrop and Android’s Quick Share allow remote attackers to force denials-of-service on nearby devices without user interaction. To help defenders combat these evolving tactics, Sophos X-Ops released a new taxonomy framework categorizing AI-related threats, highlighting real-world malicious uses like automated network penetration and LLM-assisted malware development.

On the regulatory and operational fronts, broader digital ecosystem shifts are underway to improve competition and system efficiency. The UK’s Competition and Markets Authority (CMA) has proposed reforms requiring Apple and Google to permit alternative in-app payment systems, aiming to lower developer fees and benefit consumers. Meanwhile, in developer and security professional tools, the release of Kali Linux 2026.2 optimizes virtual machine performance by stripping out heavy, unnecessary GPU firmware to significantly improve VM boot times.

Listen to our podcast here ⏬

Get BlueSleuth-Lite

⚡THREAT LANDSCAPE

TONResolver Malware Targets Japan Hotels via Booking.com

Threat actors are targeting hotel staff at Booking.com partner properties in Japan through phishing emails disguised as guest complaints, delivering TONResolver malware that uses The Open Network (TON) blockchain as a command-and-control infrastructure. The malware, distributed via malicious ZIP files containing disguised shortcut links, establishes persistent backdoor access and evades traditional email security by exploiting scheduling tool notification systems. Organizations should restrict access to blockchain platforms, monitor Node.js execution, and block unauthorized PowerShell network communications to defend against this campaign. Read More

AirDrop and Quick Share Flaws Enable Crashes

Security researchers discovered six vulnerabilities in Apple’s AirDrop and Android’s Quick Share file-sharing features that allow attackers within wireless range to crash these services remotely. Using only a laptop and no prior connection, an attacker can force a denial-of-service on Mac or iPhone devices configured to receive files from anyone, requiring no user interaction. Organizations should configure devices to accept transfers only from contacts rather than everyone, and apply security updates when vendors release patches addressing these flaws. Read More

Subscribe Now

🚨INCIDENTS & REAL-WORLD IMPACT

China-linked malware on USB drives infected Japanese military

Japan’s Ground Self-Defense Force unknowingly used counterfeit USB drives infected with Chinese-linked malware for nearly a year, affecting over 50 computers including systems handling classified troop movement data. The infected drives, sold 30-50% below market price on online platforms, entered military networks during 2024 earthquake relief operations without standard procurement vetting. Organizations should purchase storage devices only from verified vendors, scan all removable media on isolated systems before network connection, and disable autorun functionality on all computers. Read More

Claim Your Workspace

🔓 EXECUTIVE RISK & CYBERNOMICS

Sophos AI Threat Taxonomy Framework

Sophos X-Ops has released a new taxonomy framework to categorize AI-related cybersecurity threats, splitting them into two main categories: malicious use of AI by attackers and malicious targeting of AI systems themselves. The framework documents real-world attacks including Chinese state-sponsored intrusions using Claude Code for automated network penetration, ransomware groups using ChatGPT for development, and malware calling LLM APIs at runtime to generate commands. Security teams should prepare for increased attack volume and speed, monitor for unusual AI API traffic, verify software sources carefully, and treat AI-generated artifacts with the same scrutiny as traditional threats. Read More

Get Help

🛡️ POLICY, REGULATION & LEGAL SIGNALS

CMA proposes app store payment reforms

The UK’s Competition and Markets Authority (CMA) is consulting on new rules that would require Apple and Google to allow app developers to direct customers to alternative payment systems outside their app stores. Currently, both companies ban or restrict this practice, forcing developers to use proprietary payment systems and pay mandatory fees. The CMA expects any fees charged for this alternative payment routing to be lower than current app store charges, with savings passed to consumers or reinvested in developer innovation. Read More

💻 CAREER ENABLEMENT

Kali Linux 2026.2 improves VM boot times

Kali Linux 2026.2 reduces virtual machine boot times by removing graphics firmware for NVIDIA, AMD, and Intel GPUs from VM images. The firmware packages had grown large enough to slow system startup, yet most virtual machines do not require GPU drivers since they use virtualized graphics. Physical installations and users who need specific GPU support can still install the firmware packages separately after deployment. Read More

Click Here To Read

Copyright © 2026 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium