Listen to our podcast here!

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this?

Subscribe

👉 What's going on in the cyber world today?

Get Help

🚨 Cyber Alerts

1. SSRF Exploits Target AWS EC2 Instances

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to access sensitive EC2 Metadata. The attackers used this flaw to retrieve IAM credentials from the older IMDSv1 endpoint, escalating privileges to control AWS services and potentially compromise sensitive data. The malicious activity, identified between March 13 and 25, 2025, followed a systematic approach, including rotating query parameters and subpaths to exfiltrate data.

2. AkiraBot Spams 80K Sites Using AI Messages

AkiraBot, an AI-powered spamming tool, has successfully targeted over 80,000 websites since its inception in September 2024. Initially, the bot focused on Shopify-hosted sites but later expanded to include websites built on platforms like GoDaddy, Wix, and Squarespace. It generates unique spam messages using OpenAI’s GPT-4o-mini model, making the content appear more personalized and harder to filter out. By leveraging tools to bypass CAPTCHA protections, AkiraBot can mimic legitimate user activity, making it difficult for network detection systems to identify.

3. Hackers Exploit Gladinet CentreStack Flaw

Hackers have exploited a vulnerability in Gladinet CentreStack’s file-sharing software since March 2025. The issue, identified as CVE-2025-30406, allows attackers to execute remote code by abusing a hardcoded machineKey. Gladinet issued a security fix on April 3, 2025, urging users to update or rotate the key to prevent further exploitation. CISA has included this flaw in its Known Exploited Vulnerabilities catalog, with a deadline for federal organizations to apply fixes by April 29, 2025.

Check Jobs

💥 Cyber Incidents

4. OCC Reports Major Breach of Executive Emails

The U.S. Office of the Comptroller of the Currency (OCC) has reported a major email breach. Hackers gained unauthorized access to approximately 100 senior officials' email accounts, compromising over 150,000 emails dating back to June 2023. The exposed data included highly sensitive financial information related to federally regulated institutions, potentially undermining public confidence in the sector. The OCC quickly responded, isolating the compromised systems and terminating unauthorized access, while launching an investigation into the breach’s full scope.

5. Oregon DEQ Cyberattack Disrupts Services

The Oregon Department of Environmental Quality (DEQ) experienced a cyberattack on Wednesday, forcing the agency to shut down its computer systems. As a result, vehicle inspection stations will remain closed through Friday, disrupting services. However, the DEQ’s online environmental data system, hosted on a separate server, was not affected by the attack. While no ransom demands have been made, the agency is working with cybersecurity experts to investigate and contain the breach.

6. Hackers Leak Data From Moroccan Agencies

Algerian hacker group JabaRoot DZ has launched a series of cyberattacks on Moroccan institutions, exposing sensitive data. The breach primarily targeted the Ministry of Economic Inclusion and the National Social Security Fund (CNSS) database, compromising information such as employee pay slips and salary declarations. The Ministry attempted to downplay the incident, claiming no sensitive data was compromised, but JabaRoot DZ quickly challenged these claims by releasing over 3,000 pay slips.

Report Incident

📢 Cyber News

7. Wyden Blocks CISA Nominee Over Telecom Probe

Senator Ron Wyden has placed a hold on Sean Plankey’s nomination to lead CISA until a 2022 report on U.S. telecom cybersecurity is released. Wyden has criticized CISA for withholding the report, which details serious security issues at telecom companies. The senator believes the public has the right to know about these vulnerabilities, especially after the Salt Typhoon hack. Wyden’s move follows a history of cybersecurity concerns in the telecom sector, compounded by CISA’s refusal to act on security deficiencies.

8. Global Crackdown Targets Smokeloader Users

Following Operation Endgame, law enforcement continues to target Smokeloader botnet customers. The botnet, operated by the actor "Superstar," was used for malicious activities, including ransomware deployment. A database seized last year linked online aliases to real-world identities, allowing authorities to arrest and interrogate suspects. Europol’s ongoing efforts involve international collaboration to dismantle the malware ecosystem and prosecute those involved.

9. Portnox Raises $37.5M for Cloud Security

Portnox, a Texas-based network access security startup, raised $37.5 million in Series B funding, bringing its total funding to $60 million. The investment, led by Updata Partners, supports Portnox’s cloud-native platform that offers zero trust access control and compliance enforcement. Portnox Cloud allows organizations to manage authentication and risk mitigation across their IT assets from a central location. With nearly 1,000 customers, the company is poised to eliminate the need for on-premises systems and strengthen network security for businesses.

📈Cyber Stocks

📚 Cyber Book of the Day

The Vulnerability Researcher’s Handbook

Description: ​"The Vulnerability Researcher's Handbook" is a comprehensive guide that walks readers through the process of discovering, reporting, and publishing security vulnerabilities, offering practical strategies and real-world examples to navigate the complexities of vulnerability disclosure and achieve recognition for their work. This book is ideal for aspiring and seasoned security researchers, cybersecurity professionals, and organizational leaders seeking to understand and manage the vulnerability research landscape effectively.

Author: Benjamin Strout

Check out more reading recommendations:

Cyber Book Club

💡 Cyber Tip

📊 Cyber Poll

RSVP

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.