Cyber Briefing: 2025.06.06
Chrome extensions leak data, AMOS hits macOS via fake CAPTCHA, BADBOX infects IoT. InfoJobs breached, German police tech hit, dog rescue IG held for ransom. FBI warns Play ransomware triples.
👉 What are the latest cybersecurity alerts, incidents, and news?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. Chrome Extensions Leak Data And API Keys
Cybersecurity researchers have found that several popular Google Chrome extensions are exposing users to significant risks by transmitting data over unencrypted HTTP and by having sensitive API keys hard-coded in their software. The unencrypted HTTP traffic can leak Browse domains, machine IDs, and usage analytics, making users vulnerable to data interception and modification, particularly on public Wi-Fi networks. Separately, hard-coded API keys found in other extensions, including those from AVG and Microsoft, could be weaponized by attackers to drive up developer costs, corrupt analytics, or abuse services.
2. AMOS Stealer Hits macOS Via Fake CAPTCHA
A sophisticated malware campaign is targeting macOS users with a new variant of Atomic macOS Stealer (AMOS) using typo-squatted domains that mimic U.S. telecom provider Spectrum. This attack uses fake CAPTCHA verification pages to trick users into copying and executing a malicious shell script which then repeatedly prompts for their system password until it is entered correctly. After stealing the credentials, the malware uses them with sudo to remove quarantine attributes from the AMOS payload, successfully bypassing Apple's Gatekeeper security feature. This campaign, which shows signs of Russian-speaking actors, represents a significant threat to organizations as the stolen macOS passwords can enable corporate network infiltration.
3. BADBOX Turns 1M+ IoT Devices Into Proxies
The FBI is warning that the BADBOX 2.0 malware campaign has infected over one million consumer Android IoT devices globally, many of which are manufactured in China and come preloaded with the threat. This sophisticated botnet connects devices like smart TVs and streaming boxes to attacker-controlled servers, converting them into residential proxies to mask malicious activity, commit ad fraud, and launch credential stuffing attacks. Due to the malware's ability to survive factory resets, consumers are advised to assess their devices for suspicious activity, avoid unofficial app sources, and keep software updated to mitigate the risk.
For more alerts, click here!
💥 Cyber Incidents
4. InfoJobs Spain Hit By Credential Stuffing
The Spanish job portal InfoJobs suffered a cyberattack where hackers used credentials stolen from other breaches to access and steal information from candidate profiles in a large-scale "credential stuffing" attack. The company is now notifying affected users and has advised them to be vigilant for suspicious activity and fraudulent job offers that may use their stolen personal information to appear legitimate. The stolen data poses a significant identity theft risk, prompting Spanish authorities to advise victims to immediately contact their bank and file a police report if they suspect their information has been misused.
5. Hack Attempt Hits German Police Phone System
An attempted cyberattack on the servers controlling official smartphones for the Mecklenburg-Western Pomerania State Police in Germany has prompted an immediate investigation. As a precaution, data services for these "mPol" devices have been suspended, impacting patrol officers' ability to conduct online inquiries for vehicle registrations and ID checks. While the smartphones can still make calls, officers must revert to older methods like radioing the station for information, which may lead to longer wait times. The State's Data Protection Commissioner has been informed and has initiated a corresponding investigation, with services only to be restored once systems are certified as secure.
6. German Dog Rescue IG Hacked For Ransom
German animal welfare association Hunderettung Europa e.V. had its Instagram account with 132,000 followers hacked on May 31, with the attacker demanding a ransom for its return. Although the charity used security measures like 2FA, the hacker gained full control, and police advised against paying the extortion demand, leaving the account's recovery in doubt. The attack has had "fatal consequences" as it has cut off the group's primary channel for donations, which are essential to fund their operations. This loss of funding now jeopardizes the immediate rescue of around 50 dogs from a Romanian killing station scheduled for June 6, as the chairwoman stated the dogs will die without these donations.
For more incidents, click here!
📢 Cyber News
7. Paula Stannard Named New HHS OCR Director
The U.S. Department of Health and Human Services has appointed attorney Paula Stannard, who served in prior Trump and Bush administrations, as the new director of its HIPAA enforcement agency, the Office for Civil Rights (OCR). Stannard takes charge of an agency facing a skyrocketing workload, with its case backlog more than doubling in less than a year due to a surge in health data breaches and HIPAA complaints. Simultaneously, the OCR is absorbing extreme staff and resource cuts as part of a broader HHS downsizing, even as it takes on new enforcement responsibilities for substance use disorder privacy regulations. While former colleagues praise Stannard's expertise, industry experts express concern over how the under-resourced agency will handle its expanding mission and massive backlog under the new leadership and budget constraints.
8. FBI Warns Play Ransomware Victims Triple
The FBI, CISA, and Australian partners released an updated advisory stating the Play ransomware gang has now attacked approximately 900 organizations since emerging in 2022, tripling its previously reported victim count. The threat actors exploit vulnerabilities in tools like SimpleHelp for initial access and use aggressive tactics, including threatening phone calls, while also recompiling their ransomware for each attack to evade detection. Play was one of the most active ransomware groups in 2024, responsible for high-profile attacks on critical infrastructure and U.S. cities like Oakland, as well as entities in Europe and South America. Investigations also suggest a potential collaboration where North Korean state-sponsored actors gain initial network access before handing it off to Play ransomware operators for the final payload deployment.
9. Mind Raises $30M For On Device AI Security
Data security startup Mind, led by former Hexadite CEO Eran Barak, has raised $30 million in a Series A funding round led by Paladin Capital Group and Crosspoint Capital Partners. The company’s strategy focuses on proactive data breach prevention through lightweight agents on endpoints, a departure from security tools that only provide after-the-fact visibility. A key differentiator for Mind is its plan to use the new funds to push small language models to devices, enabling real-time, on-the-fly data classification without needing cloud analysis. This investment will also fuel the scaling of its go-to-market operations in North America and EMEA, expand email data loss prevention capabilities, and further its AI innovation.
For more news, click here!
📈Cyber Stocks
As U.S. markets open on Friday, June 6, 2025, top cybersecurity stocks are showing mixed movements, driven by quarterly earnings, strategic AI developments, and shifting investor confidence.
Zscaler (ZS): At $300.88, up 1.36%, with a 66.78% YTD gain. Analysts raised targets to $350 amid strong SASE and Zero Trust growth.
Varonis (VRNS): Trading at $50.14, up 0.36%, driven by growing investor interest in data security.
Palo Alto Networks (PANW): At $197.11, up 1.57%, after hitting $5B in ARR for next-gen security.
CrowdStrike (CRWD): At $462.94, up 0.52%. Analysts raised targets to $500+ following solid Q1 earnings.
Fortinet (FTNT): Trading at $103.50, up 1.85%, backed by 13% revenue growth and a $1B stock buyback.
💡 Cyber Tip
Check your smart TVs and Android streaming devices.
The FBI warns that over one million Android-based IoT devices, including TVs and streaming boxes, are infected with BADBOX 2.0 malware. These devices are being used as hidden proxies by cybercriminals to hide malicious activities, commit ad fraud, and steal credentials.
✅ What you should do
Avoid buying smart devices from unknown brands or sellers, especially if they run on Android.
Do not install apps or firmware updates from unofficial app stores or websites.
Keep all IoT devices updated with the latest software and security patches.
Monitor your home internet for unusual data usage or slowdowns, which may indicate hidden background activity.
If you suspect a device is compromised, disconnect it from your network and consult a security expert before reuse.
✅ Why this matters
Some devices come infected out of the box and can’t be cleaned with a factory reset. Once infected, your home internet can be hijacked to support cybercrime without your knowledge.
📚 Cyber Book
Surviving A Cyberattack: Securing Social Media and Protecting Your Home Network by Todd G. Shipley, and Art Bowker
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.