Cyber Briefing: 2025.06.13

TokenBreak bypasses AI safety, VexTrio spreads malware via adtech, and Discord links deploy RATs. HHS site defaced, Brussels hit, Google Cloud down. WhatsApp, NIST, and Securonix lead key cyber moves.

Jun 13, 2025

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Simple Typo Breaks AI Safety Via TokenBreak

Cybersecurity researchers have discovered a novel attack technique called 'TokenBreak' that can bypass a large language model's safety and content moderation guardrails with just a single character change. The attack targets the model's tokenization strategy, where adding a letter to a word like "instructions" to make "finstructions" causes protection models to fail while the core LLM still understands the prompt. This method, which is effective against common BPE and WordPiece tokenizers, allows malicious prompts to get through, increasing the risk of prompt injection attacks that security filters are designed to prevent. The study, which comes alongside other findings like the "Yearbook Attack," highlights the urgent need for better defenses against attacks that exploit how AI models process text and patterns.

2. VexTrio TDS Uses Adtech To Spread Malware

The VexTrio Viper Traffic Distribution Service (TDS) is a sprawling cybercrime affiliate program that works with malicious adtech companies like Los Pollos to distribute malware and scams. This operation leverages hundreds of thousands of compromised WordPress sites to initiate a redirection chain, funneling unsuspecting users to its malicious infrastructure. After a security report exposed its connection to Los Pollos and disrupted its operations, threat actors began moving to alternate services like Help TDS, which researchers have now linked back to the same VexTrio enterprise. This complex network, where commercial adtech firms facilitate widespread cybercrime, highlights the industrialization of the threat landscape and poses significant challenges for attribution and takedown efforts.

3. Old Discord Links Now Lead To Malware

Cybercriminals are exploiting a flaw in Discord's invitation system by hijacking expired vanity invite links to redirect unsuspecting users to malicious servers hosting malware. This sophisticated campaign, identified by Check Point researchers, uses a "ClickFix" phishing technique with a fake CAPTCHA page to trick users into running a hidden PowerShell command. The multi-stage attack evades detection by downloading payloads from trusted cloud services like GitHub, ultimately deploying the AsyncRAT and a Skuld Stealer variant. With over 1,300 potential victims identified, this method exploits trust in previously legitimate links to steal cryptocurrency wallets and credentials, posing a significant risk to users.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. AI Spam Hijacks Official US Vaccine Site

A U.S. government website from the Department of Health and Human Services designed to inform the public about vaccines has been defaced and is now hosting AI-generated spam. The compromised domain appears to have been hosting the same content since at least May 12th, raising questions about the site's security monitoring. This incident is reportedly part of a wider spam operation that also includes hijacked websites belonging to NPR, Nvidia, and Stanford University, all of which redirect to a single SEO spam page. It is currently unclear who is responsible for the defacement, and HHS did not respond to requests for comment regarding the prolonged compromise of its official website.

5. Cyberattack On Brussels Parliament Continues

The services of the Brussels Parliament have been targeted by a cyberattack since Monday, with the incident causing significant disruptions to its IT systems. Parliament President Bertin Mampaka announced the situation on Thursday, stating that every effort is being made with external partners to manage the attack. Despite the ongoing cyber incident and its impact on digital tools, there have been no reported consequences for the core functioning of the Parliament. Officials confirmed that Thursday's scheduled committee meetings and the important plenary session were expected to go ahead as planned while the investigation continues.

6. Major Google Cloud Outage Disrupts Web

A major service disruption at Google Cloud Platform on Thursday caused a widespread internet outage, affecting popular services like Spotify, Discord, and OpenAI for several hours. Tens of thousands of users began reporting issues around 2 p.m. ET, and even some of Google's own services like Google Meet and Drive were impacted by the global incident. Google's engineers announced they had identified the root cause—an invalid automated quota update—and applied mitigations, with a full recovery reported by that evening. The incident, which other major services like Cloudflare also attributed to the Google Cloud outage, highlights the digital ecosystem's significant reliance on a handful of major cloud hosting providers.

For more incidents, click here!

Click to Read

📢 Cyber News

7. WhatsApp Backs Apple In UK Encryption Case

WhatsApp announced on Wednesday it is seeking to intervene in a legal case between Apple and the British government over a secret order regarding iCloud encryption. The dispute centers on a Technical Capability Notice (TCN) the UK reportedly issued to Apple, demanding it halt the rollout of an Advanced Data Protection feature that would prevent government access to end-to-end encrypted user data. WhatsApp's chief, Will Cathcart, warned this case could set a dangerous precedent for governments to try and break encryption, vowing to challenge any requests that weaken their services' security. While the UK government defends the notices as necessary to fight serious crime, the case has been criticized by privacy experts for its lack of transparency, and the court has yet to set a timetable for its progression.

8. New NIST Guide Helps Implement Zero Trust

The U.S. National Institute of Standards and Technology (NIST) has published new practical guidance designed to help organizations overcome the challenges of implementing a zero trust architecture (ZTA). Building on conceptual guidance from 2020, this new publication was developed over four years by NIST's National Cybersecurity Center of Excellence (NCCoE) in partnership with 24 industry collaborators. The guide offers 19 different example implementations using commercial off-the-shelf technologies to showcase how ZTA can be built to address real-world scenarios that large organizations confront. NIST officials state the guidance provides a foundational starting point for any organization by giving concrete examples of how to deploy ZTAs and highlighting the necessary technologies.

9. Securonix Buys ThreatQuotient For AI SecOps

Security automation firm Securonix announced on Wednesday its acquisition of ThreatQuotient, a threat intelligence platform provider, to create an all-in-one security operations stack. The deal aims to create a comprehensive AI-driven platform for threat detection, investigation, and response (TDIR) by combining Securonix’s analysis of internal SIEM signals with ThreatQuotient's external threat intelligence. This merger leverages Securonix's recent investment in "agentic" GenAI, with the companies citing early benchmarks promising up to a 70% reduction in mean time to respond. Although ThreatQuotient will still be sold as a standalone product, Securonix plans to fully integrate its data models and APIs into its EON platform to provide a unified security solution.

For more news, click here!

Check Events

📈Cyber Stocks

As U.S. markets open on Friday, June 13, 2025, leading cybersecurity stocks are holding steady as they roll into the weekend:

Zscaler (ZS): Trading at $301.43, up 0.52%, supported by ongoing strength in cloud security, bullish analyst estimates, and despite recent insider stock sales remaining confident.
Varonis (VRNS): Trading at $49.30, down 1.85%, as shares pull back slightly but data-centric cybersecurity focus keeps underlying sentiment stable.
Palo Alto Networks (PANW): Trading at $197.67, up 1.71%, buoyed by positive traction in next-gen and AI-enhanced security offerings.
CrowdStrike (CRWD): Trading at $481.73, up 1.02%, continuing rebound momentum with analysts reaffirming strong growth potential and ARR recovery .
Fortinet (FTNT): Trading at $101.66, down 0.32%, consolidating after recent gains but maintaining investor confidence on strong revenue figures and buyback programs.

💡 Cyber Tip

Be careful when clicking on old or expired Discord Invites

Cybercriminals are taking over expired Discord invite links and using them to redirect users to fake verification pages that install hidden malware. These attacks use a fake CAPTCHA screen to trick people into running a dangerous PowerShell command that secretly installs spying tools like AsyncRAT and Skuld Stealer.

✅ What you should do

Avoid using Discord links from old forums, social media posts, or third-party sites without verifying them.
Never copy and run commands from websites claiming to "verify" your identity or fix a failed CAPTCHA.
Be suspicious of verification processes that ask you to open the Run box (Win+R) or paste unknown content.
Keep antivirus software enabled and updated, especially if you use Discord regularly.
Report suspicious Discord servers or links directly to Discord’s Trust & Safety team.

🔒 Why this matters

Even if a Discord link looks familiar or trustworthy, it may now point to a malicious server. One careless click could lead to stolen accounts, cryptocurrency wallets, or personal data.