Cyber Briefing: 2025.06.26

Skynet AI malware emerges, NK targets devs, Citrix flaw exploited, $9.6M Resupply hack, Glasgow & Italy hit by ransomware, US targets foreign AI, Africa sees cyber surge, Google shares AI protocol.

Jun 26, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. New Malware Uses Prompts To Trick AI Tools

Cybersecurity researchers have discovered a new malware strain, dubbed "Skynet," that represents the first attempt to weaponize prompt injection attacks against AI security tools. The malware contains a hidden instruction written in plain English designed to trick an AI analyst into ignoring the malicious code and classifying it as benign. When tested, current advanced AI models from companies like OpenAI successfully resisted the manipulation and correctly analyzed the malware. While this specific proof-of-concept attack failed, it signals a concerning new trend of cybercriminals developing attacks that target the AI models now being used to detect them.

2. Fake Job Offers Hide North Korean Malware

A new cyber campaign by North Korean actors, dubbed the 'Contagious Interview,' is targeting software developers with malicious npm packages. The attackers pose as recruiters on platforms like LinkedIn and send coding assignments to job seekers that secretly contain malware. When the developer runs the code, a multi-stage infection begins, deploying an infostealer called BeaverTail and a persistent backdoor called InvisibleFerret. This sophisticated supply chain attack is designed to steal sensitive data like browser cookies, cryptocurrency wallets, and gain long-term access to developers' computers.

3. New Zero Day Flaw Hits Citrix NetScaler

Citrix has released patches for a critical vulnerability in its NetScaler products, warning customers that the flaw, CVE-2025-6543, is being actively exploited. The company describes this new bug as a memory overflow issue that could lead to a denial-of-service or allow an attacker to take control of affected systems. This alert comes just one week after Citrix patched two other critical vulnerabilities that experts have compared to the infamous "Citrix Bleed" incident. Those separate, earlier flaws raised alarms due to their potential to expose session tokens and bypass multi-factor authentication.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Resupply DeFi Protocol Hacked For $9.6M

The decentralized finance protocol Resupply confirmed it lost about $9.6 million in a security breach this week. According to security firm Cyvers, an attacker exploited a price manipulation bug in a smart contract to borrow $10 million using minimal collateral. The attacker, who was funded through the Tornado Cash mixer, then swapped the stolen funds to Ether and moved them to new wallets. In response, the Resupply team has paused the affected contracts to prevent further losses and promised a full analysis of the incident.

5. UK’s Glasgow City Council Hit By Cyberattack

Glasgow City Council in the UK has announced it is being impacted by a cyber incident that is disrupting multiple online services. The incident was discovered last week on servers managed by a third-party supplier, leading the council to take the systems offline as a precaution. While the council cannot yet confirm if data was stolen, it is operating on the presumption that customer information may have been exfiltrated. Residents are being advised to be cautious of any suspicious contact and to report anyone claiming to have their data to Police Scotland.

6. Cyberattack Hits South Tyrol Emergency Ops

A ransomware attack has disrupted multiple government authorities and emergency services in the region of South Tyrol, Italy. The attack, which began on June 23, impacted telephone and other systems at the State Emergency Call Centre, the Traffic Reporting Centre, and the Professional Fire Brigade. Officials confirmed a ransom note was found but stated that the demand will not be paid. While emergency call lines remain operational for the public, authorities are working around the clock to restore all affected systems, which now require many processes to be done manually.

For more incidents, click here!

Click to Read

📢 Cyber News

7. US Bill To Block Foreign Adversary AI

A bipartisan group of U.S. lawmakers has introduced the “No Adversarial AI Act” to prohibit federal agencies from using artificial intelligence developed by foreign adversaries like China. The legislation aims to mitigate national security risks posed by AI systems from companies with alleged ties to hostile foreign governments. The bill would create a public list of banned adversarial AI technologies and bar federal agencies from acquiring or using them, with some narrow exceptions for research. Lawmakers stated the act is a critical firewall needed to protect U.S. government data and operations from espionage and subversion.

8. INTERPOL Reports Africa Cybercrime Surge

A new INTERPOL report reveals a dramatic surge in cybercrime across Africa, with over 30% of all documented criminal activities in some regions now being cyber-related. The most prevalent threats include online scams, ransomware, and Business Email Compromise, with scam notifications increasing by as much as 3,000% in some nations. The report highlights that law enforcement capabilities are struggling to keep pace, with 90% of member countries acknowledging a dire need for improved resources, training, and legal frameworks. Despite these challenges, coordinated international operations have led to over 1,000 arrests, showcasing the potential of enhanced cooperation.

9. Google Gives AI Protocol To Linux Foundation

Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation to create a new, community-driven open-source project. The A2A protocol is designed to allow AI agents from different companies like Google, AWS, and Microsoft to discover each other and securely collaborate on complex tasks. By handing the protocol over to the neutral governance of the Linux Foundation, the goal is to prevent fragmentation and create a trusted, vendor-agnostic standard. This development, supported by over one hundred companies, aims to build the foundation for the next generation of interoperable and more seamless AI products.

For more news, click here!

Check Events

📈Cyber Stocks

As trading resumes on Thursday, June 26, 2025, cybersecurity stocks are moving in response to a mix of geopolitical, economic, and sector-specific drivers. A tentative Israel–Iran ceasefire has eased global tensions, lifting investor sentiment. Meanwhile, rising state-sponsored cyber threats and accelerating AI integration are boosting demand for cyber tools. Company-specific news, including BlackBerry’s upgraded forecast and analyst optimism on Okta and Zscaler, is also shaping the sector.

Zscaler (ZS): Trading at $311.98, up 1.16%. Shares rebound on sustained demand for cloud-based, Zero Trust solutions, aided by a softer dollar and positive tech sentiment.
Varonis (VRNS): Trading at $50.15, up 0.04%. The stock holds steady, supported by consistent interest in its data-centric security platform amid heightened cybersecurity demand.
Palo Alto Networks (PANW): Trading at $204.30, up 1.30%. The stock climbs as its AI-enhanced security offerings gain traction, bolstered by supportive analysts and elevated Q2 earnings expectations.
CrowdStrike (CRWD): Trading at $494.09, up 1.80%. The stock continues its strong weekly run, fueled by robust enterprise demand for endpoint protection and upbeat analyst sentiment.
Qualys (QLYS): Trading at $141.19, up 0.84%. Shares rise modestly, supported by solid Q1 financials and favorable technical indicators following recent momentum.

💡 Cyber Tip

Watch Out for Malware Hidden in Developer Job Assignments

A new wave of North Korea-linked cyberattacks is targeting software developers through fake job offers. Disguised as recruiters on LinkedIn, attackers send coding assignments that contain malicious npm packages. When the code is run, it initiates a multi-stage infection, deploying the BeaverTail info-stealer and a persistent backdoor known as InvisibleFerret. These tools steal sensitive data like browser cookies and cryptocurrency wallets, and allow long-term remote access to compromised machines.

✅ What you should do:

Avoid running untrusted code, especially outside sandboxed or containerized environments.
Verify recruiter identities through official channels before accepting coding assignments.
Inspect any code you receive, particularly from Bitbucket or npm, for suspicious dependencies or obfuscated scripts.
Use endpoint protection that can detect malware loaders and info-stealers.
Disconnect from screen-sharing sessions if asked to run unfamiliar code under pressure.

🔒 Why this matters:

This campaign highlights how attackers exploit job-seeking developers through professional platforms. By disguising malware as job tests, they bypass traditional defenses and compromise supply chains. Vigilance during the job application process is essential to avoid long-term breaches.