👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Win-DDoS Flaws Enable DC DDoS Botnets

A novel attack technique called Win-DDoS can exploit a flaw in the Windows LDAP client code to turn thousands of public domain controllers (DCs) into a massive botnet. This botnet can then be used to launch powerful and stealthy distributed denial-of-service (DDoS) attacks against a target without the attacker needing to purchase infrastructure or compromise devices.

2. GPT-5 Jailbreak, Zero-Click AI Threats

Cybersecurity researchers have discovered a jailbreak technique, combining the Echo Chamber method with narrative-driven steering, to bypass the ethical safeguards of OpenAI's new GPT-5 model and produce prohibited content. The method works by subtly poisoning the conversational context and using storytelling to guide the model toward malicious instructions without triggering its refusal cues.

3. 7-Zip Flaw Enables Arbitrary Code Run

A recently discovered security flaw, tracked as CVE-2025-55188, affects all versions of the file compression software 7-Zip prior to version 25.01. The vulnerability allows attackers to overwrite system files during archive extraction by exploiting symbolic links, potentially leading to unauthorized code execution.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Columbia Data Breach Hits 900K

A cyberattack on Columbia University compromised the personal information of nearly 870,000 individuals, including Social Security numbers and academic records. Now the university is sending letters informing students about the breach and has since offered two years of free credit monitoring to those affected by the breach.

5. Yes24 Down After Cyberattack

"Online bookseller and ticketing platform Yes24 suffered a second cyberattack in two months, with a ransomware attack disabling its website and app for several hours on Monday. The company, which has 20 million users, quickly restored service but the incident has raised questions about its cybersecurity preparedness following a similar, more prolonged attack in June.

6. Chinese Gang Hits 115M US Payment Cards

A sophisticated cybercrime ring, operating between July 2023 and October 2024, has compromised up to 115 million US payment cards. The operation bypassed traditional fraud detection by combining advanced smishing tactics with exploitation of digital wallet tokenization systems like Apple Pay and Google Wallet.

For more incidents, click here!

Click to Read

📢 Cyber News

7. Embargo Gang Made $34M in a Year

A new cybercrime group named Embargo, possibly a successor to the notorious BlackCat/Alphv ransomware operation, has emerged, accumulating approximately $34.2 million in cryptocurrency from its attacks since mid-2024. This ransomware-as-a-service group, which targets sectors like healthcare and manufacturing, has demonstrated significant technical capability and a growing financial footprint despite maintaining a low profile.

8. Privacy Watchdog Sues Optus Over Breach

Australia’s privacy watchdog has launched civil proceedings against Optus in the Federal Court, alleging the telecommunications company failed to protect the personal information of nearly 10 million Australians during a major 2022 cyberattack. The potential fines for these alleged breaches of the Privacy Act could be substantial, though a theoretical maximum of over $20 trillion is not feasible.

9. Chrome Sandbox Escape Earns $250K

A researcher, known as 'Micky', earned a $250,000 bounty from Google for a high-severity vulnerability in Chrome's Mojo IPC system, which could allow a sandbox escape and remote code execution. The flaw, tracked as CVE-2025-4609, was a complex logic bug that an attacker could exploit by tricking a user into visiting a malicious website.

For more news, click here!

Check Events

📈Cyber Stocks

On Tuesday, August 12, 2025, cybersecurity stocks broadly pulled back as markets navigated a mix of macroeconomic caution, merger-related uncertainties, and renewed valuation scrutiny.

• Palo Alto Networks (PANW) edged up 0.71% to $168.17, buoyed by investor optimism over its strategic CyberArk acquisition and solid institutional inflows, despite broader sector softness.

• Rapid7 (RPD) climbed 4.98% to $18.77, lifted by better-than-expected Q2 earnings and bullish guidance for FY 2025 that slightly offset persistent valuation concerns.

• Check Point Software Technologies (CHKP) retreated 1.41% to $180.73, as continued softness in billings growth weighed on sentiment despite stable earnings.

• SentinelOne (S) declined 1.37% to $15.81, pressured by fading M&A hopes and valuation headwinds, even as its AI-driven platform remains strategically relevant.

• Okta (OKTA) dropped 3.33% to $88.51, pulled lower by renewed investor caution around its growth trajectory and valuation in a macro-driven market reset.

💡 Cyber Tip

📦 Patch Your Windows Systems Promptly

The Win-DDoS attack and other related vulnerabilities highlight a critical weakness in the Windows LDAP client and other components. These flaws can be exploited by attackers to crash domain controllers, turn them into botnets, or launch powerful DoS attacks. Staying on top of security patches from Microsoft is the most effective way to protect your systems from these kinds of exploits.

✅ What you should do:

• Regularly check for and apply all security updates from Microsoft.

• Prioritize patches that address vulnerabilities in core services like LDAP and RPC, as these are often targeted.

• Automate your patching process to ensure fixes are deployed as soon as they become available.

Regularly audit your systems to confirm that all patches have been successfully installed.

🔒 Why this matters:
Applying security patches is your primary defense against new and emerging threats. Patches fix the very vulnerabilities that attackers are actively trying to exploit.

Visit Book Club

📚 Cyber Book

The New Dope: Take control of your digital footprint and avoid toxic behaviours by Damián Le Nouaille Diez

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.