Cyber Briefing: 2025.08.13

Recent cybersecurity incidents have targeted major organizations worldwide, from Fortinet’s VPNs and FortiManager systems to airline and utility companies like WestJet and EPEC. High-profile operation

CyberMaterial

and

Sofia

Aug 13, 2025

👉 What's trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Click to Read

🚨 Cyber Alerts

Smart Bus Flaws Allow Spying, Control

Researchers have demonstrated how hackers can exploit vulnerabilities in smart bus systems to remotely track, control, or spy on vehicles. The unpatched flaws, which stem from insecure onboard and remote components, expose critical risks to passenger safety and operational integrity.

Fortinet SSL VPNs hit, then FortiManager targeted

Cybersecurity researchers have identified a significant spike in brute-force attacks targeting Fortinet SSL VPN devices, with over 780 unique malicious IP addresses participating in the coordinated effort. This activity, which began around August 3, 2025, was highly targeted and focused on specific Fortinet profiles, rather than being a random or opportunistic attack.

Ukrainian Web3team Targets Job Seekers

A sophisticated cybercriminal group is using a fake Ukrainian Web3 development team to trick job seekers into installing malicious NPM packages. The attack, which involves a fake interview and a seemingly legitimate GitHub repository, is designed to steal cryptocurrency, browser data, and personal information from unsuspecting victims.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

WestJet Confirms June 2025 Data Breach

In June 2025, WestJet experienced a data breach where a "sophisticated, criminal third party" gained unauthorized access to its systems. The stolen information includes personal details, recent travel booking history, and highly sensitive data from travel documents like passports, although credit card and debit card numbers were not compromised. WestJet is offering affected passengers 24 months of free identity theft protection and monitoring services as it continues to work with law enforcement and regulatory bodies on an ongoing investigation.

Pennsylvania AG Systems Down After Cyber Incident

Due to a recent cyber incident, the Pennsylvania attorney general's office has taken its network offline, affecting its website, email, and phone lines. The office, led by Attorney General Dave Sunday, is investigating the cause and is working to restore services while staff continue to operate with minimal disruption.

EPEC Hacked Social Media

The Provincial Energy Company (EPEC) in Cordoba, Argentina, suffered a hack on its social media accounts early Saturday morning, with suspicious posts appearing on its Instagram page. EPEC has since regained control of its X (formerly Twitter) account and is working to secure its other platforms, while advising users not to click on any links shared during the breach.

For more incidents, click here!

Get Help

📢 Cyber News

DOJ Disrupts BlackSuit Ransomware Ops

U.S. and international law enforcement agencies have successfully disrupted the BlackSuit (Royal) ransomware group by seizing servers, domains, and over $1 million in laundered cryptocurrency. This coordinated effort targeted the group’s infrastructure and finances, dealing a significant blow to their operations and ability to extort victims.

Wikipedia Loses UK Online Safety Act Case

A UK High Court ruling has rejected Wikipedia's challenge to being classified under the stringent Online Safety Act, which could require the platform to implement user verification and content filtering systems. This legal defeat poses significant operational and technical challenges for Wikipedia's collaborative editing model, potentially forcing a restructure of its platform or limiting UK user access.

Reddit Blocks Internet Archive Over AI Scraping

In response to AI companies allegedly using the Internet Archive to bypass its data protection policies, Reddit is now significantly restricting the Wayback Machine from indexing its content. This move is part of Reddit’s broader strategy to control and monetize its vast repository of user-generated data in the AI era.

For more news, click here!

Check Events

📈Cyber Stocks

On Wednesday, August 13, 2025, cybersecurity stocks displayed mostly positive movement as markets digested earnings beats, acquisition news, and valuation dynamics

Palo Alto Networks (PANW) rose 4.31% to $175.40, buoyed by growing optimism over its strategic CyberArk acquisition and strong institutional support in the lead-up to its earnings release
Rapid7 (RPD) jumped 7.33% to $20.14, driven by upbeat investor response to its raised FY 2025 earnings guidance and solid Q2 results that surpassed expectations
Check Point Software Technologies (CHKP) modestly advanced 0.26% to $181.20, supported by growing confidence in its upcoming strategic initiatives and the recent acquisition of Veriti, which bolstered its platform capabilities
SentinelOne (S) increased 3.16% to $16.30, as positive sentiment returned with speculation around potential M&A activity and sustained interest in its AI-driven security solutions
Okta (OKTA) climbed 0.95% to $89.33, buoyed by renewed investor optimism following its strong prior earnings performance and continued strength in identity-security demand

💡 Cyber Tip

📦 Ukrainian Web3team uses NPM package to attack job seekers and steal data

Cybercriminals are actively exploiting the job search process to deliver malware, particularly to developers in the Web3 space. When a company sends you a code project for an interview, don't just open and run it. Think of it like an attachment from someone you don't know, it could be a trap.

✅ What you should do:

Use a "Safe Zone" for the Code: Don't run the code on your regular computer.
Check the code: Look at the list of files and dependencies in the project, especially the package.json file for JavaScript.
Ask smart questions: If something feels off or the instructions seem too demanding, ask the interviewer about it.

🔒 Why this matters:
Safeguarding your digital life is crucial, because a single mistake in a job interview can lead to the theft of your money and personal identity.