Cyber Briefing: 2025.08.21

GenAI powers phishing, QuirkyLoader spreads malware, Chrome VPN spyware exposed, China cuts internet, AI browsers duped, Orange Belgium breach, UK sanctions, Elastic denies RCE, Spider hacker jailed.

Aug 21, 2025

👉 What's going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Click to Read

🚨 Cyber Alerts

1.GenAI Used by Hackers for Phishing

A recent report indicates that cybercriminals are increasingly leveraging generative artificial intelligence platforms to execute sophisticated phishing campaigns. This new threat landscape is characterized by attackers using GenAI services to create convincing malicious content and automate large-scale attacks, which presents a significant challenge to traditional security measures.

2. QuirkyLoader Spreads RATs, Keyloggers

A new malware loader called QuirkyLoader has been used in email spam campaigns to deliver a variety of malicious payloads, including information stealers and remote access trojans. This malware utilizes DLL side-loading and process hollowing techniques to evade detection and infect target systems.

3. Malicious Chrome VPN Steals Data

A Chrome VPN extension called FreeVPN.One, with over 100,000 installations, was discovered to be spyware that secretly captured user screenshots and transmitted sensitive data to remote servers. The malicious extension gained prominence on the Chrome Web Store with a verified badge and featured placement despite its deceptive two-stage architecture that captured everything from banking credentials to private communications.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. China Briefly Cuts Off Global Internet

On Wednesday, China's Great Firewall unexpectedly cut off most of the country's internet traffic for just over an hour by blocking TCP port 443, the standard port for secure HTTPS connections. The cause of the unprecedented outage, which disrupted access to foreign websites and essential services, remains unclear, with experts speculating it was either a technical error or a test of a new censorship device.

5. Comet AI Browser Duped by Fake Shops

Emerging agentic AI browsers are vulnerable to both new and old security threats like phishing and prompt injection. A study on Perplexity’s Comet revealed that these tools, which can autonomously perform online tasks, lack sufficient security safeguards and can be easily manipulated to interact with malicious pages, putting user data at risk.

6. Orange Belgium Data Breach Hits 850K

Orange Belgium has disclosed a cyberattack that occurred in July, resulting in the theft of personal data from approximately 850,000 customers. While no passwords or financial information were accessed, the compromised data includes names, phone numbers, SIM card numbers, PUK codes, and tariff plans.

For more incidents, click here!

Get Help

📢 Cyber News

7. UK Sanctions Kyrgyz Banks, Crypto Ties

The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks, including Capital Bank and crypto exchanges like Grinex, for allegedly helping Russia evade sanctions and fund its war in Ukraine. The measures, which freeze U.K. assets, are part of a coordinated effort with the U.S. to disrupt illicit financial channels and pressure the Kremlin.

8. Elastic Denies Zero-Day RCE in Defend

Elastic, an enterprise search and security company, is refuting claims made by AshES Cybersecurity of a zero-day vulnerability in its Defend EDR product, stating that their thorough investigation found no evidence of a reproducible remote code execution flaw. The dispute escalated because AshES Cybersecurity reportedly refused to provide a proof-of-concept to Elastic, opting instead to publicly disclose their non-reproducible findings.

9. Scattered Spider Hacker Sentenced

Noah Michael Urban, a 20-year-old member of the cybercrime gang Scattered Spider, was sentenced to ten years in U.S. prison for a series of major hacks and cryptocurrency thefts. In addition to his prison time, Urban must also pay $13 million in restitution to his victims.

For more news, click here!

Check Events

📈Cyber Stocks

During the early hours of Thursday, August 21, 2025, cybersecurity stocks reflected cautious investor moves as markets digested earnings updates and global economic signals.

Palo Alto Networks (PANW) jumped 1.58% to $184.43, buoyed by a strong fiscal full-year outlook driven by accelerating demand for its AI-powered cybersecurity solutions and investor confidence in its strategic CyberArk acquisition and platform expansion.
Check Point Software Technologies (CHKP) gained 0.65% to $189.29, supported by market stabilization following last week’s Q2 earnings volatility and investor confidence in its long-term billings momentum.
Rapid7 (RPD) dropped 4.07% to $20.28, as analyst price target cuts and persistent valuation concerns weighed on sentiment despite its solid cash flow performance
SentinelOne (S) fell 1.27% to $16.74, as sector-wide valuation pressure and anticipation of its upcoming Q2 earnings tempered near-term bullishness.
Okta (OKTA) slipped 0.15% to $91.03, in line with broader macro caution and ahead of its earnings next week, amid concerns over sustaining premium valuation levels.

💡 Cyber Tip

Remove FreeVPN.One Chrome Extension Exposed as Spyware

A Chrome VPN extension with over 100,000 installs has been revealed to be spyware. The extension, FreeVPN.One, secretly captured screenshots of user activity and exfiltrated sensitive data, including banking credentials, private communications, and corporate information. Despite being verified and featured on the Chrome Web Store, it operated with a hidden two-stage architecture that turned a supposed privacy tool into a surveillance weapon.

✅ What you should do:

Immediately uninstall FreeVPN.One from Chrome if you have it installed
Review and revoke suspicious Chrome extension permissions
Regularly audit installed extensions, keeping only those from trusted developers
Use endpoint protection to detect potential spyware or credential theft
Change any credentials that may have been exposed through this extension

🔒 Why this matters:

This case shows how even verified Chrome extensions can transform into spyware through updates. With privileged browser access, malicious add-ons can silently monitor activity, steal financial data, and compromise sensitive accounts. Vigilance and regular extension audits are critical for maintaining browser security.