Cyber Briefing: 2025.08.28

A wave of cyber threats is emerging worldwide: AI-driven ransomware is on the rise, coordinated scans target Microsoft RDP servers, ShadowCaptcha exploits WordPress sites to spread malware

Aug 28, 2025

👉 What's happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. AI Systems Used for Ransomware Attacks

PromptLock is a new AI-powered ransomware discovered by ESET that uses a hard-coded prompt injection attack on a large language model to exfiltrate files, encrypt data, and generate ransom notes. Written in Golang, the malware leverages a local version of an OpenAI model to carry out its functions, demonstrating a novel use of AI in cyberattacks.

2. Coordinated Scans Target Microsoft RDP

Cybersecurity firm GreyNoise has detected a significant, coordinated spike in scanning activity from nearly 2,000 IP addresses targeting Microsoft Remote Desktop (RDP) portals. This reconnaissance campaign appears to be exploiting subtle timing flaws to validate usernames, likely in preparation for future brute-force or password-spray attacks, and may be a single botnet or toolset originating from Brazil.

3. Shadowcaptcha Exploits WordPress Sites

A new cyber campaign, dubbed ShadowCaptcha, is exploiting over 100 compromised WordPress sites to trick users into downloading information stealers, ransomware, and crypto miners. The attacks use a social engineering technique called ClickFix to deliver malicious payloads by misleading users into running built-in Windows tools or saving and executing malicious HTML files.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4.Nevada Closes Offices After Cyberattack

Nevada is grappling with a cyberattack that began on Sunday, which has taken down state websites and phone systems, forcing the closure of all state offices on Monday. While emergency services like 911 remain unaffected, the prolonged disruption has led to a coordinated recovery effort involving state, local, and federal agencies.

5.Doge Accused Of Mimicking Social Security Info

A whistleblower has revealed that a Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) created an unsecure live copy of the nation's entire Social Security dataset in a cloud environment, bypassing critical security controls. This action, which could expose over 300 million Americans to identity theft, was taken despite a court-ordered temporary restraining order and in violation of federal security guidelines.

6.Swedish Towns Hit By Ransomware Attack

A suspected ransomware attack on Miljödata, a software provider for Swedish municipal governments, has impacted around 200 municipalities and regions. The attackers are attempting to extort the company, which handles sensitive HR data like sick leave and medical certificates.

For more incidents, click here!

Click to Report

📢 Cyber News

7.US Appeals Sentences For Hashflare Scheme

US prosecutors are appealing the time-served sentences given to the co-founders of the $577 million HashFlare crypto Ponzi scheme, arguing that the punishment is too lenient for the severity of the fraud. This appeal highlights the growing debate over the consequences for crypto criminals, with some experts and investigators warning that a lack of significant penalties may be fueling a rise in crypto-related crime.

8.Russia Considers Google Meet Ban

A senior Russian official has stated that the government is considering blocking Google Meet following recent service disruptions, as part of a broader move to ban Western apps deemed a national security threat. This potential action is seen as a way to promote state-backed alternatives and exert more control over digital communications within the country.

9.Salt Typhoon Hacking Linked To China

The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have formally linked the global "Salt Typhoon" hacking campaigns to three China-based technology firms.

For more news, click here!

Check Events

📈Cyber Stocks

At the outset of Thursday’s trading on August 28, 2025, cybersecurity stocks reversed recent weakness, with investors positioning around earnings catalysts, technical rebounds, and fresh strategic signals.

Radware (RDWR) climbed 3.37% to $25.74, buoyed by renewed analyst confidence and a technical bounce from oversold conditions.
Rapid7 (RPD) advanced 2.61% to $20.67, recovering ground as oversold signals triggered buying interest despite lingering growth concerns.
Check Point Software Technologies (CHKP) rose 1.57% to $190.67, supported by steady post-earnings sentiment and anticipation of commentary from the Deutsche Bank Technology Conference.
SentinelOne (S) surged 4.41% to $17.15, as pre-earnings optimism and bullish analyst expectations lifted momentum ahead of quarterly results.
CrowdStrike (CRWD) gained 1.19% to $422.61, stabilizing after its earnings-driven dip as investors balanced softer revenue guidance with strategic news of its Onum acquisition .

💡 Cyber Tip

💻 Shadowcaptcha Uses WordPress Sites To Spread Ransomware Info Stealers And Crypto Miners

A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners.

✅ What you should do:

Be wary of unusual CAPTCHA requests
Update and secure your WordPress site
Train your team
Use endpoint protection

🔒 Why this matters:

The ShadowCaptcha campaign is a sophisticated threat that blends social engineering, legitimate system tools (LOLBins), and multi-stage payload delivery. By leveraging over 100 compromised WordPress sites, attackers can reach a large number of unsuspecting users. The use of ClickFix tactics is particularly effective as it tricks users into willingly running malicious code, bypassing traditional security layers. Since it relies on user action, the best defense is vigilance and a strong security posture, both for individuals and website owners.