Cyber Briefing: 2025.09.03
WhatsApp scam hijacks accounts, Android droppers spread spyware, npm steals crypto, Austria email breach, Brazil bank heist, PA AG ransomware, Disney fined, record DDoS, Varonis deal.
👉 What's happening in cybersecurity today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. WhatsApp Scam Lets Hackers Hijack Chats
A new scam targeting WhatsApp users is exploiting the app's device linking feature to gain complete access to victims' accounts, including their contacts and chat history. Cybercriminals initiate the attack with a deceptive message containing a fraudulent link that harvests Facebook credentials, which are then used to hijack the WhatsApp account and spread further malicious links to others.
2. Android Droppers Turn Into Malware Tools
Android droppers are increasingly being used to distribute not only banking trojans but also SMS stealers and spyware, often disguised as government or banking apps to target users in India and other parts of Asia. These sophisticated droppers exploit timing gaps in security measures, such as Google's Pilot Program, by appearing benign upon installation and only downloading their malicious payload later.
3. Malicious Npm Package Mimics Nodemailer
A recently discovered malicious npm package, nodejs-smtp, impersonates the legitimate nodemailer library to infect Windows desktop applications like Atomic and Exodus cryptocurrency wallets. Once imported by a developer, it stealthily injects a cryptocurrency clipper that hijacks outgoing transactions by overwriting the recipient's address with the attacker's wallet.
For more alerts, click here!
💥 Cyber Incidents
4. Austria Ministry Reports Email Breach
The Austrian government has reported a cyberattack that breached 100 government email accounts and resulted in data theft. The Ministry of the Interior, which discovered the breach, has disconnected affected systems from the internet and launched a full investigation.
5. Hackers Breach Fintech In Bank Heist Try
Hackers attempted to steal $130 million from Evertec's Brazilian subsidiary, Sinqia S.A., after breaching its systems on the Pix instant payment network using stolen IT vendor credentials. Evertec has stated that a portion of the funds has been recovered and that there is no evidence of customer data being compromised, though the full financial and reputational impact is still unknown.
6. Ransomware Hits Pennsylvania AG Office
Pennsylvania’s Office of Attorney General (OAG) was hit by a ransomware attack in August, which has disrupted civil and criminal court cases. The state's top law enforcement office refused to pay the ransom and is working to restore its full functionality while an investigation into the incident is ongoing.
For more incidents, click here!
📢 Cyber News
7. Disney Pays 10 Million Over Kids Data
The Federal Trade Commission has announced that Disney will pay a $10 million settlement after allegedly collecting personal data from children without parental consent by failing to properly label its YouTube videos as "Made for Kids." This practice enabled targeted advertising to be shown to young viewers, which is prohibited under the Children’s Online Privacy Protection Rule (COPPA).
8. Cloudflare Blocks Record DDoS Attack
Cloudflare recently blocked a record-breaking 11.5 Tbps DDoS attack, a massive UDP flood originating largely from Google Cloud. This unprecedented attack was part of a series of large-scale assaults that Cloudflare has been mitigating over several weeks.
9. Varonis Acquires Email Security Firm
Varonis Systems has acquired SlashNext, an email security provider that uses predictive AI to defend against phishing and social engineering attacks across various communication platforms. This acquisition will integrate SlashNext's technology into Varonis's platform, aiming to enhance its MDDR service and expand its market reach.
For more news, click here!
📈Cyber Stocks
As markets opened on Wednesday, September 3, 2025, cybersecurity stocks moved lower as investors reassessed valuations, guidance concerns, and broader macro pressures.
Radware (RDWR) closed at $24.59, slipping as profit-taking and valuation caution weighed after its recent upward momentum.
Rapid7 (RPD) ended at $20.17, declining as growth uncertainty and muted guidance continued to pressure investor sentiment.
Check Point Software Technologies (CHKP) settled at $190.16, easing as investors awaited further strategic updates despite the company’s historically stable margins.
SentinelOne (S) finished at $17.70, falling sharply after post-earnings enthusiasm faded and regulatory caution added to broader risk-off sentiment.
CrowdStrike (CRWD) closed at $413.50, retreating as lingering concerns over revenue guidance and the effects of its past IT outage continued to weigh on the stock.
💡 Cyber Tip
📲 WhatsApp Scam Hijacks Accounts via Device Linking
A new scam is exploiting WhatsApp’s device linking feature to give hackers full access to victims’ accounts, chats, and contacts. Attackers send a phishing message such as “Hi, I accidentally found your photo!” with a fake link to a counterfeit Facebook login page. Once credentials are stolen, criminals use them to link the victim’s WhatsApp account to their own device, taking full control and impersonating the victim to spread more malicious links.
✅ What you should do
Do not click on unexpected links, even if they come from friends
Always check URLs carefully before entering login credentials
Verify suspicious messages through another channel before responding
Enable two-step verification in WhatsApp to block unauthorized device linking
Regularly review linked devices in WhatsApp settings and unlink anything unfamiliar
🔒 Why this matters
This scam combines phishing and account takeover to hijack WhatsApp accounts and spread quickly through trusted contacts. Once hijacked, criminals can steal private data, impersonate victims, and even attempt extortion. Enabling two-step verification and staying alert to suspicious me
📚 Cyber Book
Malware Data Science: Attack Detection and Attribution by Joshua Saxe, Hillary Sanders
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.