Cyber Briefing: 2025.09.09

GPUGate abuses Google Ads, Defender flaw, npm packages hacked, Plex breach, GhostAction steals GitHub secrets, Lovesac hit, Signal adds backups, SpamGPT fuels phishing, AI misuse grows.

Sep 09, 2025

👉 What's the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. GPUGate Abuse of Google Ads and GitHub

A malicious software campaign called GPUGate is using Google Ads and GitHub to trick users into downloading malware. The malware uses a unique evasion technique that only allows its malicious code to be decrypted if it detects a real, physical graphics card, which helps it avoid detection in virtual machines and security sandboxes used by researchers.

2. Windows Defender Flaw Enables Hijack

A critical vulnerability in Windows Defender allows attackers to disable the security service and tamper with its core files. The exploit works by creating a fake, higher-version folder within Defender's directory, tricking the system into running its processes from an attacker-controlled location.

3. Npm Packages Compromised In Attack

In a software supply chain attack, a maintainer's npm account was compromised through a phishing scam, leading to the injection of malicious code into several popular packages with over 2 billion collective weekly downloads. The malware is designed to steal cryptocurrency by hijacking browser APIs and swapping wallet addresses in transaction requests.

For more alerts, click here!

Check Jobs

💥 Cyber Incidents

4. Plex Users Told To Reset Passwords

Plex, a media streaming service, recently experienced a data breach where a hacker stole customer information, including email addresses, usernames, and hashed passwords. The company is now urging all users to reset their passwords and enable two-factor authentication to protect their accounts.

5. Hackers Steal Secrets In GitHub Attack

A new supply chain attack, called GhostAction, has stolen an estimated 3,325 secrets from 817 GitHub repositories, including PyPI, npm, and AWS credentials. The attackers compromised maintainer accounts to inject malicious GitHub Actions workflows that automatically exfiltrated secrets to an external server.

6. Lovesac Confirms Breach After Attack

American furniture company Lovesac has confirmed a data breach occurred between February 12 and March 3, 2025, after hackers accessed its internal systems and stole personal information. The breach, which was claimed by the RansomHub ransomware gang, prompted Lovesac to offer two years of complimentary credit monitoring to those affected.

For more incidents, click here!

Click to Report

📢 Cyber News

7. Signal Adds Secure Cloud Backups

Signal has rolled out a new opt-in feature that allows users to create end-to-end encrypted backups of their chats. This ensures that even if a user's phone is lost or damaged, they can restore their messages.

8. Spamgpt Ai Tool Powers Phishing Attack

A new cybercrime tool called SpamGPT is making it easier for criminals to launch large-scale phishing campaigns by blending artificial intelligence with professional email marketing tools. This "spam-as-a-service" platform automates the creation of fraudulent emails and promises to bypass major email providers' defenses by abusing legitimate cloud services.

9. Employees Keep Feeding AI Secrets

Organizations face significant risks because employees are inputting sensitive data into public AI tools, and most companies lack the necessary technical controls to prevent it. A new report from Kiteworks highlights that most organizations are missing basic security measures to manage this data.

For more news, click here!

Check Events

📈Cyber Stocks

In the early hours of Tuesday, September 9, 2025, cybersecurity stocks edged higher as investors absorbed strategic announcements, recent earnings strength, and signs of a softer macroeconomic backdrop.

Radware (RDWR) closed at $25.55, extending its winning streak as investors showed confidence in its steady momentum and earnings outlook.
Rapid7 (RPD) ended at $20.60, advancing after being highlighted as a leader in the 2025 IDC MarketScape for Exposure Management, which reinforced its strategic positioning.
Check Point Software Technologies (CHKP) settled at $196.90, climbing on the back of shareholder approval of its AGM proposals and recognition for leadership in hybrid mesh firewall solutions.
SentinelOne (S) finished at $18.43, slipping slightly as valuation concerns resurfaced despite continued optimism over its AI-driven recurring revenue growth.
Palo Alto Networks (PANW) closed at $197.38, gaining as confidence grew around its platform consolidation strategy and progress linked to the CyberArk acquisition.

💡 Cyber Tip

📦 20 Popular Npm Packages Compromised in Supply Chain Attack

A maintainer’s account was phished and hijacked, leading to malicious code being injected into 20 widely used npm packages with over 2 billion weekly downloads. The malware was designed to steal cryptocurrency by swapping wallet addresses during transactions.

✅ What you should do

Immediately check your dependencies and update to the latest safe versions
Enable strong authentication (phishing-resistant MFA) on developer accounts
Lock down and monitor CI/CD pipelines for suspicious package changes
Use package signing and integrity checks before deployment
Regularly audit dependencies and watch for typosquatting or rogue updates

🔒 Why this matters

A single compromised maintainer account can poison the entire software supply chain, impacting millions of users and organizations. This attack underscores the need for stronger authentication, dependency control, and constant vigilance in open-source ecosystems.