Cyber Briefing: 2025.09.30

Fake Teams spreads Oyster, ads push crypto malware, critical Sudo flaw, Asahi attack, Harrods breach, Kido ransom, UK seizes $7.4B BTC, Interpol busts scams, OT guide issued.

Sep 30, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Fake Microsoft Teams Installers Spread

In a recent cybercrime campaign, hackers are using fake Microsoft Teams installers, promoted through search engine ads and SEO poisoning, to infect Windows devices with the Oyster backdoor. This malware, which first appeared in 2023, provides attackers with a way to gain initial access to corporate networks, execute commands, and deploy more malicious payloads.

2. Cybercriminals Use Facebook Google Ads

A persistent malvertising campaign has evolved from targeting Facebook users to infiltrating Google Ads and YouTube, using hijacked accounts and deceptive impersonation to distribute crypto-stealing malware. Cybercriminals are exploiting the trust associated with legitimate advertising platforms and verified channels to compromise financial data and cryptocurrency wallets.

3. CISA Warns Of Critical Sudo Flaw

U.S. government authorities have added a critical vulnerability in the Sudo command-line tool, used in Linux and Unix systems, to a list of actively exploited flaws. The vulnerability, known as CVE-2025-32463, allows a local attacker to execute commands as a root user, and federal agencies must patch it by October 20, 2025.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Attackers Take Down Asahi Brewer

Asahi, Japan’s largest brewery, is experiencing a major disruption to its domestic distribution after a cyberattack. The attack has shut down the company’s shipping and call center systems, leaving customers dependent on existing stock.

5. Harrods Alerts Customers To Breach

Harrods, the British department store, has notified customers of a data breach where a third-party provider’s system was compromised, exposing names and contact information for some e-commerce customers. The company confirmed that financial data and account passwords were not affected, and the incident is contained.

6. Hackers Steal Photos From Kido Nursery

A gang of cybercriminals reportedly stole the names, pictures, and addresses of about 8,000 children from the Kido nursery chain and is now demanding a ransom. The hackers claim to also have information on parents, carers, and safeguarding notes, and have contacted some families directly.

For more incidents, click here!

Click to Report

📢 Cyber News

7. UK Police Seize 5.5 Billion In Bitcoin

Zhimin Qian, a Chinese national, was convicted in the U.K. for her part in a large-scale cryptocurrency fraud after authorities seized $7.39 billion in Bitcoin from her London home, the largest seizure of its kind. The raid was the result of a long-term investigation into a 2014-2017 fraud that duped over 128,000 victims in China through false promises of financial returns.

8. Interpol Cracks Down On African Scams

A major digital scamming network has been dismantled by a transnational operation across 14 African countries, leading to 260 arrests and the seizure of over 1,200 electronic devices. The Interpol-led effort, dubbed Operation Contender 3.0, is the third wave of arrests against fraudsters in Africa since 2021.

9. National Cyber Authorities Release OT Guide

Seven national cybersecurity agencies, including the Five Eyes nations, have issued new guidelines for securing operational technology (OT) systems. The guidance, released on September 29, provides specific, step-by-step actions for security teams to create a comprehensive record of their OT environment.

For more news, click here!

Check Events

📈Cyber Stocks

On Tuesday, 30th September, cybersecurity stocks saw mostly positive movement as investors priced in heightened demand for digital defenses. Recent high-profile breaches, government contract announcements, and industry consolidation drove optimism, while geopolitical tensions and ongoing cyberwarfare threats underpinned the sector’s strength. Overall, the market viewed cybersecurity as a resilient play against both political and technological uncertainty.

CrowdStrike (CRWD) – $488.45 (+1.5%)
Shares rose on renewed investor confidence after recent large-scale hacks underscored the critical need for advanced endpoint protection.
Zscaler (ZS) – $296.90 (+0.8%)
Gains were supported by strong enterprise cloud adoption and the accelerating shift toward zero-trust security models.
Palo Alto Networks (PANW) – $203.96 (+0.8%)
The stock edged higher as its $25B CyberArk acquisition reinforced investor confidence in its platform consolidation strategy.
Okta (OKTA) – $93.86 (+2.9%)
Shares climbed on identity management demand, boosted by AI-driven authentication needs and recent U.S. government contract wins.
Fortinet (FTNT) – $84.65 (+0.4%)
Fortinet ticked up amid broader geopolitical concerns, with rising state-sponsored cyberattacks highlighting the importance of robust network security.

💡 Cyber Tip

💻 Fake Microsoft Teams Installers Spread Malware

Hackers are distributing fake Microsoft Teams installers through search ads and SEO tricks to infect Windows systems with the Oyster backdoor. Once installed, the malware gives attackers remote access, runs on schedule to stay active, and allows them to deploy more malicious payloads.

✅ What you should do

Only download Microsoft Teams from the official Microsoft website
Avoid clicking on sponsored search results for software downloads
Verify file signatures and sources before installing IT tools
Use endpoint security that detects and blocks backdoors
Train IT admins and staff to recognize malvertising campaigns

🔒 Why this matters

These fake installers are part of a growing trend where attackers impersonate trusted tools like Teams, Chrome, or PuTTY to gain access to corporate networks. IT administrators, who often have high-level privileges, are prime targets, making this a serious risk for organizations.