Cyber Briefing: 2025.10.10

WordPress phishing, Figma flaw, ClayRat spyware, BK breach, Clop hacks Oracle, China hits law firm, FBI seizes forum, OpenAI blocks misuse, Defender bug.

Oct 10, 2025

👉 What are the latest cybersecurity alerts, incidents, and news?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Hackers Abuse WordPress for Phishing

Cybersecurity researchers have uncovered a new malicious campaign targeting WordPress sites. This campaign injects harmful JavaScript, which redirects users to fraudulent websites. In an analysis, Sucuri researcher Puja Srivastava explained that site visitors are being served drive-by malware through injected content, often disguised as a fake Cloudflare verification.

2. Severe Framelink Figma MCP Code Flaw

A vulnerability in Figma’s Model Context Protocol (MCP) server could allow attackers to execute arbitrary code. The flaw, a command injection bug, was found in a fallback mechanism and could be exploited by an attacker who sends malicious input to the server, potentially putting developers at risk of data exposure.

3. Android Spyware ClayRat Imitates Apps

A new Android spyware, ClayRat, is targeting Russian users by impersonating popular apps like WhatsApp and YouTube. The malware, spread through fake websites and Telegram channels, can steal personal data, access call logs, and even take pictures.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. BK Technologies Admits Cyber Breach

BK Technologies, a US-based maker of radios for police and first responders, recently experienced a cyberattack. The company confirmed that an unauthorized third party accessed and stole non-public data, potentially including employee information, but says that most of its operations were not affected.

5. Dozens Hit in Oracle-Linked Hacks

Hackers at the Clop extortion gang have used previously unknown vulnerabilities in Oracle’s E-Business Suite software to steal data from dozens of organizations, targeting executives with extortion emails. Google security researchers found that the hacking campaign has been ongoing since July, despite Oracle’s earlier claim that the vulnerabilities were patched.

6. Chinese Hackers Hit Williams Connolly

State-sponsored hackers recently breached the prominent law firm Williams & Connolly, gaining access to some attorney email accounts. The firm, which represents high-profile clients like former presidents and major corporations, believes the attackers exploited an unspecified zero-day vulnerability.

For more incidents, click here!

📢 Cyber News

7. FBI Shuts Down BreachForums Portal

The FBI, in collaboration with French law enforcement, has seized the web infrastructure of the hacking forum BreachForums, which was run by the ShinyHunters group. This action was taken to prevent the forum from being used to leak corporate data stolen in ransomware and extortion attacks, including a planned leak of data from a massive Salesforce breach.

8. OpenAI Blocks Hackers Misusing ChatGPT

OpenAI recently took action against three malicious groups that were using its ChatGPT AI tool to develop malware. These groups, one of which has ties to Russia, used the chatbot to create code for a remote access trojan (RAT) and a credential stealer, specifically to evade detection.

9. Defender Mistakenly Flags SQL Server

Microsoft is currently addressing a bug in its Defender for Endpoint platform that mistakenly flags SQL Server 2017 and 2019 as end-of-life. The company is deploying a fix to resolve the issue, which was caused by a recent code change.

For more news click here

Check Events

📈Cyber Stocks

As the week ended on Friday, 10th October, cybersecurity stocks traded mixed, reflecting a balance between continued optimism in AI-driven security innovation and broader market caution. While companies like Zscaler and Okta gained on strong cloud and identity-security sentiment, others such as Palo Alto Networks and CrowdStrike saw mild profit-taking after recent highs. Overall, the sector remained resilient amid macroeconomic uncertainty and steady enterprise investment in next-generation cyber defense.

CrowdStrike closed at $509.13, down 0.17%, with investors locking in gains after a strong rally and reassessing growth expectations for its AI-focused Falcon platform.
Zscaler ended at $315.21, up 0.4%, supported by continued demand for its cloud-based zero-trust solutions and confidence in its quarterly results.
Palo Alto Networks finished at $215.17, down 1.2%, as margin pressures and acquisition integration concerns weighed slightly on sentiment.
Okta settled at $93.64, up 1.1%, helped by renewed enthusiasm for AI-driven identity management and easing competitive headwinds.
Fortinet closed at $86.19, down 0.3%, reflecting cautious trading amid questions about the pace of its firewall upgrade cycle despite strong geopolitical demand for network protection.

💡 Cyber Tip

ClayRat Imitates Popular Apps to Spread Android Spyware

A new Android spyware called ClayRat is disguising itself as WhatsApp, TikTok, YouTube, and Google Photos to infect users, mainly in Russia. Spread through fake websites and Telegram channels, it steals personal data, call logs, and messages, and can take photos or make calls. Researchers at Zimperium found over 600 samples, showing the campaign is expanding rapidly. ClayRat uses a session-based installation to bypass Android 13+ security checks and tricks users with fake Play Store-style sites.

🔐 What You Should Do

Download apps only from the Google Play Store.
Avoid sideloading APKs or installing from Telegram or unknown sites.
Check app permissions and developer names carefully.
Use mobile security software to block spyware.

⚠️ Why This Matters

ClayRat combines phishing, fake app stores, and social engineering to infect Android devices. It shows how easily users can be deceived when sideloading apps. Staying alert and installing only verified apps is the strongest defense.