👉 What’s happening in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Malicious Npm Packages Used In Phishing

Cybersecurity researchers have identified a new campaign called Beamglea that uses 175 malicious packages on the npm registry to create a widespread phishing infrastructure, targeting over 135 companies.

2. Fake Inflation Refund Text Scam Hits NY

An ongoing text message scam is targeting New Yorkers, impersonating the Department of Taxation and Finance to steal personal and financial information by falsely promising “Inflation Refunds.” These fraudulent messages trick victims into clicking a malicious link that leads to a fake website designed to harvest sensitive data.

3. Rust Malware ChaosBot Exploits Discord

Threat actors are using a new Rust-based backdoor called ChaosBot that allows them to gain control of compromised systems for reconnaissance and executing commands. The malware is notable for using Discord as a command-and-control (C2) channel and for its ability to evade detection.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Harvard Probes Breach Tied To Oracle Flaw

“Harvard University is investigating a data breach after the Clop ransomware gang claimed to have stolen data by exploiting a zero-day vulnerability in Oracle’s E-Business Suite software, which has affected many other customers. The university has applied a patch provided by Oracle to fix the vulnerability and states that the incident appears to be limited to a small administrative unit.

5. Qilin Ransomware Hits Beer Giant Asahi

A ransomware attack by the Qilin group temporarily crippled the Japanese operations of Asahi Group Holdings, Japan’s largest brewing company. The group, which claimed responsibility for the cyberattack, stole and leaked 27GB of the company’s data, including sensitive financial and employee documents.

6. Fortra Reports GoAnywhere MFT Breach

Fortra’s GoAnywhere MFT software was targeted by hackers who exploited a zero-day deserialization vulnerability, CVE-2025-10035. This flaw, which had a CVSS score of 10, was found in the software’s License Servlet and allowed attackers to inject commands. Fortra’s investigation revealed that a “limited” number of on-premises customers were affected, specifically those who had disregarded vendor recommendations and exposed their management console to the public internet.

For more incidents, click here!

📢 Cyber News

7. Apple Bug Bounty Hits 2 Million Payout

Apple recently updated its bug bounty program, increasing rewards for finding and reporting security vulnerabilities. The company is now offering up to $2 million for complex exploit chains and has introduced Target Flags to streamline the reward process.

8. GXC Team Cybercrime Ring Dismantled

Spanish authorities successfully dismantled the “GXC Team” cybercrime group, arresting its 25-year-old Brazilian leader. The group sold AI-powered phishing tools, malware, and voice-scam kits, becoming a major supplier of credential theft tools across Spain.

9. Extortion Group Leaks Salesforce Data

Scattered LAPSUS$ Hunters has leaked millions of records allegedly stolen from Salesforce customers. The group demanded a ransom from Salesforce, which refused to pay.

For more news click here

Check Events

📈Cyber Stocks

On Monday, 13th October, cybersecurity stocks opened the week on a cautious note, with most names edging lower amid broader tech market weakness and investor profit-taking. The sector faced mild pressure from insider selling and valuation concerns, even as optimism persisted around AI-driven innovation and long-term demand for digital defense solutions. Overall, the market reflected consolidation after weeks of strong momentum across cyber equities.

• CrowdStrike closed near $493, down around 3%, after news of a $12.7 million insider stock sale by its president prompted short-term investor caution despite strong operational outlooks.

• Zscaler ended around $311, slightly higher, supported by investor optimism surrounding its advancements in “agentic AI” for next-generation security operations.

• Palo Alto Networks finished near $212, down modestly, as integration risks from its recent acquisitions and margin pressures kept sentiment subdued.

• Okta settled near $91, marginally lower, with ongoing competition in identity management weighing on valuations, partially offset by AI-driven identity innovation.

• Fortinet closed around $85, flat to slightly positive, as steady geopolitical tensions sustained interest in its network defense portfolio despite slower firewall refresh cycles.

💡 Cyber Tip

Beware Fake Inflation Refund Texts in New York

Scammers are impersonating the New York Department of Taxation and Finance, sending texts to steal personal and financial information.

🔐 What You Should Do

• Never click links in unsolicited texts about refunds.

• Do not provide personal, Social Security, or financial information.

• Verify any refund directly through official state channels.

• Report suspicious messages to the Department of Taxation and Finance or the IRS.

⚠️ Why This Matters

Protecting your personal and financial data prevents identity theft and financial fraud.

Visit Book Club

📚 Cyber Book

Wearable Medical Technologies by Kevin Chen

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.