Cyber Briefing: 2025.10.24
China telecom hack, Lazarus EU defense breach, YouTube malware, Toys R Us leak, Verstappen data, Shaq car hack, Cryptomus $177M fine, Starlink cutoff, Russia guides cybercrime.
👉 What’s going on in the cyber world today?
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please Subscribe
🚨 Cyber Alerts
1. China Hackers Breach Telecom Firm
China-linked threat actors exploited the recently patched ToolShell SharePoint flaw (CVE-2025-53770) to breach a Middle Eastern telecommunications company, as well as multiple government and financial entities globally. The attackers, possibly including groups like Glowworm, used sophisticated backdoors and living-off-the-land tools in a likely espionage campaign focused on credential theft and long-term network access.
2. Lazarus Hits European Defense Firms
The North Korea-linked Lazarus Group (Hidden Cobra) executed a new wave of their Operation DreamJob cyber-espionage campaign in March 2025, using fake job offers to target staff at three European defense companies that develop Unmanned Aerial Vehicle (UAV) technology. Their goal was to steal proprietary data—likely to support North Korea’s own drone development—by tricking employees into installing the ScoringMathTea Remote Access Trojan (RAT) via trojanized PDF documents.
3. YouTube Videos Used As Malware Traps
A sophisticated cybercrime operation, dubbed the YouTube Ghost Network, has been actively abusing the platform since 2021 by posting over 3,000 malicious videos that lead users to download stealer malware, often disguised as pirated software or game cheats. This highly adaptive network leverages compromised, role-based accounts to weaponize YouTube’s trust signals like views and comments, making its large-scale malware distribution campaigns appear legitimate.
For more alerts, click here!
💥 Cyber Incidents
4. Toys R Us Canada Data Breach Alert
Toys “R” Us Canada has confirmed a data breach after stolen customer records, including names, addresses, emails, and phone numbers, were posted by a threat actor on the dark web in July 2025. The company has since informed affected customers and Canadian regulators, stressing that sensitive data like passwords and credit card information were not exposed, and advised vigilance against phishing attempts.
5. Hackers Breach Verstappen Data
The FIA, Formula 1’s governing body, confirmed a cyber breach on its driver information database that allowed hackers to access Max Verstappen’s personal data and sensitive internal documents in under ten minutes. The breach, which was voluntarily disclosed to the FIA by the ethical hackers, has since been remedied, with the governing body assuring that no other digital platforms were affected.
6. Shaq Range Rover Stolen After Hack
Shaquille O’Neal’s customized, $180,000 Range Rover went missing while being shipped for further modifications, with insiders suggesting the theft may have occurred after a car transport company was hacked. The customizer, Effortless Motors, is now offering a $10,000 reward for information leading to the return of the unique vehicle.
For more incidents click here!
📢 Cyber News
7. Cryptomus Fined 177M By FINTRAC
A Canadian cryptocurrency exchange, Cryptomus (formerly Certa Payments Ltd.), has been hit with a record-breaking fine of nearly $177 million by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) for numerous anti-money laundering and anti-terrorist financing violations. The infractions included failing to report over 1,000 transactions tied to criminal activities like child sexual abuse material trafficking and fraud, as well as thousands of high-risk transactions originating from Iran.
8. SpaceX Cuts Starlink In Myanmar
SpaceX disabled over 2,500 Starlink devices in Myanmar near known scam centers, acting after warnings that Chinese-led criminal groups were using the satellite internet technology for global fraud. This move comes as Myanmar’s military recently raided a major cybercrime hub along the Thai border, seizing dozens of the terminals and detaining nearly 2,200 people.
9. Russia Managing Cybercrime Groups
A new report from Recorded Future reveals that the Russian government has shifted from simply tolerating cybercriminals to actively managing them, leveraging these actors as geopolitical instruments while selectively enforcing laws based on their utility to the state and the level of international pressure. This management has resulted in a fracturing of the cybercrime ecosystem, with low-utility financial services being targeted by Russian law enforcement following international takedowns like Operation Endgame, while high-value operators with alleged intelligence ties retain relative protection.
For more news click here
📈Cyber Stocks
As the week ended on Friday, 24th October, cybersecurity stocks closed sharply higher, rebounding from earlier losses amid renewed optimism in the sector. Investor sentiment improved on stronger enterprise spending forecasts, upbeat analyst outlooks for AI-driven security solutions, and continued geopolitical tensions that underscored the importance of cyber defense. The rally reflected a shift back toward growth-oriented tech names, with cybersecurity leading the rebound.
CrowdStrike closed at $521.98, up 4.4%, as optimism around its AI-powered Falcon platform and robust enterprise adoption fueled investor enthusiasm.
Zscaler ended at $318.77, up 3.6%, buoyed by accelerating migration to zero-trust cloud architectures and fresh analyst upgrades.
Palo Alto Networks finished at $215.02, up 1.2%, supported by confidence in its strategic acquisitions and platform consolidation initiatives.
Okta settled at $88.55, up 1.7%, lifted by improving investor sentiment around its identity-security roadmap and expanding contract pipeline.
Fortinet closed at $84.93, up 0.3%, modestly higher as persistent geopolitical risks reinforced steady demand for its network protection offerings.
💡 Cyber Tip
YouTube Videos Used as Malware Traps
A coordinated operation called the YouTube Ghost Network has been posting thousands of malicious videos that trick users into downloading stealer malware disguised as cracked software or game cheats. Researchers found the network published more than 3,000 harmful videos since 2021 and used compromised role based accounts to make the content look legitimate.
🔐 What You Should Do
Do not download software from video descriptions, pinned comments, or unknown links.
Verify downloads on the vendor site rather than following links in user uploads.
Treat videos promising pirated software or game cheats as high risk.
Use endpoint protection and EDR that detect stealers such as Lumma, RedLine, and Rhadamanthys.
Report suspicious YouTube videos and avoid interacting with comment threads that push downloads.
⚠️ Why This Matters
The network weaponizes YouTube trust signals like views and comments to hide malicious intent. Users who follow the supplied links risk credential theft and full account compromise. Platform abuse at this scale shows why cautious downloading habits and strong endpoint defenses are essential.
📚 Cyber Book
The Personal Cybersecurity Manual by Marlon Buchanan
That concludes today’s briefing . You can check the top headlines here!
Copyright © 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on:
Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.