👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Microsoft Office Zero Day For Sale

A threat actor named Zeroplayer is selling a zero-day remote code execution (RCE) vulnerability combined with a sandbox escape for Microsoft Office and Windows systems on underground forums for $30,000, raising significant alarms as this exploit targets fully patched systems and could allow attackers to bypass critical security features. The exploit chain, capable of being delivered through malicious Word or Excel documents, poses a high-impact risk to organizations globally by neutralizing a primary defense against malware and enabling full system compromise.

2. New 7 Zip Flaw Exploited In Attacks

Threat actors are actively exploiting a recently patched 7-Zip vulnerability (CVE-2025-11001, CVSS 7.0) that enables remote code execution (RCE) by abusing how it handles symbolic links during ZIP file parsing, as warned by NHS England. This flaw, which impacts 7-Zip versions 21.02 through 24.09 on Windows, requires user interaction and administrative privileges for successful exploitation, often targeting service accounts to allow an attacker to write malicious files outside the intended extraction folder.

3. Hackers Target GlobalProtect Portals

Over 2.3 million malicious sessions have targeted Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025, marking a 40-fold spike in brute-force login attempts. This unprecedented surge, tracked by GreyNoise, underscores escalating global risks to remote access systems and is strongly linked to sophisticated, coordinated threat actors using highly concentrated infrastructure, primarily hosted in

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Eurofiber Confirms Data Theft Hack

On November 13, Eurofiber France was breached after hackers exploited a software vulnerability in its ticketing system and ATE customer portal, leading to the theft of customer data, an attempted extortion, and a report to French authorities. The stolen data may be highly sensitive, potentially including SSH keys, VPN configurations, and API keys, though Eurofiber states no banking or critical systems were affected, and operations remained normal.

5. WhatsApp Flaw Exposed User Numbers

A significant privacy flaw in WhatsApp’s contact discovery mechanism allowed researchers to validate the existence of 3.5 billion mobile numbers using the app worldwide, far exceeding previous estimates. This vulnerability also enabled them to infer sensitive metadata, such as device operating systems and account age, which could be exploited for targeted attacks like spam, phishing, and identifying individuals in regions where the app is restricted.

6. Ransomware Hits LG Battery Subsidiary

LG Energy Solution, the South Korean battery giant, confirmed it suffered a recent ransomware attack targeting a single overseas facility, which the company claims was quickly mitigated and restored to normal operation. Simultaneously, the Akira ransomware group publicly claimed responsibility, alleging they stole a massive 1.7 terabytes of sensitive corporate and employee data, which LG Energy Solution is still investigating.

For more incidents click here!

Read Report

📢 Cyber News

7. Europe Scales Back Privacy And AI Laws

Under pressure from the US and industry, the European Commission is proposing significant rollbacks to its landmark tech regulations, including simplifying GDPR’s cookie pop-ups and relaxing its AI Act, in an effort to spur economic growth. These changes, which also allow easier sharing of personal data and extend grace periods for high-risk AI rules, are drawing intense criticism from civil rights groups who argue fundamental safeguards are being weakened.

8. US UK Australia Sanction Russian Host

The United States, United Kingdom, and Australia have imposed coordinated sanctions on Media Land, a Russian “bulletproof” web hosting company, and its related firms and executives, for allegedly facilitating ransomware attacks by groups like LockBit and BlackSuit against U.S. victims and critical infrastructure. These sanctions aim to disrupt the company’s ability to operate by prohibiting transactions with the sanctioned entities, while officials also released guidance to help organizations mitigate the risks posed by such cybercriminal services.

9. Philippine Mayor Sentenced For Spying

A Philippine trial court sentenced former mayor Alice Guo to life imprisonment for human trafficking after finding she had ties to Chinese criminal syndicates and was identified as Chinese national Guo Hua Ping. The conviction stems from a police raid on a scam cyber center on land partially owned by her, which uncovered hundreds of trafficked workers, leading to charges from the Presidential Anti-Organized Crime Commission (PAOCC).

For more news click here

Check Events

📈Cyber Stocks

On Thursday, 20th November, cybersecurity stocks remained mixed as markets attempted to stabilise following several consecutive sessions of tech-sector weakness. Investors balanced ongoing macro pressures with steady long-term demand for cloud, identity, and endpoint security. While geopolitical cyber risks continued to support the sector’s defensive profile, sentiment stayed cautious as traders awaited clearer signals on year-end enterprise spending and broader market direction.

• CrowdStrike closed at 520.59 dollars and moved higher, supported by renewed buying interest after earlier profit-taking and consistent demand for AI-driven endpoint protection.

• Palo Alto Networks closed at 199.90 dollars and edged slightly lower, reflecting continued caution around the timing of enterprise security budgets despite stable platform adoption.

• Zscaler closed at 291.81 dollars and dipped modestly, as high-growth valuation sensitivity outweighed ongoing momentum in cloud and zero-trust security.

• Fortinet closed at 79.73 dollars and slipped again, with investor attention still focused on concerns surrounding slowing firewall refresh cycles.

• Okta closed at 80.09 dollars and traded lower, as identity-security sentiment softened amid broader market uncertainty and limited new catalysts.

💡 Cyber Tip

🛑 Old Finger Protocol Used to Launch Malware Attacks

Threat actors are bringing back the decades-old Finger protocol to deliver remote commands onto Windows systems. Campaigns linked to ClickFix attacks trick users into running a harmless-looking command that secretly uses the finger utility to pull and execute malicious instructions from an attacker-controlled server. This technique is being used to download infostealer malware and other payloads while avoiding detection.

What You Should Do

• Never run commands sent to you through email, chat, or pop-up prompts, even if they look simple or harmless.

• Block the Finger protocol in your environment if it is not required.

• Monitor for unexpected use of cmd.exe, batch files, or commands involving the finger utility.

• Educate users about ClickFix-style scams that imitate Captcha checks or verification prompts.

Why This Matters

The Finger protocol is still supported on Windows, which gives attackers a built-in tool that can fetch and run remote commands without using typical malware delivery channels. Because the attack hides inside a legitimate system utility, it can bypass many security filters and quickly lead to malware installation or credential theft.

Visit Book Club

📚 Cyber Book

Cognitive Hack by James Bone

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.