👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. CISA Highlights Ongoing Spyware Campaign

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning that malicious actors are actively deploying commercial spyware and remote access trojans (RATs) through mobile messaging applications, using sophisticated social engineering to gain unauthorized access and deploy further malware. These campaigns are primarily targeting high-value individuals, including government officials and activists across the U.S., Middle East, and Europe, leveraging techniques like fake app installations and account hijacking, prompting CISA to recommend strict security measures such as using E2EE communications and FIDO-compliant authentication.

2. Second Wave Hits Thousands Of Repos

Multiple security vendors are alerting developers about Sha1-Hulud, a second wave of supply chain attacks targeting the npm registry. This campaign has compromised hundreds of packages from major entities, using a new malicious variant that executes code during the preinstall phase to steal secrets and propagate automatically, impacting thousands of repositories.

3. Formatters Leak Thousands Of Secrets

Thousands of credentials, authentication keys, and configuration data belonging to organizations in sensitive sectors were exposed via publicly accessible JSON snippets submitted to the popular JSONFormatter and CodeBeautify online formatting tools. Researchers discovered over 80,000 user pastes totaling more than 5GB of sensitive information, which was freely accessible through a feature called Recent Links provided by both services.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Dartmouth Confirms Major Data Breach

Dartmouth College disclosed a data breach after the Clop extortion group leaked stolen data, allegedly from the school’s Oracle E-Business Suite (EBS) servers, targeting personal information from 1,494 individuals by exploiting an EBS zero-day vulnerability (CVE-2025-61882) between August 9 and August 12, 2025. This incident is part of a massive Clop campaign exploiting the same flaw across numerous organizations, including Harvard University, The Washington Post, and American Airlines subsidiary Envoy Air, following the gang’s prior attacks on major file transfer systems like MOVEit Transfer.

5. Harvard Reports Significant Data Breach

Harvard University announced a data breach affecting its Alumni Affairs and Development systems, compromising the personal information of students, alumni, donors, and staff via a voice phishing attack. While sensitive data like Social Security numbers and passwords were not exposed, the breach disclosed contact details, donation records, and biographical data related to university engagement activities.

6. Canon Subsidiary Hit By Oracle Hack

Imaging and optical technology giant Canon confirmed it was a target in the recent Oracle E-Business Suite (EBS) hacking campaign, though its investigation indicated the breach was limited to a web server at a U.S. subsidiary, with no evidence of corporate data leakage. This incident is part of a broader campaign attributed to the threat actor cluster FIN11, with over 100 organizations, including major companies like Cox Enterprises and Mazda, listed as alleged victims on the Cl0p ransomware website.

For more incidents click here!

Read Report

📢 Cyber News

7. Cryptographers Void Election After Key Loss

A leading cryptography organization, the International Association of Cryptologic Research (IACR), was forced to cancel its annual leadership election results because an election official irretrievably lost an essential encryption key. This key was needed to decrypt the votes, which were securely tallied using the verifiable and privacy-preserving Helios voting system.

8. Porch Pirates Steal Electronics In Towns

A sophisticated ring of fourteen individuals was indicted for allegedly using insider information to track and steal hundreds of valuable electronics packages, primarily cellphones, from front porches across Long Island over a nearly two-year period, according to New York prosecutors. The accused thieves are believed to have digitally infiltrated FedEx’s delivery systems to obtain privileged details like tracking numbers and recipient names, allowing them to intercept expensive merchandise moments after delivery.

9. CrowdStrike Insider Aids False Hack Claim

A cybersecurity firm, CrowdStrike, terminated an internal individual for allegedly selling screenshots of the company’s internal dashboards, including an Okta SSO link, to the hacking group Scattered Lapsus$ Hunters. CrowdStrike denied that their systems were compromised, confirming the leak was an isolated insider act and stating that customer protection was maintained throughout the incident.

For more news click here

Check Events

📈Cyber Stocks

On Tuesday, 25th November, cybersecurity stocks traded higher as the sector saw a modest rebound following several sessions of weakness. Improving risk sentiment, renewed interest in AI-driven security platforms, and stabilising expectations around enterprise year-end budgets helped lift the group. While macro uncertainty remained in the backdrop, buyers stepped back into key cybersecurity names, supporting a broad but measured recovery across endpoint, identity, and cloud-security segments.

• CrowdStrike closed at 506.82 dollars and moved higher, supported by renewed investor confidence in its AI-powered endpoint security leadership after recent declines.

• Palo Alto Networks closed at 183.89 dollars and posted a modest gain, reflecting steady demand for its platform-based security strategy despite lingering caution in the broader tech sector.

• Zscaler closed at 280.35 dollars and advanced strongly, benefiting from investor rotation back into cloud and zero-trust security names.

• Fortinet closed at 79.77 dollars and edged up, signalling gradual stabilisation even as concerns around firewall refresh cycles continued to moderate sentiment.

• Okta closed at 79.15 dollars and traded slightly higher, supported by consistent identity-security demand and improving short-term market positioning.

💡 Cyber Tip

🕵️ CISA Warns of Ongoing Spyware Campaign Targeting High Value Messaging Users

CISA has issued an urgent alert about threat actors deploying commercial spyware and remote access trojans through mobile messaging apps. These campaigns use advanced social engineering, fake app installations, and account hijacking to compromise devices belonging to high-value individuals, including government officials, activists, and civil society members across the U.S., Middle East, and Europe.

What You Should Do

• Use end-to-end encrypted messaging apps and enable FIDO phishing-resistant authentication.

• Avoid SMS-based two-factor authentication and use a dedicated password manager.

• Check app downloads carefully and avoid installing apps from unknown sources or links.

• Set a telecom provider PIN to prevent SIM-swapping.

• Keep your device fully updated and consider using the latest hardware for stronger security.

• iPhone users should enable Lockdown Mode and iCloud Private Relay.

• Android users should use devices from manufacturers with strong security reputations and turn on enhanced Safe Browsing.

Why This Matters

These spyware campaigns are ongoing and highly targeted. Threat actors use sophisticated tactics, including zero-click exploits and spoofed versions of legitimate apps, to gain persistent access to sensitive communications. Strengthening device and account security is essential to reduce the risk of compromise.

Visit Book Club

📚 Cyber Book

Behavioral Insights in Cybersecurity by Dustin S. Sachs

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.