👉 What’s the latest in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Chrome Addon Injects Hidden Solana Fees

A new malicious Chrome extension called Crypto Copilot is stealthily siphoning Solana (SOL) from users by injecting a hidden transfer into legitimate swap transactions, draining funds to an attacker’s wallet without the user’s knowledge. The extension, which was live on the Chrome Web Store, camouflages its fraudulent activity by using legitimate-looking infrastructure and only revealing the details of the intended crypto swap in the user interface.

2. RomCom Uses Fake Updates To Spread Malware

The Russia-aligned RomCom threat group, attributed to the GRU’s Unit 29155, recently employed the SocGholish JavaScript loader for the first time to deliver the Mythic Agent against a U.S. civil engineering company with past ties to Ukraine. This incident highlights RomCom’s continued focus on targeting entities connected to Ukraine using the rapid, initial-access capabilities of the SocGholish malware family.

3. JackFix Spreads Stealers Via Fake Updates

Cybersecurity researchers have uncovered a new campaign, dubbed JackFix, that utilizes fake adult websites and “critical” Windows security update lures to trick users into executing malicious commands, leveraging the rising prevalence of ClickFix-style attacks. The highly deceptive, full-screen alert pressures victims into manually running an MSHTA payload, initiating a multi-stage infection sequence designed to conceal the attacker’s activities.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Hacker Takes Over Houston Radio Airwaves

A local Houston ESPN Radio affiliate’s broadcast of the Dallas Cowboys vs. Philadelphia Eagles game was hijacked by a hacker, who aired an Emergency Alert System (EAS) tone followed by a racist and vulgar song for several minutes. The station, ESPN 97.5, acknowledged the incident and apologized to listeners.

5. CodeRED Cyberattack Disrupts Alerts

A cyberattack on the Crisis24 OnSolve CodeRED emergency notification platform severely disrupted the alert systems of state and local governments and police departments across the United States, forcing the company to rebuild the service using an older backup. During the incident, an organized cybercriminal group, later identified as the INC Ransom gang, stole sensitive user data, including names, addresses, and passwords, although Crisis24 states there is currently no evidence of the data being published online.

6. Exchange Online Outage Blocks Mail

Microsoft is actively investigating a service outage, tracked as EX1189820, affecting Exchange Online that prevents customers in the Asia Pacific and North America regions from accessing their mailboxes via the classic Outlook desktop client, prompting the company to recommend using Outlook on the Web as a temporary workaround. This connectivity issue, which has also been reported to cause server connection and login problems, follows a separate, ongoing incident (EX1189768) also impacting classic Outlook users, specifically causing search and free/busy status issues, as Microsoft works to identify and mitigate the root cause of both service disruptions.

For more incidents click here!

Read Report

📢 Cyber News

7. FBI Reports 262 Million In Fraud

The FBI has issued a warning regarding a significant rise in Account Takeover (ATO) fraud, where cybercriminals impersonate financial institutions using social engineering tactics to steal login credentials, including multi-factor authentication codes, leading to over $262 million in losses and 5,100 complaints this year. These schemes target individuals and organizations of all sizes, enabling criminals to gain unauthorized access to financial and payroll accounts, quickly siphon funds, change passwords, and obscure the money trail by converting the stolen funds into cryptocurrency.

8. Tor Adopts New Onion Relay Encryption

Tor has upgraded its relay-to-relay encryption algorithm, moving from the outdated tor1 design to the modern Counter Galois Onion (CGO) to boost security and anonymity against contemporary traffic-interception threats. The change provides immediate forward secrecy, stronger authentication, and protection against tagging attacks by malicious relays.

9. Crime Rings Use Hackers To Hijack Trucks

Cybersecurity researchers have identified a growing campaign where hackers infiltrate trucking and freight companies, often in collaboration with organized crime, to steal and sell cargo shipments, posing a significant threat to the global supply chain that could cost companies and consumers billions of dollars annually. The sophisticated heists rely on social engineering and exploiting industry processes, such as compromising online load boards to trick carriers into clicking malicious links that grant remote network access, with the stolen goods frequently being sold online or shipped internationally.

For more news click here

Check Events

📈Cyber Stocks

On Wednesday, 26th November, these cybersecurity stocks showed modest gains as markets adjusted to renewed activity in identity, vulnerability management, and cloud-security demand. A mix of strong fundamentals, optimism around AI and identity-security adoption, and rotation from broader tech helped lift the group. Still, valuations and competitive dynamics remain focal points for investors, keeping most moves measured rather than explosive.

• CyberArk Software Ltd. (CYBR) closed at 447.45 dollars and rose, backed by solid underlying demand for identity- and privileged-access management platforms and investor optimism around its recurring-revenue model.

• Check Point Software Technologies Ltd. (CHKP) closed at 185.90 dollars and moved higher, supported by continuing strength in network-security and firewall demand amid enterprise efforts to harden perimeter and cloud defenses.

• Rapid7, Inc. (RPD) closed at 15.33 dollars and ticked up, reflecting renewed interest in vulnerability management, detection & response solutions as organisations brace for year-end security audits and compliance pushes.

• SentinelOne, Inc. (S) closed at 16.23 dollars and advanced, boosted by growing adoption of AI-driven endpoint detection and response (EDR) capabilities amid a rising threat environment and enterprises’ shift to next-gen security stacks.

• Qualys, Inc. (QLYS) closed at 141.79 dollars and gained, supported by ongoing demand for cloud-based vulnerability scanning, compliance, and continuous monitoring is increasingly important as organisations scale hybrid-cloud deployments.

💡 Cyber Tip

💸 Chrome Extension Injects Hidden Solana Fees During Swaps

A malicious Chrome extension called Crypto Copilot has been caught secretly stealing Solana (SOL) from users by inserting an extra transfer into legitimate Raydium swap transactions. The extension disguises itself as a crypto trading helper and uses legitimate services to appear trustworthy, while silently siphoning funds to an attacker-controlled wallet.

What You Should Do

• Remove the Crypto Copilot extension immediately if installed.

• Always verify transaction details before signing, especially when using browser-based wallets.

• Avoid installing crypto extensions from unknown publishers or those with very few user reviews.

• Monitor your wallet for unexpected SOL transfers or small fees you did not authorize.

• Use trusted, well-established DEX tools and wallet extensions downloaded from official sources.

Why This Matters

The extension injects hidden fees into each swap without showing them in the interface, making the theft almost invisible. Attackers use obfuscated code, real RPC services, and legitimate-looking infrastructure to bypass Chrome Web Store checks and trick users. Careful extension hygiene and transaction review are essential to avoid silent losses.

Visit Book Club

📚 Cyber Book

Human Hacking by Christopher Hadnagy and Seth Schulman

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.