👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Albiriox Malware Hits Hundreds Of Apps

A potent new Android malware called Albiriox is being offered via a malware-as-a-service (MaaS) model, providing a “full spectrum” of features for on-device fraud, screen manipulation, and real-time interaction with infected devices, often bypassing security measures by leveraging accessibility services for covert operation against over 400 financial apps. Threat actors, suspected to be Russian-speaking, use social engineering lures and dropper apps to deploy the main payload, with initial campaigns observed explicitly targeting Austrian victims.

2. Tomiris Shifts To Public Service C2

The threat actor Tomiris is targeting Russian foreign ministries and government entities, as well as several Central Asian countries, with spear-phishing attacks designed to establish remote access using implants that cleverly utilize public services like Telegram and Discord for command-and-control (C2) communications to avoid detection. This campaign marks an evolution in Tomiris’s tactics, which focuses primarily on intelligence gathering, despite some historical malware overlaps with Russian-linked threat actors like APT29 and Turla.

3. Google Meet Page Used To Deliver Malware

A sophisticated malware campaign is targeting remote workers through a fake Google Meet landing page that uses a social engineering tactic called ClickFix to bypass security controls and deliver a Remote Access Trojan (RAT). This attack tricks the user into manually executing a malicious PowerShell script copied to their clipboard, bypassing typical browser security like Safe Browsing.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Yearn Finance Hit By 9M Token Exploit

Decentralized finance protocol Yearn Finance was hit by a major security exploit on November 30th, resulting in the loss of nearly $9 million from a custom stable-swap pool linked to its legacy yETH token. The attack leveraged a vulnerability in the pool’s code, allowing the perpetrator to mint an almost unlimited number of fake tokens and drain the real underlying assets in a single transaction.

5. Ransomware Hits Golf Manor Network

A ransomware attack has successfully breached the Village of Golf Manor’s internal computer network, encrypting systems and impacting all stored data backups, rendering vital information inaccessible to administrators. Village Council members will reconvene in December to consider paying the ransom, a decision permissible under Ohio law, though the source of the breach and potential impact on resident services and personal data remain unknown.

6. Ecommerce Breach Exposes 34 Million

South Korean e-commerce giant Coupang, often called the “Amazon of South Korea,” has apologized after a massive data breach likely exposed personal details—including names, addresses, and phone numbers—for nearly 34 million local customer accounts. Authorities are investigating the incident, which reportedly began in June via an overseas server and may involve a former employee, as Coupang assures customers that no credit card or login credentials were leaked.

For more incidents click here!

Read Report

📢 Cyber News

7. Hackers Register 18000 Holiday Domains

The 2025 holiday shopping season is facing an unprecedented surge in cyber threats driven by criminals using industrialized, automated infrastructure to deploy thousands of deceptive digital assets, primarily look-alike e-commerce websites, which are designed to steal sensitive consumer data and leverage SEO poisoning during the global peak in online commerce.

8. Comcast To Pay 1.5 Million FCC Fine

Comcast has agreed to pay a $1.5 million fine to the FCC to settle an investigation into a data breach that exposed the personal information of over 237,000 customers after a vendor, Financial Business and Consumer Solutions (FBCS), mishandled the sensitive data. The settlement requires Comcast to implement a comprehensive compliance plan to strengthen oversight and security practices for all its third-party vendors.

9. Linux 6.18 Released With New Hardware

Linux kernel 6.18 was officially released by Linus Torvalds on November 30, 2025, bringing significant enhancements in hardware support, driver updates, and file system improvements, despite slightly increased bug-fixing activity in the final week. This stable release expands compatibility with new platforms like Intel Wildcat Lake and prepares for the immediate opening of the Linux 6.19 merge window, which may experience minor delays due to the kernel maintainer summit and the holiday season potentially extending its cycle.

For more news click here

Check Events

📈Cyber Stocks

On Monday, 1st December, cybersecurity stocks as a group showed selective strength as markets greeted renewed demand for identity, cloud and perimeter-security solutions against a backdrop of ongoing macro uncertainty. Investor interest focused on companies with stable subscription-based business models and growing enterprise demand, while valuation and broader tech sentiment remained watchpoints. Geopolitical cyber-risk awareness and enterprise pressure to harden defenses continued to underpin investor interest across the sector.

• CyberArk Software Ltd. closed at 458.59 dollars and moved up, driven by investor confidence in its identity-security and privileged-access management leadership, buoyed by its high recurring-revenue base and strong demand outlook.

• Check Point Software Technologies Ltd. closed at 186.77 dollars and rose modestly, reflecting its ongoing strength in network and perimeter security amid enterprises’ continued efforts to reinforce firewall and cloud defenses.

• Rapid7, Inc. closed at 15.68 dollars and ticked up, supported by growing demand for vulnerability-management, detection and response tools as organisations brace for regulatory compliance and rising cyber threats.

• SentinelOne, Inc. closed at 16.21 dollars and advanced, boosted by increased investor interest in AI-driven endpoint detection and response (EDR) platforms amid a rising threat environment and enterprise shift toward next-gen security stacks.

• Qualys, Inc. closed at 140.85 dollars and dipped slightly, though demand for its cloud-based vulnerability scanning and compliance services remains stable; investors appeared cautious given broader tech volatility and the absence of immediate catalysts.

💡 Cyber Tip

📱 Albiriox Malware Targets Hundreds of Financial Apps

A powerful new Android malware called Albiriox is being sold as malware-as-a-service and is capable of full device control, on-device fraud, and stealthy screen manipulation. It targets over 400 financial and crypto apps, bypasses protections by abusing accessibility services, and is spread through deceptive dropper apps delivered via social engineering campaigns. Early attacks have already targeted users in Austria.

What You Should Do

• Avoid installing apps from SMS links, shortened URLs, or fake app store pages.

• Review your Android accessibility settings and revoke permissions from apps you do not fully trust.

• Install apps only from the official Google Play Store or verified developer sources.

• Monitor banking and crypto accounts for unauthorized activity.

• Use mobile security tools that detect overlay attacks, accessibility abuse, and dropper behavior.

Why This Matters
Albiriox gives attackers real-time remote control through a VNC module that abuses accessibility data to bypass FLAG_SECURE protections used by banking apps. Its ability to perform overlays, hide activity behind fake screens, and carry out on-device fraud makes it one of the most capable Android threats currently in circulation.

Visit Book Club

📚 Cyber Book

How to Protect Yourself from Online Scams A Guide to Safe Shopping and Phishing Prevention by Atanas Atanasov

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.