👉 What’s going on in the cyber world today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. WordPress Elementor Addon Flaw Exploited

Attackers are actively exploiting a critical privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor WordPress plugin, allowing them to gain administrative access during registration, with over 48,400 exploit attempts blocked since the issue’s public disclosure on October 30. Separately, a new critical unauthenticated Remote Code Execution (RCE) vulnerability (CVE-2025-13486) has been disclosed in the widely used Advanced Custom Fields: Extended plugin, prompting urgent updates for both to prevent website compromise.

2. Record DDoS Linked To Massive Botnet

Cloudflare successfully stopped the largest-ever distributed denial-of-service (DDoS) attack recorded, which peaked at a massive 29.7 terabits per second (Tbps). This record-breaking activity and numerous other hyper-volumetric attacks were linked to a powerful DDoS botnet-for-hire known as AISURU, which leverages an estimated 1-4 million infected hosts globally.

3. RSC Bugs Let Hackers Run Remote Code Now

A critical, maximum-severity security flaw (CVE-2025-55182, CVSS 10.0, codenamed React2shell) has been discovered in React Server Components (RSC), allowing unauthenticated remote code execution (RCE). The vulnerability stems from the unsafe deserialization of payloads sent to React Server Function endpoints, which allows an attacker to execute arbitrary JavaScript code on the server, affecting multiple versions of several react-server-dom-* packages and related frameworks like Next.js (CVE-2025-66478). Immediate patching to versions 19.0.1 and later is strongly advised, as the flaw requires no special setup and is being actively exploited.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Defender Outage Disrupts Threat Alerting

Microsoft addressed a service incident that temporarily blocked access to certain features within the Defender XDR portal, including threat hunting alerts, due to a surge in traffic causing high CPU utilization on core components. The company applied mitigation measures to restore service and confirmed the issue was resolved for all affected customers after increasing processing throughput.

5. Penn Phoenix Data Breach Oracle Hack Now

The University of Pennsylvania and the University of Phoenix confirmed they were victims of a recent cybercrime campaign targeting customers of Oracle’s E-Business Suite (EBS) solution, leading to the compromise of personal information for an undisclosed number of individuals. The institutions are part of a larger group of organizations, including other major universities and corporations, affected by the attack, which the Cl0p ransomware group has taken credit for.

6. Freedom Mobile Customer Data Breach Exposed

Freedom Mobile, Canada’s fourth-largest wireless carrier, recently experienced a data breach where attackers accessed its customer account management platform using a subcontractor’s compromised account, stealing the personal and contact information of an undisclosed number of customers. The company, now owned by Vidéotron, confirmed that the breach did not affect its network operations and was not a ransomware attack, but it has advised affected customers to be vigilant against potential phishing attempts.

For more incidents click here!

Vote Here

📢 Cyber News

7. Google Expands Android Scam Protection

Google is significantly expanding its Android in-call scam protection feature to include multiple financial applications and banks across the United States, such as Cash App and JPMorgan Chase. This security tool, introduced in Android 16, is designed to interrupt social engineering scams by alerting users when they are on a call with an unknown number while launching a financial app or sharing their screen.

8. Arizona AG Sues Temu Over Data Theft

Arizona Attorney General Kris Mayes filed a lawsuit against the online retailer Temu and its parent company, PDD Holdings Inc., alleging the Chinese-owned platform steals customers’ sensitive personal data and deceives them about product quality. The state’s top prosecutor described the collection of data, which includes GPS locations and lists of other installed apps, as a massive invasion of privacy and a severe violation of the Arizona Consumer Fraud Act.

9. Niobium Raises 23 Million For FHE Tech

Niobium, a Dayton, Ohio-based startup, secured $23 million in an oversubscribed funding round, bringing its total raised to over $28 million. The company is developing a hardware accelerator that speeds up fully homomorphic encryption (FHE) to enable high-performance, privacy-guaranteed computing on encrypted data, addressing risks from quantum computing.

For more news click here

Check Events

📈Cyber Stocks

On Thursday, 4th December, cybersecurity stocks rallied broadly as investors responded positively to steady demand across identity, vulnerability management, perimeter security and endpoint protection. Confidence in recurring revenue models, compliance driven spending and persistent cyber risk awareness supported the sector. Security names showed a clear rebound as investors rotated back into defensive technology positions despite a mixed macro environment.

• CyberArk Software Ltd. closed at 466.48 dollars and moved higher, supported by renewed confidence in the growing priority of identity and privileged access management across enterprises.

• Check Point Software Technologies Ltd. closed at 191.10 dollars and rose, driven by consistent demand for perimeter and cloud security as organisations continued strengthening their network defenses.

• Rapid7, Inc. closed at 16.06 dollars and advanced, reflecting sustained interest in vulnerability management and detection and response capabilities during heightened regulatory and threat conditions.

• SentinelOne, Inc. closed at 16.96 dollars and gained, helped by increasing investor appetite for AI driven endpoint detection and response solutions as cyber threats escalate.

• Qualys, Inc. closed at 149.13 dollars and climbed, supported by strong adoption of cloud based vulnerability scanning, continuous monitoring and compliance tools in hybrid cloud environments.

💡 Cyber Tip

📌 WordPress Elementor Addon Flaw Exploited

Attackers are actively exploiting a critical privilege escalation flaw in the King Addons for Elementor plugin, allowing anyone to register as an admin. Wordfence has already blocked more than 48,400 exploit attempts. A separate unauthenticated remote code execution vulnerability was also disclosed in Advanced Custom Fields: Extended, a plugin used on over 100,000 sites.

What You Should Do

• Update King Addons for Elementor to the latest fixed version right away.

• Update Advanced Custom Fields: Extended to the newest release or temporarily disable it.

• Check for new admin accounts created without your approval.

• Review logs for suspicious admin-ajax.php requests and unusual IP activity.

• Restrict user registration and enable multi-factor authentication on admin accounts.

Why This Matters
One flaw lets attackers create admin accounts. The other allows full remote code execution without even logging in. These are already under active attack. Patching and monitoring are the fastest ways to prevent a complete site takeover.

Visit Book Club

📚 Cyber Book

Scams, Cons, Frauds, and Deceptions by Sean Byrne, and James Byrne

Get Book

That concludes today’s briefing . You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.