Cyber Briefing: 2025.08.1

👉 What's happening in cybersecurity today?

Recent cyber threats affected multiple sectors, from Microsoft flaws exploited in Canada’s House of Commons to attacks on Colt and data breaches at Workday. Plex urged users to patch vulnerabilities, OpenAI develops an AI browser to challenge Google, and Microsoft Teams adds protections against malicious files and URLs.

Listen to our podcast here ⏬

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe

🚨Cyber Alerts

1. Fake Law Firms Exploit Crypto Victims

Fraudulent law firms are targeting victims of cryptocurrency scams, offering to recover their lost funds while actually perpetuating new scams. These schemes exploit victims' emotional and financial vulnerabilities, often using impersonation and deceptive tactics to steal more money and personal data.

2. Plex Urges Users to Patch Fast

Plex recently notified users to update their media servers immediately due to a newly patched security flaw affecting versions 1.41.7.x to 1.42.0.x. The company strongly recommends users install the patch, available in Plex Media Server 1.42.1.10060, to protect against potential exploitation.

3. Man in the Prompt Reveals Hidden AI Threat

A new threat called "Man-in-the-Prompt" is targeting AI tools by using simple browser extensions. These extensions can access and modify user prompts to steal data, manipulate responses, and bypass security controls, posing a significant risk, especially for businesses.

For more alerts click here!

💥Cyber Incidents

4. Hackers Exploit Microsoft Flaw in Canada

Hackers breached Canada's House of Commons by exploiting a recent Microsoft vulnerability, compromising employee data. The House of Commons and Canada's Communications Security Establishment are investigating the incident, which exposed information like names, job titles, and email addresses.

5. Colt Hit by Cyberattack Shuts Systems

Colt Technology Services has confirmed that a cyber incident is responsible for the multi-day outage of its customer portal and other services, though it claims no customer or employee data has been improperly accessed. Despite the company's statement, a ransomware group named WarLock has claimed responsibility for the attack and is attempting to sell what it alleges is stolen employee and company data.

6. Workday Discloses Data Breach

Workday, a human resources firm, has disclosed a data breach that resulted from a social engineering attack on a third-party CRM platform. While core customer data was not compromised, attackers gained access to business contact information, including names, emails, and phone numbers, which could be used for future scams.

For more incidents click here!

📢Cyber News

7. DoJ Seizes $2.8M from Zeppelin Hack

The U.S. Department of Justice has seized over $2.8 million in cryptocurrency, along with cash and a luxury vehicle, from Ianis Antropenko, who is charged in Texas for his alleged role in the defunct Zeppelin ransomware operation. Antropenko is accused of using the ransomware to attack victims globally and then laundering the illicit proceeds through services like ChipMixer.

8. OpenAI Prepares AI Browser Challenge

OpenAI is developing an AI-powered browser based on the Chromium engine, which is expected to debut on macOS first. The browser will deeply integrate with ChatGPT and feature a unified agentic system to automate browsing tasks, giving users more reasons to stay within the chat interface.

9. Microsoft Teams Boosts Security

Microsoft is introducing enhanced security features to Microsoft Teams, including protection against malicious file types and dangerous URLs in chats and channels. These updates aim to better safeguard users from malware and other cyber threats.

For more news click here

📈Cyber Stocks

Here’s how cybersecurity stocks performed on Monday, August 18, 2025, as investors navigated earnings anticipation, M&A developments, and institutional activity:

• Palo Alto Networks (PANW) rose 2.05% to $177.09, buoyed by renewed optimism following a Piper Sandler upgrade and enthusiasm about its impending $25 billion CyberArk acquisition and its potential to enhance long-term earnings and free cash flow 

• Rapid7 (RPD) gained 1.53% to $21.27, as Q2 earnings and bullish FY2025 guidance lifted sentiment despite lingering valuation concerns

• Check Point Software Technologies (CHKP) added 1.84% to $188.92, supported by steady enthusiasm around its long-term billings growth and stabilizing investor confidence after last week’s volatility 

• SentinelOne (S) edged up 1.36% to $16.80, as Nuveen’s $33.6 million stake and positive analyst attention reinforced confidence in its AI security platform 

• Okta (OKTA) climbed 3.83% to $92.02, driven by investor interest following a substantial institutional stake increase and lifted sentiment from upgraded price targets 

💡 Cyber Tip

⚖️ Beware of Fake Law Firms Exploiting Crypto Scam Victims

Fraudsters are impersonating law firms and regulators to target cryptocurrency scam victims with false promises of fund recovery. These criminals use fake documents, impersonate real attorneys, and even create bogus government agencies to appear legitimate. Victims, often already defrauded once, are tricked into sending more money or personal information, deepening their losses.

✅ What you should do

• Be cautious of unsolicited contacts from anyone claiming to recover lost crypto funds

• Verify law firms directly by checking official bar association directories or requesting video proof of licensing

• Never pay “recovery fees” through crypto or gift cards—legitimate agencies do not request this

• Watch for red flags like mentions of fake agencies (e.g., “INTFTC”) or urgent secrecy requests

• If targeted, report immediately to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov

🔒 Why this matters

These scams prey on victims’ hope of recovering lost assets and exploit their emotional vulnerability. By using legal impersonation and fake recovery services, fraudsters create a cycle of re-victimization. Staying skeptical and verifying credentials is the best defense.

📚 Cyber Book

Practical Internet of Things Security by Brian Russell, Drew Van Duren

Get book: https://amzn.to/3HX6LPQ

💼 Cyber Jobs

Today’s 10 curated cybersecurity job openings: 

1. 🇺🇸 Medpace – Network Information Security Engineer, Cincinnati, OH, USA – Apply

2. 🇺🇸 AXIS (AXIS Capital) – Security Engineer, Red Bank, NJ, USA – Apply

3. 🇺🇸 SMBC Group – Cyber Security Analyst - Threat Researcher, Charlotte, NC, USA – Apply

4. 🇺🇸 Exelon – Cyber Sec Vul Mgmt Anlst, Washington, DC, USA – Apply

5. 🇺🇸 Draper – System Security Engineer, Cambridge, MA, USA – Apply

6. 🇬🇧 Rolls-Royce – IT Security Auditor, Derby, England, UK – Apply

7. 🇬🇧 Sopra Steria – Cyber Security Specialist Analyst, London, England, UK – Apply

8. 🇦🇺 Wannon Water – Cyber Risk and Awareness Analyst, Warrnambool, VIC, Australia – Apply

9. 🇦🇺 Metro Finance – Cybersecurity Graduate Analyst, Sydney, NSW, Australia – Apply

10. 🇮🇳 Chevron – Lead IT Cybersecurity Engineer, Bengaluru, Karnataka, India – Apply

If you know someone on the job hunt, share this with them!

📅 Cyber Events

Find global upcoming cybersecurity events here.

1. 🇬🇧 International Cyber Expo – London, UK – September 30 – October 1, 2025 – RSVP

2. 🇨🇦 SECTOR – Toronto, Canada – September 30 – October 2, 2025 – RSVP

3. 🇺🇸 Innovate Cybersecurity Summit – Scottsdale, AZ – October 5–6, 2025 – RSVP

4. 🇪🇺 European Cybersecurity Challenge (ECSC) – Europe – October 6–10, 2025 – RSVP

5. 🇫🇮 Cyber Security Nordic – Helsinki, Finland – November 4–5, 2025 – RSVP

6. 🇧🇷 CS4CA LatAm Summit – São Paulo, Brazil – November 4–5, 2025 – RSVP

7. 🇨🇦 Cyber Summit – Banff, Canada – November 4–6, 2025 – RSVP

8. 🇩🇪 Enterprise AI Security Transformation Assembly Europe – Munich, Germany – November 5, 2025 – RSVP

9. 🇺🇸 SecureWorld Seattle – Bellevue, WA – November 5–6, 2025 – RSVP

10. 🇫🇷 Cloud & Cyber Security Expo – Paris, France – November 5–6, 2025 – RSVP

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium.