Cyber Briefing: 2025.08.21

👉 What's going on in the cyber world today?

Recent cybersecurity events highlight GenAI-powered phishing, QuirkyLoader spreading RATs and keyloggers, malicious Chrome VPNs stealing data, China briefly disconnecting from the global internet, Orange Belgium’s data breach affecting 850,000 customers, and a Scattered Spider hacker sentenced to 10 years and $13M restitution for SIM-swap crypto theft.

Listen to our podcast here ⏬

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe

🚨 Cyber Alerts

1.GenAI Used by Hackers for Phishing

A recent report indicates that cybercriminals are increasingly leveraging generative artificial intelligence platforms to execute sophisticated phishing campaigns. This new threat landscape is characterized by attackers using GenAI services to create convincing malicious content and automate large-scale attacks, which presents a significant challenge to traditional security measures.

2. QuirkyLoader Spreads RATs, Keyloggers

A new malware loader called QuirkyLoader has been used in email spam campaigns to deliver a variety of malicious payloads, including information stealers and remote access trojans. This malware utilizes DLL side-loading and process hollowing techniques to evade detection and infect target systems.

3. Malicious Chrome VPN Steals Data

A Chrome VPN extension called FreeVPN.One, with over 100,000 installations, was discovered to be spyware that secretly captured user screenshots and transmitted sensitive data to remote servers. The malicious extension gained prominence on the Chrome Web Store with a verified badge and featured placement despite its deceptive two-stage architecture that captured everything from banking credentials to private communications.

For more alerts, click here!

💥 Cyber Incidents

4. China Briefly Cuts Off Global Internet

On Wednesday, China's Great Firewall unexpectedly cut off most of the country's internet traffic for just over an hour by blocking TCP port 443, the standard port for secure HTTPS connections. The cause of the unprecedented outage, which disrupted access to foreign websites and essential services, remains unclear, with experts speculating it was either a technical error or a test of a new censorship device.

5. Comet AI Browser Duped by Fake Shops

Emerging agentic AI browsers are vulnerable to both new and old security threats like phishing and prompt injection. A study on Perplexity’s Comet revealed that these tools, which can autonomously perform online tasks, lack sufficient security safeguards and can be easily manipulated to interact with malicious pages, putting user data at risk.

6. Orange Belgium Data Breach Hits 850K

Orange Belgium has disclosed a cyberattack that occurred in July, resulting in the theft of personal data from approximately 850,000 customers. While no passwords or financial information were accessed, the compromised data includes names, phone numbers, SIM card numbers, PUK codes, and tariff plans.

For more incidents, click here!

📢 Cyber News

7. UK Sanctions Kyrgyz Banks, Crypto Ties

The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks, including Capital Bank and crypto exchanges like Grinex, for allegedly helping Russia evade sanctions and fund its war in Ukraine. The measures, which freeze U.K. assets, are part of a coordinated effort with the U.S. to disrupt illicit financial channels and pressure the Kremlin.

8. Elastic Denies Zero-Day RCE in Defend

Elastic, an enterprise search and security company, is refuting claims made by AshES Cybersecurity of a zero-day vulnerability in its Defend EDR product, stating that their thorough investigation found no evidence of a reproducible remote code execution flaw. The dispute escalated because AshES Cybersecurity reportedly refused to provide a proof-of-concept to Elastic, opting instead to publicly disclose their non-reproducible findings.

9. Scattered Spider Hacker Sentenced

Noah Michael Urban, a 20-year-old member of the cybercrime gang Scattered Spider, was sentenced to ten years in U.S. prison for a series of major hacks and cryptocurrency thefts. In addition to his prison time, Urban must also pay $13 million in restitution to his victims.

For more news, click here

📈Cyber Stocks

During the early hours of Thursday, August 21, 2025, cybersecurity stocks reflected cautious investor moves as markets digested earnings updates and global economic signals.

• Palo Alto Networks (PANW) jumped 1.58% to $184.43, buoyed by a strong fiscal full-year outlook driven by accelerating demand for its AI-powered cybersecurity solutions and investor confidence in its strategic CyberArk acquisition and platform expansion.
• Check Point Software Technologies (CHKP) gained 0.65% to $189.29, supported by market stabilization following last week’s Q2 earnings volatility and investor confidence in its long-term billings momentum.
• Rapid7 (RPD) dropped 4.07% to $20.28, as analyst price target cuts and persistent valuation concerns weighed on sentiment despite its solid cash flow performance
• SentinelOne (S) fell 1.27% to $16.74, as sector-wide valuation pressure and anticipation of its upcoming Q2 earnings tempered near-term bullishness.
• Okta (OKTA) slipped 0.15% to $91.03, in line with broader macro caution and ahead of its earnings next week, amid concerns over sustaining premium valuation levels.

💡 Cyber Tip

Remove FreeVPN.One Chrome Extension Exposed as Spyware

A Chrome VPN extension with over 100,000 installs has been revealed to be spyware. The extension, FreeVPN.One, secretly captured screenshots of user activity and exfiltrated sensitive data, including banking credentials, private communications, and corporate information. Despite being verified and featured on the Chrome Web Store, it operated with a hidden two-stage architecture that turned a supposed privacy tool into a surveillance weapon.

✅ What you should do:

• Immediately uninstall from Chrome if you have it installed
• Review and revoke suspicious Chrome extension permissions
• Regularly audit installed extensions, keeping only those from trusted developers
• Use endpoint protection to detect potential spyware or credential theft
• Change any credentials that may have been exposed through this extension

🔒 Why this matters: This case shows how even verified Chrome extensions can transform into spyware through updates. With privileged browser access, malicious add-ons can silently monitor activity, steal financial data, and compromise sensitive accounts. Vigilance and regular extension audits are critical for maintaining browser security.

📚 Cyber Book

Forensics To Expose Cybercriminals A Complete Guide - 2019 Edition by Gerard Blokdyk

Get book: https://amzn.to/3qKvXPg

💼 Cyber Jobs

Today’s 10 curated cybersecurity job openings: 

1. 🇨🇦 Aviva Canada – Cybersecurity Analyst, Markham, ON, Canada – Apply
2. 🇨🇦 Royal Victoria Regional Health Centre – Cyber Security Systems Administrator, Barrie, ON, Canada – Apply
3. 🇨🇦 TELUS Agriculture & Consumer Goods – Security Engineer, Ontario, Canada – Apply
4. 🇨🇦 Highspot – Security Engineer, Vancouver, BC, Canada – Apply
5. 🇨🇦 MDA Space – Cyber Security - Systems Security Engineer, Richmond, BC, Canada – Apply
6. 🇺🇸 Hitachi Digital Services – Cyber Security Architect, Dallas, TX, USA – Apply
7. 🇺🇸 Technix LLC – Cybersecurity Engineer, Austin, TX, USA – Apply
8. 🇮🇳 Black Box – Cybersecurity & GRC Analyst, Bengaluru, Karnataka, India – Apply
9. 🇮🇳 Thales – Cybersecurity Risk and Compliance Manager, Noida, Uttar Pradesh, India – Apply
10. 🇮🇳 Hitachi Rail – Senior Security Engineer, Bengaluru, Karnataka, India – Apply

If you know someone on the job hunt, share this with them!

📅 Cyber Events

Find global upcoming cybersecurity events here.

1. 🇺🇸 The Official Cybersecurity Summit: Atlanta – Atlanta, GA – September 19, 2025 – RSVP
2. 🇺🇸 National Cyber Summit – Huntsville, AL – September 23–25, 2025 – RSVP
3. 🇺🇸 FutureCon Des Moines Cybersecurity Conference – Des Moines, IA – September 25, 2025 – RSVP
4. 🇬🇧 #RISK AI – London, UK – September 25, 2025 – RSVP
5. 🇺🇸 Global Security Exchange (GSX) – New Orleans, LA – September 29 – October 1, 2025 – RSVP
6. 🇬🇧 #CS4CA – London, UK – September 30, 2025 – RSVP
7. 🇬🇧 International Cyber Expo – London, UK – September 30 – October 1, 2025 – RSVP
8. 🇨🇦 SECTOR – Toronto, Canada – September 30 – October 2, 2025 – RSVP
9. 🇺🇸 Innovate Cybersecurity Summit – Scottsdale, AZ – October 5–6, 2025 – RSVP
10. 🇪🇺 European Cybersecurity Challenge (ECSC) – Europe – October 6–10, 2025 – RSVP

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium