Cyber Briefing: 2025.08.27

👉 What's trending in cybersecurity today?

Hackers stole OAuth tokens from Salesloft, exposed SSNs and financial data in New Jersey, and deployed malware like MixShell targeting U.S. supply chains. Messaging apps and major retailers also faced attacks, putting millions of users’ data at risk.

Listen to our podcast here ⏬

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe

🚨 Cyber Alerts

1. AI Attack Hides Prompts In Images

Researchers have created a new attack that steals user data by embedding malicious prompts in images processed by AI systems. The prompts, invisible to the human eye, become readable by the AI when the image is downscaled, leading to data exfiltration without the user's knowledge.

2. MixShell Hts US Supply Chain Firms

In a new and concerning cyberattack, threat actors are using a social engineering campaign named ZipLine to target companies critical to the global supply chain, luring them into multi-week conversations before deploying the in-memory malware MixShell. Unlike typical phishing attacks, this campaign initiates contact through a company's public 'Contact Us' form and patiently builds trust before delivering the malicious payload.

3. WhatsApp Desktop Code Execution Risk

WhatsApp Desktop on Windows is vulnerable to a flaw that could allow arbitrary code execution through maliciously crafted Python archive files (.pyz). Attackers can gain complete control of a user's system with a single click, as the application fails to properly handle and validate these files, and Meta has not yet classified the issue as a security vulnerability.

For more alerts, click here!

💥 Cyber Incidents

4. NJ Social Services Reports Data Breach

Legacy Treatment Services in New Jersey recently confirmed a data breach from October 2024 that compromised the personal and medical information of 41,826 people. The ransomware group Interlock, which claimed responsibility for the attack, reportedly stole 170 GB of sensitive data, including Social Security numbers, financial information, and clinical records.

5. Auchan Retailer Reports Data Breach

French retailer Auchan has informed several hundred thousand of its customers that their sensitive loyalty account data was exposed in a recent cyberattack. The exposed data includes names, addresses, phone numbers, and loyalty card numbers, though the company states that financial data and passwords were not compromised.

6. Salesloft Breach Exposes OAuth Tokens

Hackers breached Salesloft to steal OAuth and refresh tokens from its Drift chat agent integration, using them to pivot into customer Salesforce environments and exfiltrate sensitive data. The threat actors, identified by Google's Threat Intelligence team as UNC6395, sought to steal credentials like AWS access keys, passwords, and Snowflake tokens to further their access and compromise other systems.

For more incidents click here!

📢 Cyber News

7. Tokyo Meeting on North Korea IT Threat

In a collaborative effort, multiple governments and companies convened in Tokyo to address North Korea's ongoing campaign of illicitly hiring its IT workers. The forum, organized by the U.S. State Department with Japan and South Korea, aimed to foster a collective defense against this scheme, which funds North Korea's weapons programs.

8. Durov Calls France Arrest Unfair

Telegram CEO Pavel Durov, who was briefly detained in France a year ago for alleged criminal activity on his platform, has been vocally critical of the ongoing legal process, calling his arrest "absurd" and complaining about the requirement to return to France every 14 days without an appeal date. Despite his release on bail and permission to travel, he remains under judicial supervision while the complicated case, which he argues is unprecedented and based on the actions of his users, slowly proceeds.

9. $29M Hacking Ring Mastermind Extradited

A Chinese national suspected of leading a hacking group that stole $29 million from Korean victims, including BTS member Jungkook, has been extradited from Thailand to Korea. The suspect allegedly used illegally obtained personal data to open new mobile phone accounts in victims' names to access their financial and cryptocurrency accounts.

For more news, click here

📈Cyber Stocks

As markets opened on Wednesday, August 27, 2025, cybersecurity stocks traded with muted momentum as investors looked ahead to key earnings reports and industry conference updates.

• Radware (RDWR) inched up 0.91% to $24.92, benefiting from lingering optimism around strong Q2 execution and recent analyst upgrades despite broader valuation concerns.
• Rapid7 (RPD) slipped 0.15% to $20.14, as cautious sentiment around slowing growth and revised guidance overshadowed stability in its subscription revenues.
• Check Point Software Technologies (CHKP) edged down 0.06% to $187.62, with investors awaiting strategic commentary from its participation in the Deutsche Bank Technology Conference.
• SentinelOne (S) dropped 1.1% to $16.42, pressured by pre-earnings jitters as traders weighed upcoming results against steady ARR growth and new institutional backing.
• CrowdStrike (CRWD) declined 0.35% to $417.60, as concerns over softening EPS growth tempered enthusiasm, even as anticipation built for its post-market earnings release later in the day.

💡 Cyber Tip

💻 WhatsApp Desktop Users at Risk of Code Execution via Malicious Files

A flaw in WhatsApp Desktop for Windows exposes users to remote code execution if they open specially crafted Python archive files (.pyz). Attackers can send a malicious .pyz file through WhatsApp, and with a single click, the file executes if Python is installed on the system. This grants attackers full control of the victim’s computer, including access to files, data theft, and malware installation. The issue remains unpatched as Meta has not yet classified it as a vulnerability.

✅ What you should do:

• Do not open or preview .pyz files received via WhatsApp or other messaging apps
• If you do not use Python, consider removing it from Windows PATH settings or uninstalling it altogether
• Use endpoint protection that can detect suspicious script execution
• Keep backups of important files to reduce impact if compromised
• Be extra cautious of files with unfamiliar extensions sent by unknown or even trusted contacts

🔒 Why this matters

This flaw turns a trusted communication app into an attack vector. Because it leverages normal file handling on Windows, it bypasses common defenses and can fool non-technical users. Until Meta issues a fix or mitigation, the best defense is user awareness and strict caution with unknown file types.

📚 Cyber Book

Hate Speech against Women Online: Concepts and Countermeasures by Louise Richardson-Self

Get book: https://amzn.to/3x2e2X9

💼 Cyber Jobs

Today’s 10 curated cybersecurity job openings: 

1. 🇺🇸 cFocus Software Incorporated – Senior Threat Hunter, Washington, DC, USA – Apply
2. 🇺🇸 Insight Global – Vulnerability Analyst, Springfield, VA, USA – Apply
3. 🇺🇸 DCS Corp – Cyber Test Analyst, Senior, Las Vegas, NV, USA – Apply
4. 🇺🇸 Conviso Inc. – Vulnerability Engineer, Washington DC-Baltimore Area, USA – Apply
5. 🇨🇦 Quantum World Technologies Inc. – Information Security Engineer with DevOps, Toronto, ON, Canada – Apply
6. 🇨🇦 Air Transat – Senior Cybersecurity Specialist, Montreal, QC, Canada – Apply
7. 🇨🇦 Procurify – Senior Security Engineer, Canada – Apply
8. 🇨🇦 Pantheon – Senior Security Engineer, Vancouver, BC, Canada – Apply
9. 🇮🇳 Kyndryl – Cybersecurity Subject Matter Expert, Bengaluru, Karnataka, India – Apply
10. 🇮🇳 Cyderes – Senior Threat Hunter, Bengaluru, Karnataka, India – Apply

If you know someone on the job hunt, share this with them!

📅 Cyber Events

Find global upcoming cybersecurity events here.

1. 🇺🇸 20th Annual API Cybersecurity Conference for the Oil & Natural Gas Industry – The Woodlands, TX – November 11–12, 2025 – RSVP
2. 🇬🇧 UKSec – London, UK – November 11–12, 2025 – RSVP
3. 🇸🇬 CSO30 Awards ASEAN & HK – Singapore – November 12, 2025 – RSVP
4. 🇺🇸 SECURITY 500 Conference – Washington, D.C., USA – November 17, 2025 – RSVP
5. 🇺🇸 Cybersecurity Summit – New York, NY, USA – November 18, 2025 – RSVP
6. 🇬🇧 CSO Security Summit UK 2025 – London, UK – November 27, 2025 – RSVP
7. 🇬🇧 CSO Awards UK 2025 – London, UK – November 27, 2025 – RSVP
8. 🇸🇦 Black Hat Middle East & Africa – Riyadh, Saudi Arabia – November 24–26, 2025 – RSVP
9. 🇺🇸 SANS Dallas 2025 – Dallas, TX – December 1–6, 2025 – RSVP
10. 🇸🇪 State of Cyber Security 2025 – Stockholm, Sweden – December 2, 2025 – RSVP

That concludes today’s briefing. You can check the top headlines here!

Copyright © 2025 CyberMaterial. All Rights Reserved.

Follow CyberMaterial on:

Substack, LinkedIn, Twitter, Reddit, Instagram, Facebook, YouTube, and Medium