Cyber Briefing: 2025.08.28
Cyber Briefing: 2025.08.28
👉 What's going on in the cyber world today? A wave of cyber threats is emerging worldwide: AI-driven ransomware is on the rise, coordinated scans target Microsoft RDP servers, ShadowCaptcha exploits WordPress sites to spread malware, Nevada shuts state offices after IT disruptions, DOGE exposes social security data in the cloud, Swedish municipalities suffer ransomware via an IT supplier, US appeals sentences for HashFlare Ponzi schemers, Russia considers banning Google Meet, and global Salt Typhoon hacking campaigns are linked to Chinese tech firms.
Listen to our podcast here ⏬
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe
PromptLock is a new AI-powered ransomware discovered by ESET that uses a hard-coded prompt injection attack on a large language model to exfiltrate files, encrypt data, and generate ransom notes. Written in Golang, the malware leverages a local version of an OpenAI model to carry out its functions, demonstrating a novel use of AI in cyberattacks.
Cybersecurity firm GreyNoise has detected a significant, coordinated spike in scanning activity from nearly 2,000 IP addresses targeting Microsoft Remote Desktop (RDP) portals. This reconnaissance campaign appears to be exploiting subtle timing flaws to validate usernames, likely in preparation for future brute-force or password-spray attacks, and may be a single botnet or toolset originating from Brazil.
A new cyber campaign, dubbed ShadowCaptcha, is exploiting over 100 compromised WordPress sites to trick users into downloading information stealers, ransomware, and crypto miners. The attacks use a social engineering technique called ClickFix to deliver malicious payloads by misleading users into running built-in Windows tools or saving and executing malicious HTML files.
For more alerts click here!
Nevada is grappling with a cyberattack that began on Sunday, which has taken down state websites and phone systems, forcing the closure of all state offices on Monday. While emergency services like 911 remain unaffected, the prolonged disruption has led to a coordinated recovery effort involving state, local, and federal agencies.
A whistleblower has revealed that a Department of Government Efficiency (DOGE) within the Social Security Administration (SSA) created an unsecure live copy of the nation's entire Social Security dataset in a cloud environment, bypassing critical security controls. This action, which could expose over 300 million Americans to identity theft, was taken despite a court-ordered temporary restraining order and in violation of federal security guidelines.
A suspected ransomware attack on Miljödata, a software provider for Swedish municipal governments, has impacted around 200 municipalities and regions. The attackers are attempting to extort the company, which handles sensitive HR data like sick leave and medical certificates.
For more incidents click here!
US prosecutors are appealing the time-served sentences given to the co-founders of the $577 million HashFlare crypto Ponzi scheme, arguing that the punishment is too lenient for the severity of the fraud. This appeal highlights the growing debate over the consequences for crypto criminals, with some experts and investigators warning that a lack of significant penalties may be fueling a rise in crypto-related crime.
A senior Russian official has stated that the government is considering blocking Google Meet following recent service disruptions, as part of a broader move to ban Western apps deemed a national security threat. This potential action is seen as a way to promote state-backed alternatives and exert more control over digital communications within the country.
The U.S. National Security Agency (NSA), the UK's National Cyber Security Centre (NCSC), and partners from over a dozen countries have formally linked the global "Salt Typhoon" hacking campaigns to three China-based technology firms.
For more news click here
📈Cyber Stocks
At the outset of Thursday’s trading on August 28, 2025, cybersecurity stocks reversed recent weakness, with investors positioning around earnings catalysts, technical rebounds, and fresh strategic signals.
💡 Cyber Tip
💻 Shadowcaptcha Uses WordPress Sites To Spread Ransomware Info Stealers And Crypto Miners
A new large-scale campaign has been observed exploiting over 100 compromised WordPress sites to direct site visitors to fake CAPTCHA verification pages that employ the ClickFix social engineering tactic to deliver information stealers, ransomware, and cryptocurrency miners.
✅ What you should do:
🔒 Why this matters:
The ShadowCaptcha campaign is a sophisticated threat that blends social engineering, legitimate system tools (LOLBins), and multi-stage payload delivery. By leveraging over 100 compromised WordPress sites, attackers can reach a large number of unsuspecting users. The use of ClickFix tactics is particularly effective as it tricks users into willingly running malicious code, bypassing traditional security layers. Since it relies on user action, the best defense is vigilance and a strong security posture, both for individuals and website owners.
📚 Cyber Book Scam Me If You Can: Simple Strategies to Outsmart Today's Rip-off Artists by Frank Abagnale
Get book: https://amzn.to/4oXbSCw
💼 Cyber Jobs
Today’s 10 curated cybersecurity job openings:
If you know someone on the job hunt, share this with them!
📅 Cyber Events
Find global upcoming cybersecurity events here.
That concludes today’s briefing. You can check the top headlines here!
Copyright © 2025CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: