11/27-30/2025 November 30, 2025November 30, 2025 ~ The Cyber Beat ~ Leave a comment Bloody Wolf Threat Actor Expands Activity Across Central AsiaNorth Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie MalwareChinese Cyberattack Campaign Likely Impacted Every American, Former FBI Official SaysCritical New FBI Warning: This Simple Hack Can Empty Your Bank AccountPoems Can Trick AI Into Helping You Make a NuclearMalicious LLMs Empower Inexperienced Hackers With Advanced ToolsThreat Actors Exploit Calendar Subscriptions for Phishing and Malware DeliveryFCC Warns of Hackers Hijacking Radio Equipment For False AlertsThe Wired Guide to Digital OPSEC for TeensThree Black Friday Scams to Watch Out For This YearTryHackMe Races to Add Women to Christmas Cyber Challenge Roster After BacklashMicrosoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP UpdateGrapheneOS Bails on OVHcloud Over France’s Privacy StanceMan Behind In-Flight Evil Twin WiFi Attacks Gets 7 Years in PrisonPoland Arrested Suspected Russian Citizen for Hacking Local Organizations’ Computer NetworksGreyNoise Launches Free Scanner to Check if You’re Part of a BotnetAsahi Confirms 1.5 Million Customers Affected in Major Cyber-AttackTop South Korean E-Commerce Firm Coupang Apologises Over Massive Data BreachKorean Web Giant Naver Acquired Crypto Exchange Upbit, Which Reported a $30M Heist a Day LaterFrench Football Federation Suffers Data BreachBrit Telco Brsk Confirms Breach as Bidding Begins for 230K+ Customer RecordsData Copied in Kensington and Chelsea Cyber AttackAt Least 35,000 Impacted by Dartmouth College Breach Through Oracle EBS CampaignComputer Services Impacted After Ransomware Attack Hits Golf Manor (OH)OpenAI Warns of Mixpanel Data Breach Impacting API UsersPublic GitLab Repositories Exposed More Than 17,000 SecretsPostHog Admits Shai-Hulud 2.0 Was Its Biggest Ever Security BungleScattered Lapsus$ Hunters Take Aim At Zendesk UsersLegacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI PackagesMS Teams Guest Access Can Remove Defender Protection When Users Join External TenantsCISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEVCalifornia Law Regulating Web Browsers Could Have National Data Privacy Impact, Experts Say
11/26/2025 November 26, 2025November 26, 2025 ~ The Cyber Beat ~ Leave a comment Bug in Jury Systems Used by Several U.S. States Exposed Sensitive Personal DataNew ShadowV2 Botnet Malware Used AWS Outage as a Test OpportunityGainsight CEO Downplays Breach, Says Only a ‘Handful’ of Customers Had Data StolenKrebs: Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’House Energy and Commerce Committee Unveils New Draft Children’s Online Safety BillQilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data HeistShai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of SecretsRomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent MalwareChrome Extension Caught Injecting Hidden Solana Transfer Fees Into Raydium SwapsPopular Forge Library Gets Fix for Signature Verification Bypass FlawASUS Warns of New Critical Auth Bypass Flaw in AiCloud Routers
11/25/2025 November 25, 2025November 25, 2025 ~ The Cyber Beat ~ Leave a comment CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp UsersFBI: Cybercriminals Stole $262M by Impersonating Bank Support TeamsScammers Hacked Her Phone and Stole Thousands – So How Did They Get Her Details?Crime Rings Enlist Hackers to Hijack TrucksICE Offers up to $280 Million to Immigrant-Tracking ‘Bounty Hunter’ FirmsHashJack Attack Shows AI browsers Can Be Fooled With a Simple ‘#’Tor Switches to New Counter Galois Onion Relay Encryption AlgorithmThe Black Friday 2025 Cybersecurity, IT, VPN, & Antivirus DealsRussia Arrests Young Cybersecurity Entrepreneur on Treason ChargesMultiple London Councils ‘Hit by Cyber-Attacks’Georgia Court Filing Organization Warns of Outages After Ransomware AllegationsClop’s Oracle EBS Rampage Reaches Dartmouth CollegeOnSolve CodeRED Cyberattack Disrupts Emergency Alert Systems NationwideSmishing Triad Impersonation Campaigns Expand GloballyYears of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API KeysNew FlexibleFerret Malware Chain Targets macOS With Go BackdoorToddyCat’s New Hacking Tools Steal Outlook Emails and Microsoft 365 Access TokensJackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
11/24/2025 November 25, 2025November 25, 2025 ~ The Cyber Beat ~ Leave a comment Russian-Linked Malware Campaign Hides in Blender 3D FilesHackers Knock Out Systems at Moscow-Run Postal Operator in Occupied UkraineKrebs: Is Your Android TV Streaming Box Part of a Botnet?Chinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or UyghursUK Privacy Regulator Has Seen ‘Collapse in Enforcement Activity,’ Rights Coalition SaysSoftware Companies Must Be Held Liable for British Economic Security, Say MPsComcast to Pay $1.5 Million U.S. Fine After Vendor Data BreachThis Hacker Conference Installed a Literal Antivirus Monitoring SystemWith AI Reshaping Entry-Level Cyber, What Happens to the Security Talent Pipeline?Harvard University Discloses Data Breach Affecting Alumni, DonorsAI Nude Photo Link Appears on Kansas AG’s Website After Apparent HackFresh ClickFix Attacks Use Windows Update Trick-Pics to Steal CredentialsMalicious Blender Model Files Deliver StealC Infostealing MalwareSecond Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential TheftShadowPad Malware Actively Exploits WSUS Vulnerability for Full System AccessFlaws Expose Risks in Fluent Bit Logging AgentAmazon Is Using Specialized AI Agents for Deep Bug HuntingMicrosoft to Remove WINS Support after Windows Server 2025
11/21-23/2025 November 23, 2025November 23, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked APT31 Launches Stealthy Cyberattacks on Russian IT Using Cloud ServicesMore Companies Are Shifting Workers to Passwordless AuthenticationGoogle Enables Pixel-to-iPhone File Sharing via Quick Share, AirDropPress a Button and This SSD Will Self-Destruct With All Your DataRussia-Linked Crooks Bought a Bank for Christmas to Launder Cyber LootFour Charged Over Alleged Plot to Smuggle Nvidia AI Chips Into China‘Scattered Spider’ Teens Plead Not Guilty to UK Transport HackCrowdStrike Catches Insider Feeding Information to HackersFlock Safety Cameras Used to Monitor Protesters, Rights Group FindsGoogle Begins Showing Ads in AI Mode (AI Answers)A Swath of Bank Customer Data Was Hacked at Real Estate Technology Vendor SitusAMC. The FBI. Is Investigating…Wall Street Banks Scramble to Assess Fallout From Hack of Real-Estate Data FirmCox Enterprises Discloses Oracle E-Business Suite Data BreachIberia Discloses Customer Data Leak After Vendor Security BreachLocal Law Enforcement Agencies in Oklahoma, Massachusetts Responding to Cyber IncidentsShinyHunters ‘Does Not Like Salesforce at All,’ Claims the Crew Accessed Gainsight 3 Months AgoMatrix Push C2: Cybercriminals Exploit Browser Push Notifications to Deliver MalwareGrafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege EscalationCISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
11/20/2025 November 20, 2025November 20, 2025 ~ The Cyber Beat ~ Leave a comment Google Exposes BadAudio Malware Used in APT24 Espionage CampaignsRussia Blacklists S.T.A.L.K.E.R. Game Developer, Accusing It of Aiding Ukraine’s War EffortWith the Rise of AI, Cisco Sounds an Urgent Alarm About the Risks of Aging TechLLM-Generated Malware Is Improving, but Don’t Expect Autonomous Attacks TomorrowCISA Issues New Guidance on Bulletproof Hosting ThreatKrebs: Mozilla Says It’s Finally Done With Two-Faced OnerepThe FCC Is Rolling Back Steps Meant to Stop a Repeat of a Massive Telecom HackU.S. SEC Dismisses Case Against SolarWinds, Top Security OfficerNSO Seeks to Overturn Whatsapp Case, Saying It Is ‘Catastrophic’ for the Spyware MakerFired Techie Admits Sabotaging Ex-Employer, Causing $862K in DamageSamourai Crypto Mixer Founders Sent to Prison for Laundering Over $237 MillionTV Streaming Piracy Service Photocall With 26M Yearly Visits Shut DownSalesforce Investigates Customer Data Theft via Gainsight Breach…Salesforce-Linked Data Breach Claims 200+ Victims, Has ShinyHunters’ Fingerprints All Over ItHacker Claims to Steal 2.3TB Data From Italian Rail Group, AlmaviaGlobalProtect VPN Portals Probed with 2.3 Million Scan SessionsUNC2891 Money Mule Network Reveals Full Scope of ATM Fraud OperationTamperedChef Malware Spreads via Fake Software Installers in Ongoing Global CampaignNew Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks DevicesTsundere Botnet Expands Using Game Lures and Ethereum-Based C2 on WindowsNew SonicWall SonicOS Flaw Allows Hackers to Crash FirewallsD-Link Warns of New RCE Flaws in End-of-Life DIR-878 RoutersLawmakers Reintroduce Bill to Bolster Cybersecurity at Securities and Exchange CommissionPrivacy Oversight Board Finds FBI Does Not Buy Real-Time Location Data
11/19/2025 November 20, 2025November 20, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked Operation “WrtHug” Hijacks Thousands of ASUS RoutersCloudflare Shows Internet Outages Aren’t a Matter of If — but When…Krebs: The Cloudflare Outage May Be a Security RoadmapAirline Data Broker Airlines Reporting Corporation to Stop Selling Individuals’ Travel Records to Government AgenciesVaping Is ‘Everywhere’ in Schools—Sparking a Bathroom Surveillance BoomHalf of Ransomware Access Due to Hijacked VPN CredentialsRussian Bulletproof Hosting Provider Sanctioned Over Ransomware TiesCalifornia Man Admits to Laundering Crypto Stolen in $230M HeistCoordinated Europol Operation Disrupts $55m in Cryptocurrency For PiracyPalo Alto Tops Earnings Expectations, Announces Chronosphere AcquisitionWhat AI Bubble? Nvidia’s Strong Earnings Signal There’s More Room to GrowCanadian Privacy Regulators Say Schools Share Blame for PowerSchool HackMajor Russian Insurer VSK Facing Widespread Outages After CyberattackEmail Breach at St. Anthony Hospital (IL) May Have Exposed the Information of More Than 6,600 PeopleEternidade Stealer Trojan Fuels Aggressive Brazil CybercrimePlushDaemon Hackers Unleash New Malware in China-Aligned Spy CampaignsMeet ShinySp1d3r: New Ransomware-as-a-Service Created by ShinyHuntersEdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software UpdatesHackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)W3 Total Cache WordPress Plugin Vulnerable to PHP Command InjectionCISA Gives Gov’t Agencies 7 Days to Patch New Fortinet FlawGoogle Search Is Now Using AI to Create Interactive UI to Answer Your QuestionsThe AI Attack Surface: How Agents Raise the Cyber StakesLawmakers Reintroduce Bill to Bolster Cybersecurity at Securities and Exchange Commission
11/18/2025 November 18, 2025November 18, 2025 ~ The Cyber Beat ~ Leave a comment White House Goes on Cyber OffensiveCISA 2015 Receives Extension, Offering Brief Relief for Cyber Information SharingFCC Looks to Torch Biden-Era Cyber Rules Sparked by Salt Typhoon MessCBO Director Testifies That Hackers Have Been Expelled From Email SystemsMI5 Warns of Chinese Spies Using LinkedIn to Gain Intel on LawmakersIranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense AttacksA Simple WhatsApp Security Flaw Exposed 3.5 Billion Phone NumbersGenAI and Deepfakes Drive Digital Forgeries and Biometric FraudMicrosoft Teams to Let Users Report Messages Wrongly Flagged as ThreatsMicrosoft Is Turning Windows Into an ‘Agentic OS,’ Starting With the TaskbarMicrosoft to Integrate Sysmon Directly Into Windows 11, Server 2025Windows 11 Gets New Cloud Rebuild, Point-In-Time Restore ToolsMeta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This YearAmazon, Google Named by EU Among ‘Critical’ Tech Providers for Finance IndustryZoomers Are Officially Worse at Passwords Than 80-Year-OldsRussian Suspect Detained in Thailand Is Allegedly Tied to Void Blizzard GroupCloudflare Outage Disrupts X, ChatGPT and Other Parts of the Internet…Cloudflare Says Outage That Hit X, ChatGPT and Other Sites Is ResolvedPro-Russian Group Claims Hits on Danish Party Websites as Voters Head to PollsFrench Agency Pajemploi Reports Data Breach Affecting 1.2m PeopleLG Battery Subsidiary Says Ransomware Attack Targeted Overseas FacilityEverest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Major Under Armour BreachMicrosoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU BotnetSneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address BarNew ShadowRay Attacks Convert Ray Clusters Into Crypto MinersResearchers Detail Tuoni C2’s Role in an Attempted 2025 Real-Estate Cyber IntrusionNew npm Malware Campaign Redirects Victims to Crypto SitesRondoDox Botnet Malware Now Hacks Servers Using XWiki FlawFortinet Warns of New FortiWeb Zero-Day Exploited in AttacksGoogle Issues Security Fix for Actively Exploited Chrome V8 Zero-Day VulnerabilityMicrosoft: Windows 10 KB5072653 OOB Update Fixes ESU Install ErrorsBug Bounty Programs Rise as Key Strategic Security Solutions
11/17/2025 November 17, 2025November 17, 2025 ~ The Cyber Beat ~ Leave a comment Pentagon and Soldiers Let Too Many Secrets Slip on Social Networks, Watchdog SaysHackers Steal Maternity Ward CCTV Videos in India Cybercrime RacketGoogle Is Collecting Troves of Data From Downgraded Nest ThermostatsX Launches Chat, Its New Encrypted DMsUK Twitter Hacker Who Breached Obama’s Account Ordered to Repay $5.4 Million in BitcoinGovini Founder Eric Gillespie’s Lawyer Calls Child Sex Chat ‘Internet Fantasy,’ Not a CrimeDutch Police Seizes 250 Servers Used by “Bulletproof Hosting” ServiceKamel Ghali on What’s ‘Theoretically Possible’ in Car HackingKenyan Gov’t Websites Back Online After Hackers Deface Pages With White Supremacist MessagesPrinceton University Discloses Data Breach Affecting Donors, AlumniPennsylvania AG Confirms Data Breach After INC Ransom AttackEurofiber France Warns of Breach After Hacker Tries to Sell Customer DataDoorDash Email Spoofing Vulnerability Sparks Messy Disclosure Dispute‘Largest-Ever’ Cloud DDoS Attack Pummels Azure With 3.64b Packets per SecondNew EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RATDragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
11/14-16/2025 November 17, 2025November 17, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Announces New Strike Force Targeting Chinese Crypto ScammersIranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government TargetsNorth Korean Hackers Turn JSON Services into Covert Malware Delivery ChannelsAnthropic Claims of Claude AI-Automated Cyberattacks Met With DoubtRansomware’s Fragmentation Reaches a Breaking Point While LockBit ReturnsGoogle to Flag Android Apps With Excessive Battery Use on the Play StoreGoogle Backpedals on New Android Developer Registration RulesCivil Society Decries Digital Rights ‘Rollback’ as European Commission Pushes Data Protection ChangesDOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam CompoundSuspected Russian Hacker Reportedly Detained in Thailand, Faces Possible U.S. ExtraditionFive Plead Guilty to Helping North Koreans Infiltrate U.S. FirmsUncertain Economy Takes Toll on Cybersecurity Teams…CISO Pay Increases 7% As Budget Growth SlowsFBI Flags Scam Targeting Chinese Speakers With Bogus Surgery BillsCyberattack on Russian Port Operator Aimed to Disrupt Coal, Fertilizer ShipmentsDoorDash Hit by New Data Breach in October Exposing User InformationCheckout.com Snubs Hackers After Data Breach, to Donate Ransom InsteadLogitech Leaks Data After Zero-Day AttackDecades-Old ‘Finger’ Protocol Abused in ClickFix Malware AttacksKraken Ransomware Benchmarks Systems for Optimal Encryption ChoiceCISA Warns of Akira Ransomware Linux Encryptor Targeting Nutanix VMsNow-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin AccountsASUS Warns of Critical Auth Bypass Flaw in DSL Series RoutersResearchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference FrameworksKrebs: Microsoft Patch Tuesday, November 2025 EditionMicrosoft: Windows 10 KB5068781 ESU Update May Fail With 0x800f0922 Errors
11/13/2025 November 13, 2025November 13, 2025 ~ The Cyber Beat ~ Leave a comment Chinese Hackers Used Anthropic’s AI to Automate CyberattacksU.S. Dismisses Chinese Accusation of Extensive LuBian Mining Pool HackTwo Key Cyber Laws Are Back as President Trump Signs Bill to End ShutdownMicrosoft Rolls Out Screen Capture Prevention for Teams UsersGoogle Will Let ‘Experienced Users’ Keep Sideloading Android AppsKrebs: Google Sues to Disrupt Chinese SMS Phishing TriadOperation Endgame Dismantles Rhadamanthys, Venom RAT, and Elysium Botnet in Global CrackdownFBI: Akira Gang Has Received Nearly $250 Million in RansomsNHS Supplier Ends Probe Into Ransomware Attack That Contributed to Patient DeathKazakhstan Becomes Latest Country to Ban ‘LGBT Propaganda’ OnlineKenya Kicks Off ‘Code Nation’ With a Nod to CybersecurityOrgs Move to SSO, Passkeys to Solve Bad Password HabitsWashington Post Data Breach Impacts Nearly 10K Employees, ContractorsPopular Android-Based Photo Frames Download Malware on BootPhishing Campaign Targets Customers of Major Italian Web Hosting ProviderRussian Hackers Create 4,300 Fake Travel Sites to Steal Hotel Guests’ Payment DataFake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain“IndonesianFoods” npm Worm Publishes 44,000 Malicious PackagesOver 67,000 Fake npm Packages Flood Registry in Worm-Like Spam AttackRCE Flaw in ImunifyAV Puts Millions of Linux-Hosted Sites at RiskCISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login AttacksCISA Warns Feds to Fully Patch Actively Exploited Cisco FlawsUbuntu 25.10’s Rusty Sudo Holes Quickly Welded Shut
11/12/2025 November 13, 2025November 13, 2025 ~ The Cyber Beat ~ Leave a comment Australia at Risk of ‘High-Impact Sabotage’ From China, Says Spy ChiefUK Plans Tougher Laws to Protect Public Services From Cyberattacks…British Government Unveils Long-Awaited Landmark Cybersecurity BillArmy Officer With Indo-Pacific Experience Emerges as Potential Cyber Command, NSA PickU.S. Announces ‘Strike Force’ to Counter Southeast Asian Cyber Scams, Sanctions Myanmar Armed GroupLighthouse: This Is the Platform Google Claims Is Behind a ‘Staggering’ Scam Text OperationGerman Extremist Arrested Over Operating Alleged Darknet Assassination MarketplaceDHS Kept Chicago Police Records for Months in Violation of Domestic Espionage RulesSynnovis Notifies of Data Breach After 2024 Ransomware AttackDanaBot Malware Is Back to Infecting Windows After 6-Month BreakAmazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day FlawsWindows 11 Now Supports 3rd-Party Apps for Native Passkey ManagementCybersecurity Firm Deepwatch Lays off Dozens, Citing Move to ‘Accelerate’ AI InvestmentBridging the Skills Gap: How Military Veterans Are Strengthening CybersecurityRussia Imposes 24-Hour Mobile Internet Blackout for Travelers Returning HomeRhadamanthys Infostealer Disrupted as Cybercriminals Lose Server Access
11/10-11/2025 November 11, 2025November 13, 2025 ~ The Cyber Beat ~ Leave a comment China-Aligned UTA0388 Uses AI Tools in Global Phishing CampaignsAndroid Devices Targeted By KONNI APT in Find Hub ExploitationCISA Orders Feds to Patch Samsung Zero-Day Used in Spyware AttacksUK Asks Cyberspies to Probe Whether Chinese Buses Can Be Switched off RemotelyChina Accuses U.S. of Orchestrating $13 Billion Bitcoin HackAmerica’s Cybersecurity Defenses Are CrackingShutdown Deal Would Revive Cyber Intelligence-Sharing BillEU’s Reforms of GDPR, AI Slated by Privacy Activists for ‘Playing Into Big Tech’s Hands’Yanluowang Initial Access Broker Pleaded Guilty to Ransomware Attacks“Bitcoin Queen” Gets 11 Years in Prison for $7.3 Billion Bitcoin ScamMozilla Firefox Gets New Anti-Fingerprinting DefensesData Privacy Whistleblowers Would Get Expanded Protections Under California ProposalFormer Trump Official Named NSO Group Executive ChairmanMicrosoft Releases KB5068781 — The first Windows 10 Extended Security UpdateHitachi-Owned GlobalLogic Admits Data Stolen on 10K Current and Former StaffWakefield & Associates (TN) Announces Breach of Client DataQilin Ransomware Activity Surges as Attacks Target Small BusinessesQuantum Route Redirect PhaaS Targets Microsoft 365 Users WorldwideWhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Biggest BanksLarge-Scale ClickFix Phishing Attacks Target Hotel Systems with PureRAT MalwareAndroid Trojan ‘Fantasy Hub’ Malware Service Turns Telegram Into a Hub for HackersResearchers Detect Malicious npm Package Targeting GitHub-Owned RepositoriesHackers Exploit Critical Flaw in Gladinet’s Triofox File Sharing ProductPopular JavaScript Library Expr-Eval Vulnerable to RCE FlawSAP Fixes Hardcoded Credentials Flaw in SQL Anywhere MonitorSynology Fixes BeeStation Zero-Days Demoed at Pwn2Own IrelandMicrosoft November 2025 Patch Tuesday Fixes 1 Zero-Day, 63 Flaws
11/6-9/2025 November 10, 2025November 10, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Congressional Budget Office (CBO) Hit by Cybersecurity Incident…Congressional Budget Office Implementing New Security Controls Following CyberattackData Breach at Chinese Infosec Firm Reveals Cyber-Weapons and Target ListTrojanized ESET Installers Drop Kalambur Backdoor in Phishing Attacks on UkraineRussian Hacking Group Sandworm Deploys New Wiper Malware in UkrainePreviously Unknown Landfall Spyware Used in 0-Day Attacks on Samsung PhonesScam Ads Are Flooding Social Media. These Former Meta Staffers Have a PlanKrebs: Cloudflare Scrubs Aisuru Botnet from Top Domains ListKrebs: Drilling Down on Uncle Sam’s Proposed TP-Link BanThe Government Shutdown Is a Ticking Cybersecurity Time BombJapan Plans to Revise Foreign Investment Law to Sharpen Security ScreeningMexico City Is the Most Video-Surveilled Metropolis in the AmericasLost iPhone? Don’t Fall for Phishing Texts Saying It Was FoundItalian Communications Executive Reveals He Was Targeted With Paragon SpywareEdtech Company Fined $5.1 Million for Poor Data Security Practices Leading to HackGoogle Launches New Maps Feature to Help Businesses Report Review-Based Extortion Attempts“I Paid Twice” Phishing Campaign Targets Booking.comHow a Ransomware Gang Encrypted Nevada Government’s SystemsWashington Post Confirms Data Breach Linked to Oracle HacksLouvre’s Pathetic Passwords Belong in a Museum, Just Not That OneCybersecurity Investigation Closes Manassas City Public Schools (VA) MondayCybercrims Plant Destructive Time Bomb Malware in Industrial .Net ExtensionsCurly COMrades Hackers Weaponize Windows Hyper-V to Hide Linux VM and Evade EDR DetectionGlassWorm Malware Returns on OpenVSX with 3 New VSCode ExtensionsVibe-Coded Malicious VS Code Extension Found with Built-In Ransomware CapabilitiesClickFix Malware Attacks Evolve with Multi-OS Support, Video TutorialsMicrosoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted TrafficMulti-Turn Attacks Expose Weaknesses in Open-Weight LLM ModelsCritical Cisco UCCX Flaw Lets Attackers Run Commands as RootCisco Warns of New Firewall Attack Exploiting CVE-2025-20333 and CVE-2025-20362Dangerous runC Flaws Could Allow Hackers to Escape Docker ContainersQNAP Fixes Seven NAS Zero-Day Flaws Exploited at Pwn2Own
11/5/2025 November 5, 2025November 5, 2025 ~ The Cyber Beat ~ Leave a comment SonicWall Says State-Sponsored Hackers Behind September Security BreachRussia-Linked ‘Curly COMrades’ Turn to Malicious Virtual Machines for Digital Spy CampaignsZohran Mamdani Just Inherited the NYPD Surveillance StateChina Sentences 5 Myanmar Scam Kingpins to DeathOperation Chargeback Uncovers €300m Fraud Scheme in 193 CountriesUK Carriers to Block Spoofed Phone Numbers in Fraud CrackdownTelecoms Cyber Chiefs Adopt Financial Sector’s Model of Collective DefenseGoogle Gets the U.S. Government’s Green Light to Acquire Wiz for $32BArmis Raises $435 Million, Valuing Cybersecurity Startup at $6.1 BillionCyberattack Ate up Profits for First Half of Year, Retailer M&S SaysUNK_SmudgedSerpent Targets Academics With Political LuresHyundai AutoEver America Data Breach Exposes SSNs, Drivers LicensesCentral New Jersey Medical Center Suffers Ransomware AttackUniversity of Pennsylvania Confirms Hacker Stole Data During CyberattackGootloader Malware Is Back With a Bang With New Tricks After 7-Month BreakResearchers Find ChatGPT Vulnerabilities That Let Attackers Trick AI Into Leaking DataGoogle Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code HourlyAMD Red-Faced Over Random-Number Bug That Kills Cryptographic SecurityCISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence
11/4/2025 November 4, 2025November 4, 2025 ~ The Cyber Beat ~ Leave a comment Russian Spies Pack Custom Malware Into Hidden VMs on Windows MachinesOperation SkyCloak Deploys Tor-Enabled OpenSSH Backdoor Targeting Defense SectorsData Brokers Selling Location Info That Can Be Used to Track EU Officials, Report FindsEurope Sees Increase in Ransomware, Extortion AttacksA Cybercrime Merger Like No Other — Scattered Spider, LAPSUS$, and ShinyHunters Join ForcesDragonForce Cartel Emerges as Conti-Derived Ransomware ThreatLawmakers Say Stolen Police Logins Are Exposing Flock Surveillance Cameras to HackersFBI Warns of Criminals Posing as ICE, Urges Agents to ID ThemselvesTreasury Sanctions 8 for Laundering North Korea Earnings From Cybercrime, IT Worker SchemeEuropol and Eurojust Dismantle €600 Million Crypto Fraud Network in Global SweepFrench Police Seize €1.6m Amid Crypto Scam Network CrackdownHealth Privacy Bill Seeks Protections for Data Collected by Apps, SmartwatchesData Breach at Major Swedish Software Supplier Impacts 1.5 MillionMedia Giant Nikkei Reports Data Breach Impacting 17,000 PeoplePolish Loan Platform Hacked; Mobile Payment System and Other Businesses DisruptedHundreds of South Gloucestershire Residents’ Details Shared in Data BreachPenn Data Breach Involves Decades of Student and Alumni InformationApache OpenOffice Disputes Data Breach Claims by Akira Ransomware GangMalicious Android Apps on Google Play Downloaded 42 Million TimesMicrosoft Teams Bugs Let Attackers Impersonate Colleagues and Edit Messages UnnoticedHackers Exploit WordPress Plugin Post SMTP to Hijack Admin AccountsHackers Exploit Critical Auth Bypass Flaw in JobMonster WordPress ThemeGoogle’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKitMicrosoft Removing Defender Application Guard From Office
11/3/2025 November 4, 2025November 4, 2025 ~ The Cyber Beat ~ Leave a comment New HttpTroy Backdoor Poses as VPN Invoice in Targeted Cyberattack on South KoreaHomeland Security Biometric Policy for Foreign Travelers Poses Data-Theft RisksHack Exposes Kansas City’s Secret Police Misconduct ListCybercrooks Team Up With Organized Crime to Steal Pricey CargoRansomware Negotiator, Pay Thyself!…U.S. Cybersecurity Experts Indicted for BlackCat Ransomware AttacksMIT Sloan Quietly Shelves AI Ransomware Study After Researcher Calls BSAWS, Nvidia, CrowdStrike Seek Security Startups to Enter the ArenaData Breach Costs Lead to 90% Drop In Operating Profit at South Korean Telecom GiantHackers Are Attacking Britain’s Drinking Water SuppliersHacker Steals Over $120 Million From Balancer DeFi Crypto ProtocolJapanese Retailer Askul Confirms Data Leak After Cyberattack Claimed by Russia-Linked GroupMalicious VSX Extension “SleepyDuck” Uses Ethereum to Keep Its Command Server AliveResearchers Uncover BankBot-YNRK and DeliveryRAT Android Trojans Stealing Financial DataMicrosoft: SesameOp Malware Abuses OpenAI Assistants API in AttacksNew GDI Flaws Could Enable Remote Code Execution in WindowsMicrosoft: Patch for WSUS Flaw Disabled Windows Server HotpatchingCISA and NSA Outline Best Practices to Secure Exchange Servers
10/31-11/2/2025 November 2, 2025November 2, 2025 ~ The Cyber Beat ~ Leave a comment China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate SystemsNation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain AttackHow to Hack a Poker Game RevealedSecurity Concerns Persist Over System at Heart of Digital IDKrebs: Alleged Jabber Zeus Coder ‘MrICQ’ in U.S. CustodyAlleged Conti Ransomware Gang Affiliate Appears in Tennessee Court After Ireland ExtraditionRussia Finally Bites the Cybercrooks It Raised, Arresting Suspected Meduza Infostealer DevsFCC Plans Vote to Remove Cyber Regulations Installed After Theft of Trump Info From TelecomsSling TV Settles With California for Allegedly Violating State Consumer Privacy LawHackers Threaten to Leak ‘Woke’ University of Pennsylvania Student DataAttackers Dig Up $11M in Garden Finance Crypto ExploitEclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz DiscoveryRhysida Oysterloader Malvertising Campaign Leverages 40+ Code-Signing CertificatesASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE VulnerabilityCISA: High-Severity Linux Flaw Now Exploited by Ransomware GangsChinese Hackers Scanning, Exploiting Cisco ASA Firewalls Used by Governments WorldwideMicrosoft Edge Gets Scareware Sensor for Faster Scam DetectionCybersecurity Earnings Rise as AI Dominates Strategies