Today’s cybersecurity news highlights a diverse array of threats and challenges, from the rise of new botnet malware exploiting IoT devices to significant supply chain attacks crossing ecosystems, alongside the accelerating impact of generative AI on digital fraud. Organisations large and small, as well as public services, continue to face evolving risks that demand vigilance and adaptive security strategies.

New Botnet Malware Exploits IoT Vulnerabilities Amid AWS Outage

A newly identified Mirai-based botnet, dubbed ShadowV2, has been detected targeting IoT devices from vendors such as D-Link and TP-Link. Researchers observed the malware taking advantage of the recent AWS outage as a testing ground, exploiting known vulnerabilities to compromise devices.

This development is critical for security teams managing IoT deployments, as it underscores the persistent risk posed by unpatched or poorly secured devices. Businesses relying on these devices should prioritise vulnerability management and network segmentation to limit botnet propagation.

Supply Chain Attacks Escalate: Shai-Hulud Expands From npm to Maven

The second wave of the Shai-Hulud supply chain attack campaign has extended beyond the npm registry into the Maven ecosystem, affecting over 830 packages. The malicious payloads, including loaders and environment scripts, have been embedded in widely used open-source packages, posing a serious threat to software integrity.

This cross-ecosystem contamination highlights the growing sophistication of supply chain attacks and the importance for developers and organisations to implement rigorous dependency monitoring and verification processes. It also raises awareness of the need for enhanced security controls within package repositories.

Critical Vulnerability Fix in Popular JavaScript Cryptography Library

The ‘node-forge’ package, a widely-used JavaScript cryptography library, received a patch addressing a signature verification bypass vulnerability. This flaw could allow attackers to craft data that appears valid, potentially enabling forgery or other cryptographic abuses.

Security teams and developers utilising node-forge should promptly update to the latest version to mitigate this risk. The incident serves as a reminder of the critical need for auditing and promptly addressing vulnerabilities in cryptographic components.

Cyberattacks Disrupt London Councils’ IT Systems

Multiple London councils, including the Royal Borough of Kensington and Chelsea and Westminster City Council, have reported service disruptions due to cyberattacks. Details remain limited, but such incidents emphasize the ongoing threat to public sector IT infrastructure.

For government and municipal organisations, these attacks underline the importance of robust incident response plans, continuous monitoring, and investment in cybersecurity resilience to maintain public services.

Comcast Fined $1.5 Million Over Vendor Data Breach

Comcast agreed to pay a $1.5 million fine following an FCC investigation into a February 2024 vendor data breach that compromised the personal information of nearly 275,000 customers. The incident reflects the risks associated with third-party vendors in the supply chain.

Businesses must ensure comprehensive vendor risk management and enforce stringent security requirements for partners to prevent similar breaches and regulatory penalties.

AI’s Double-Edged Sword: Digital Fraud Surges While Dark LLMs Underperform

Advanced fraud attacks surged by 180% in 2025, fuelled by generative AI technologies producing flawless fake identities, deepfakes, and autonomous bots at unprecedented scale. However, the darker side of AI — so-called ‘dark LLMs’ utilised by petty criminals — has yet to meet expectations, aiding low-level cybercrime but falling short of more sophisticated capabilities.

Security leaders should recognise the transformative impact AI has on threat landscapes, investing in detection technologies and staff training to combat increasingly automated fraud schemes.

Prompt Injection Risks in AI-Enabled Browsers

The launch of AI-empowered browsers, such as ChatGPT’s Atlas browser, has introduced new security challenges. Prompt injection attacks, where malicious inputs manipulate AI behaviour, pose a significant risk, potentially leading to data leakage or compromised interactions.

Application security teams need to incorporate AI-specific threat modelling and adopt mitigation strategies to secure agentic AI systems against these emerging vulnerabilities.

Inside the Mind of a Hacker: Profile of ‘Rey’ from Scattered LAPSUS$ Hunters

An exclusive interview with ‘Rey,’ the technical lead of the Scattered LAPSUS$ Hunters cybercriminal group, reveals insights into the motivations and operations of one of the most prolific extortion groups this year. The group has targeted numerous major corporations with data theft and public extortion.

Understanding the human elements behind cybercrime can aid organisations in anticipating attacker tactics and improving threat intelligence.

VPN Deals Highlight Growing User Demand for Privacy

Amid rising cyber threats, NordVPN has launched a significant Black Friday discount offering 77% off VPN plans. This reflects increasing public and business interest in enhancing online security and privacy, particularly in response to growing digital risks.

While not a direct cybersecurity incident, this trend signals the importance of secure remote access and data privacy as fundamental components of modern security postures.

Key Takeaways

• The ShadowV2 botnet demonstrates ongoing risks from IoT vulnerabilities and the opportunistic nature of cyber threats during infrastructure outages.
• Supply chain attacks are increasingly cross-platform, requiring enhanced scrutiny of third-party software components.
• Critical cryptographic libraries like node-forge must be closely monitored and updated to prevent exploitation.
• Public sector organisations remain prime targets for disruptive cyberattacks, necessitating resilience investments.
• Vendor security lapses can result in significant regulatory fines and customer impact.
• Generative AI is both a tool for advanced fraud and a challenge for security teams, while dark LLMs have yet to fully realise their malicious potential.
• AI-enabled applications introduce new vulnerability classes such as prompt injections, demanding specialised defensive approaches.
• Insights into threat actor profiles can improve organisational threat understanding and response strategies.
• Increased consumer interest in VPNs highlights the growing emphasis on privacy and secure communications.

Staying informed and proactive is key as the cybersecurity landscape continues to evolve rapidly in 2025.

Today’s cybersecurity landscape reveals a complex interplay between geopolitical cyber operations, evolving fraud tactics, and advancements in defence mechanisms. From state-sponsored cyber-enabled kinetic attacks to the persistent challenge of phishing and the rise of AI security firms, organisations must stay vigilant and adaptive.

Geopolitical Cyber Operations and Targeted Attacks

Iran’s Cyber-Enabled Kinetic Strikes

Iran has been leveraging cyber capabilities to support real-world missile attacks on ships and land targets, a tactic termed “cyber-enabled kinetic targeting.” This approach integrates cyber operations with physical military actions, enhancing the impact and precision of kinetic strikes. Security teams should note the increasing convergence of cyber and physical domains, which complicates threat detection and response.

Russian Hackers Target US Engineering Firm

Russian threat actors recently attempted to infiltrate a US engineering company due to its work with a Ukrainian sister city. The attack was detected early by Arctic Wolf, preventing operational disruption. This incident highlights how geopolitical conflicts extend into cyberspace, where organisations linked indirectly to conflict zones can become targets. Business leaders must evaluate geopolitical risks as part of their cybersecurity strategy.

Persistent Fraud and Phishing Threats

FBI Reports $262M in Account Takeover (ATO) Fraud

The FBI has reported over $262 million in fraud tied to account takeover schemes, where criminals impersonate financial institutions to steal credentials and money. These scams affect individuals and businesses alike, especially during the holiday season, when phishing attacks and social engineering campaigns increase. Security teams should reinforce multi-factor authentication and user awareness programmes to counteract these threats.

Advanced Security Fails to Stop Ancient Phishing Tactics

Despite advances in security technology, traditional phishing attacks continue to bypass enterprise defences. Research reveals that attackers still exploit human vulnerabilities effectively, underlining the critical role of ongoing user education and layered security controls.

DPRK’s FlexibleFerret Targets macOS Users

North Korean cyber actors behind the “Contagious Interview” campaign are refining social engineering techniques to steal credentials specifically from macOS users. This trend emphasises that attackers are diversifying targets across platforms, urging security teams to extend protections beyond typical Windows environments.

Vulnerabilities and Disruptions in Critical Infrastructure

Cheap Hardware Module Bypasses Memory Encryption

Researchers have developed an inexpensive hardware device capable of bypassing memory encryption protections on AMD and Intel chips. This finding exposes weaknesses in confidential computing and scalable memory encryption, signalling a need for chipmakers and security architects to reassess hardware security assumptions.

OnSolve CodeRED Cyberattack Disrupts Emergency Alerts

A cyberattack on the OnSolve CodeRED platform disrupted emergency notification systems across the US, affecting state and local governments, police, and fire agencies. The incident underscores the risks posed by attacks on critical communication infrastructure and the importance of robust incident response capabilities.

CISA Warns of Spyware Targeting Messaging App Users

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about spyware targeting users of popular messaging apps, focusing on high-value individuals. This highlights ongoing surveillance threats and the necessity for secure communication practices.

Innovations and Industry Updates

AI Agent Security Firm Vijil Raises $17 Million

Vijil, a startup focused on enhancing the security and resilience of AI agents, has secured $17 million to accelerate its platform deployment. As AI adoption grows, protecting AI systems from manipulation and exploitation becomes crucial for organisations.

Black Friday 2025 Cybersecurity Deals

With Black Friday 2025 approaching, early deals on cybersecurity software, online courses, VPNs, and antivirus products are already available. Security professionals and consumers alike should take this opportunity to upgrade their tools and skills while ensuring timely action due to limited-time offers.

Conclusion

Today’s stories illustrate the multifaceted nature of cybersecurity threats—from nation-state cyber-enabled physical attacks and geopolitical targeting to persistent phishing and emerging hardware vulnerabilities. Meanwhile, defence innovation continues with investments in AI security and awareness of critical infrastructure risks.

Security teams and business leaders must maintain a comprehensive security posture that addresses evolving threats across technology stacks and geopolitical contexts while leveraging new defensive technologies and continuous user education.

Key Takeaways

• Nation-state actors are increasingly blending cyber operations with physical attacks, complicating defence strategies.
• Account takeover fraud remains a significant financial risk, especially during holiday seasons, requiring strong authentication and user vigilance.
• Traditional phishing attacks continue to evade advanced security measures, highlighting the importance of user training.
• Hardware-level vulnerabilities in memory encryption challenge current assumptions about chip security.
• Disruptions to critical emergency alert systems demonstrate the risks to public safety from cyberattacks.
• Spyware targeting messaging app users shows the ongoing threat to personal and organisational privacy.
• Investment in AI security reflects the growing need to protect emerging technologies from exploitation.
• Black Friday deals offer an opportunity to enhance security posture with the latest tools and training.

Staying informed and proactive remains essential in navigating today’s dynamic cybersecurity environment.

Today’s cybersecurity landscape reveals a convergence of sophisticated threats targeting both individual users and enterprise environments. From spyware campaigns on popular messaging apps to vulnerabilities in critical enterprise software, and novel botnets abusing AI infrastructure, security teams and business leaders face a complex array of risks requiring heightened vigilance and proactive defence strategies.

Spyware and Social Engineering Threats on Mobile Messaging Platforms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active spyware campaigns targeting high-value users of Signal and WhatsApp. These campaigns utilise commercial spyware and remote access trojans (RATs), delivered through sophisticated social engineering techniques to gain unauthorised access to victims’ messaging applications.

This development is significant because messaging apps like Signal and WhatsApp are widely trusted for secure communication. The ability of attackers to compromise these platforms threatens both personal privacy and organisational confidentiality. Security teams should prioritise user awareness, monitor for unusual app behaviours, and consider implementing multi-factor authentication and device integrity checks to mitigate these risks.

Exploiting AI Infrastructure and Emerging Botnets

A new variant of the ShadowRay botnet has been discovered exploiting a vulnerability in the Ray AI framework. This botnet hijacks AI clusters worldwide to mine cryptocurrency and steal data in a self-propagating manner. The attack highlights how AI infrastructure, often resource-rich and interconnected, is becoming an attractive target for cybercriminals.

In a related case of creative malware delivery, a Russian-linked campaign has been observed distributing the StealC V2 information-stealing malware through malicious Blender 3D model files uploaded to marketplaces like CGTrader. This illustrates how attackers are leveraging niche platforms and file types to evade detection and maximise infection rates.

Critical Enterprise Software Vulnerabilities Under Active Exploitation

Oracle Identity Manager has been hit by exploitation of a critical flaw tracked as CVE-2025-61757. This vulnerability is part of a broader pattern of attacks on Oracle Cloud and Oracle E-Business Suite customers, including recent extortion campaigns. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog, underscoring the urgency for organisations to patch promptly.

The implications for security teams and business leaders are clear: critical enterprise software must be continuously monitored and updated to prevent breaches that could expose sensitive business data or disrupt operations.

Resurgence of Notorious Malware and Deceptive Attack Techniques

The infamous Shai-hulud worm has resurfaced with a variant capable of executing malicious code during preinstall phases, increasing exposure risks across build and runtime environments. This resurgence reminds organisations of the persistence of legacy threats evolving with new capabilities.

Additionally, the ClickFix attack employs a novel social engineering technique by mimicking a Windows Update screen within a browser to trick users into executing malware hidden inside images. This tactic highlights the importance of user education to recognise genuine system prompts and avoid falling victim to such deception.

IoT Devices and Network Abuse Concerns

Security experts have raised alarms over popular Android TV streaming boxes like Superbox, sold through major retailers. These devices require intrusive software that turns users’ networks into relays for internet traffic associated with cybercrime activities such as advertising fraud and account takeovers.

This underscores the growing risk posed by IoT and consumer devices, which can serve as unwitting participants in botnets or other malicious infrastructures. Businesses and consumers alike should carefully vet connected devices and monitor network traffic for unusual activity.

Data Breach in Real-Estate Finance Sector

SitusAMC, a major provider of backend services to banks and lenders, disclosed a data breach impacting customer information. This incident highlights the ongoing risks that service providers to the financial sector face, with potential knock-on effects for business partners and customers. It reinforces the need for stringent data protection practices and rapid incident response capabilities.

Advances in AI for Physical Security Monitoring

On a more positive note, advancements in vision language models are now being applied to physical security, enhancing capabilities to monitor and protect employee safety. These AI-driven tools offer promising avenues for integrating cybersecurity with physical security measures in corporate environments.

Key Takeaways

• Spyware campaigns targeting Signal and WhatsApp users exploit social engineering, threatening secure communications.
• AI infrastructure is increasingly targeted by botnets like ShadowRay 2.0 for cryptomining and data theft.
• Critical Oracle Identity Manager vulnerabilities are actively exploited, mandating urgent patching.
• Legacy malware like Shai-hulud evolves with new deployment methods, increasing risk.
• Deceptive attacks such as ClickFix use fake system prompts to deliver malware, highlighting user training importance.
• Consumer IoT devices, including Android TV boxes, can be co-opted into botnets facilitating cybercrime.
• Data breaches in finance service providers continue to pose significant risks to client data.
• Emerging AI tools enhance physical security monitoring, representing a positive cybersecurity development.

Security teams and business leaders must adopt a holistic approach that addresses both emerging sophisticated threats and legacy vulnerabilities to protect their organisations and users effectively.

Introduction

Today’s cybersecurity landscape is marked by ongoing exploitation of newly discovered vulnerabilities and significant data breaches affecting major organisations. From sophisticated malware targeting enterprise server infrastructure to customer data leaks due to vendor compromises, these incidents underscore the critical need for vigilant security practices and robust management of credentials and access.

Exploitation of WSUS Vulnerability by ShadowPad Malware

A recently patched vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, has been actively exploited by threat actors to deploy ShadowPad malware. As reported by TheHackerNews, attackers have targeted Windows servers with WSUS enabled to gain initial access. Following this, they utilised PowerCat, an open-source tool, to escalate privileges and achieve full system control.

This attack vector is particularly concerning for organisations relying on WSUS for patch management, as it allows adversaries to infiltrate critical infrastructure silently. Security teams must prioritise patching this vulnerability and monitor for unusual activity involving WSUS components to prevent such intrusions.

Data Breach at Iberia Following Vendor Compromise

Spanish airline Iberia has disclosed a customer data breach resulting from a compromise at one of its third-party vendors. According to BleepingComputer, the incident was revealed after threat actors claimed possession of 77 GB of stolen data on hacker forums.

This breach highlights the persistent risk posed by supply chain vulnerabilities. Business leaders should reassess vendor security postures and implement stricter controls to safeguard customer information. Transparency with affected customers and swift incident response remain crucial to mitigate reputational damage.

Enhancements and Tools for Enterprise Security

Passwork 7 for Password and Secrets Management

In response to evolving security challenges, Passwork 7 offers a unified, self-hosted platform for enterprise password and secrets management. The solution supports automated credential workflows, improving operational efficiency while reducing risks associated with credential misuse. With a free trial and promotional discounts available, organisations have an opportunity to strengthen their internal security posture affordably.

Cross-Platform File Sharing Between Pixel and iPhone

Google has introduced interoperability between Android’s Quick Share and Apple’s AirDrop, enabling seamless file transfers between Pixel devices and iPhones. While primarily a convenience feature, this interoperability raises security considerations around data sharing and device authentication protocols. Security teams should evaluate potential risks and educate users on safe sharing practices.

Why These Stories Matter

The exploitation of WSUS and the Iberia data breach both demonstrate how attackers increasingly target trusted systems and supply chains to bypass traditional defences. Meanwhile, advancements in enterprise security tools and cross-platform features reflect the ongoing need to balance usability with robust protection.

Security teams and business leaders must stay informed about emerging threats and adopt comprehensive strategies that include timely patching, vigilant vendor management, and secure credential handling.

Key Takeaways

• The WSUS vulnerability (CVE-2025-59287) is actively exploited by ShadowPad malware, risking full system compromise.
• Supply chain breaches, like the Iberia incident, remain a significant threat vector impacting customer data privacy.
• Investing in advanced password and secrets management solutions, such as Passwork 7, can enhance organisational security.
• New cross-platform sharing features require careful security evaluation to prevent inadvertent data exposure.
• Timely patching, vendor risk assessments, and user education are essential components of a resilient cybersecurity strategy.

Today’s cybersecurity news highlights advancements in device interoperability, enterprise password management innovations, and ongoing challenges from data breaches affecting major organisations.

Device Interoperability: Google Bridges Pixel and iPhone Sharing Gap

Google has introduced interoperability between its Android Quick Share feature and Apple’s AirDrop, enabling seamless file sharing between Pixel devices and iPhones. This development addresses a longstanding user pain point where cross-platform file sharing was cumbersome.

Who is affected: Mobile users who operate across Android and iOS ecosystems, particularly business professionals and everyday consumers needing to transfer files quickly and securely.

Why it matters: From a security perspective, ensuring that file sharing mechanisms between platforms maintain robust encryption and authentication is critical to prevent interception or unauthorised access. Security teams should review the implementation of this interoperability to assess any new risks introduced by the expanded sharing capabilities.

Enterprise Security: Passwork 7 Enhances Password and Secrets Management

Passwork 7 has launched as a unified, self-hosted password and secrets management platform designed for enterprise use. It offers automated credential workflows and comprehensive system testing, with promotional offers including a free trial and Black Friday discounts.

Who is affected: Organisations looking to strengthen their credential management practices, especially those seeking to reduce risks of password-related breaches and streamline secrets handling.

Why it matters: Credential compromise remains a leading cause of security incidents. Tools like Passwork 7 that enable automated management and secure storage of passwords and secrets can significantly reduce attack surfaces. Security teams should evaluate such platforms for integration into their security infrastructure to improve operational resilience.

Data Breach Alert: Iberia Customer Data Exposed Through Vendor Compromise

Spanish airline Iberia has disclosed a customer data leak resulting from a security breach at one of its suppliers. Threat actors have claimed possession of 77 GB of data stolen from the airline, prompting Iberia to notify affected customers.

Who is affected: Iberia customers whose personal data may have been exposed, as well as businesses relying on third-party vendors for critical services.

Why it matters: This incident underscores the persistent risks associated with supply chain security. Businesses must prioritise vendor risk assessments and enforce strict security standards throughout their supply chains to mitigate potential breaches. Security teams should ensure continuous monitoring and incident response plans include vendor-related threats.

Holiday Shopping Security: Watch for Offers but Stay Vigilant

As holiday promotions ramp up, offers like Costco’s $40 Digital Shop Card for new Gold Star members highlight the convenience of bundled deals. While this particular story is more retail-focused, it serves as a reminder for consumers and organisations to remain cautious about potential scams or phishing attempts disguised as attractive deals.

Who is affected: Consumers and employees making holiday purchases and using digital membership services.

Why it matters: Cybersecurity awareness during peak shopping seasons is crucial. Security teams should educate users about recognising phishing emails and fraudulent offers to prevent credential theft and financial fraud.

Connecting the Dots

Today’s stories reveal a cybersecurity landscape balancing innovation with evolving threats. The improved interoperability between mobile platforms enhances user convenience but requires vigilance to maintain security integrity. Enterprise tools like Passwork 7 demonstrate a proactive approach to credential management amid persistent cyber risks. Meanwhile, the Iberia breach highlights the ongoing challenges posed by supply chain vulnerabilities, a concern that remains top of mind for security professionals.

As holiday shopping intensifies, organisations and individuals alike must stay alert to social engineering risks exploiting seasonal promotions.

Key Takeaways

• Cross-platform file sharing improvements must be evaluated for potential security implications.
• Automated and unified password management solutions can reduce credential-related security incidents.
• Supply chain security remains a critical area to prevent large-scale data breaches.
• Holiday season increases cyber risk exposure; ongoing user education is essential.
• Organisations should maintain comprehensive vendor risk assessments and incident response strategies.

Staying informed and proactive is key to navigating today’s complex cybersecurity environment.