Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [06 Nov 2025]

admin
Cybersecurity News | Daily Recap [06 Nov 2025]

Daily Recap, Google releases an emergency Chrome 142 update to fix high-risk vulnerabilities including RCE flaws, while Cisco patches critical firewall and UCCX vulnerabilities under active attack. Sandworm deploys data wipers targeting Ukraine’s grain sector, and various APTs use RMM, VM techniques, and covert Hyper-V VMs to evade EDR; notable incidents include SonicWall cloud backup theft, Nikkei breach, Hyundai AutoEver data exposure, and Penn/Israeli contractor compromises. #Chrome142 #CVE-2025-20333 #CVE-2025-20362 #Sandworm #UNK_SmudgedSerpent #APT-C-60 #SpyGlace #CovertHyper-V #SonicWallTheft #Nikkei #HyundaiAutoEver #UPenn

Browser & Patch

  • Google releases an emergency update for Chrome 142 to fix multiple high‑risk vulnerabilities including remote code execution flaws – Chrome 142

Cisco Vulnerabilities

  • Cisco products are under active attack and patch cycles after a new firewall exploit abusing CVE-2025-20333 and CVE-2025-20362, a critical UCCX flaw allows attackers to run commands as root, and contact‑center appliances received urgent patches – Cisco Firewall, Cisco UCCX, Cisco Patches

APT & Destructive Ops

  • Sandworm operators are deploying data wipers to disrupt Ukraine’s grain sector, causing destructive outages to agricultural systems – Sandworm Report, Sandworm Coverage
  • Multiple APTs are escalating espionage using remote management and covert VM techniques—an Iranian‑linked group (UNK_SmudgedSerpent) uses RMM and M365 spoofing, APT‑C‑60 deploys SpyGlace via VHDX/LNK and GitHub tasking, and others hide Linux backdoors inside covert Hyper‑V VMs to bypass EDR – UNK_SmudgedSerpent, APT-C-60 SpyGlace, Covert Hyper‑V

Breaches & Exfiltration

  • Vendor cloud backups were stolen in a confirmed state‑sponsored intrusion against SonicWall, impacting September cloud backups and prompting investigation and advisories – SonicWall Theft, SonicWall Confirmed, SonicWall Coverage
  • A successful infostealer infection at Japanese media giant Nikkei exposed over 17K+ employee Slack chat histories and credentials, highlighting risks from stealers like RedLine and Vidar – Nikkei Breach, Nikkei Coverage
  • Automotive IT firm Hyundai AutoEver disclosed a breach exposing sensitive PII including SSNs and driver’s licenses in its U.S. outage report – Hyundai AutoEver, Hyundai US Impact
  • Academic and contractor breaches continue: the University of Pennsylvania confirmed stolen data, and an Iran‑linked group claims compromise of an Israeli defense contractor’s security cameras – UPenn, Israeli Contractor

Business Impact

  • Retailer Marks & Spencer reports a steep profit drop after a cyberattack that eroded first‑half gains despite strong sales growth, underscoring economic fallout from incidents – M&S Impact, M&S Coverage

Malware & AI Evolution

  • Researchers and Google warn malware is increasingly using AI at runtime to mutate and exfiltrate data, with a new sample named PROMPTFLUX leveraging Gemini to rewrite its code hourly and other reports show malware adapting during execution – AI‑Powered Malware, PROMPTFLUX, AI Malware Report
  • After a seven‑month lull, Gootloader has reemerged with new delivery tricks, continuing the loader’s long‑running campaign to distribute malware and steal credentials – Gootloader Return

LLM & ChatGPT Risks

  • Researchers disclosed techniques to exploit ChatGPT features (Memories and Web Search) and other LLM flaws that can trick models into leaking sensitive data, raising model‑integrity concerns – ChatGPT Memories, ChatGPT Flaws

Funding, Tools & Research

  • Startups continue to attract capital for security: Truffle Security raised $25M for secret‑scanning and Flare raised $30M for threat exposure management platforms – Truffle Security, Flare Raise
  • Industry events and guidance focus on threat groups and governance, including a webinar on Scattered Spider and calls for pragmatic interventions to keep agentic AI in check – Scattered Spider Webinar, Agentic AI

Vulnerabilities & Advisories

  • CISA warns of a critical CentOS Web Panel bug actively exploited in the wild and published ICS advisories for Radiometrics VizAir and Survision license‑plate cameras—administrators should patch and review controls – CentOS Web Panel, Radiometrics VizAir, Survision LPR
  • Researchers disclosed message‑manipulation flaws in Microsoft Teams and Talos published findings on issues in TruffleHog, Fade In and BSAFE Crypto‑C—enterprises should review patches and detection coverage – Teams Flaws, TruffleHog & Crypto‑C
  • Samsung outlined approaches to secure the open Android ecosystem via Knox, while Microsoft rolled out a Ninite‑style multi‑app installer for the Windows 11 Store—notable platform updates for admins and users – Samsung Knox, Windows 11 Store

Crypto Crime & DeFi

  • A smart‑contract flaw exposed $116 Million in the Balancer protocol, and European law enforcement dismantled schemes tied to crypto laundering leading to arrests in a broader €600M laundering probe—DeFi and crypto firms face renewed scrutiny – Balancer Hack, €600M Bust

Fraud & Law Enforcement

  • European police busted a global fraud ring that laundered millions via German payment firms, the UK plans to block spoofed phone numbers to curb fraud, and China sentenced five Myanmar scam kingpins to death in a crackdown on transnational scams – Fraud Ring, UK Spoofing Block, China Sentences

Cybersecurity News | Daily Recap – hendryadrian.com