![Cybersecurity News | Daily Recap [10 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [10 Nov 2025]")
Daily Recap, Widespread ClickFix phishing targets hotel systems alongside the reappearance of GlassWorm on Open VSX and GitHub, with LANDFALL Android malware exploiting a Samsung 0-day in WhatsApp images. The report also covers runc container flaws, OWASP Top 10 updates, and rising enterprise risks across IoT and mobile devices.
#ClickFix #GlassWorm #LANDFALL #Samsung0day #OWASPTop10 #IoT #IlluminateFine #TISZABreach
#ClickFix #GlassWorm #LANDFALL #Samsung0day #OWASPTop10 #IoT #IlluminateFine #TISZABreach
Malware & Campaigns
- Widespread campaigns deliver PureRAT via ClickFix phishing against hotel systems, the GlassWorm malware resurfaces in Open VSX and GitHub, and new LANDFALL Android malware exploits a Samsung 0βday hidden in WhatsApp images. β ClickFix Phish, GlassWorm Return, LANDFALL Android
Vulnerabilities & Patches
- Critical runc vulnerabilities can enable container escape to host root, QNAP issues patches for 20+ flaws disclosed at Pwn2Own Ireland, and an Amazon WorkSpaces Linux bug can expose user tokens. β Runc Escape, QNAP Patches, WorkSpaces Flaw
Standards & Policy
- The OWASP Top 10 for 2025 adds two new web-app risk categories with Broken Access Control still leading and supply-chain issues rising. β OWASP Top10
- A proposed short-term renewal of the CISA 2015 cyber information-sharing law appears in a bill to end the government shutdown. β Info Sharing Bill
- OWASP announces a new AI Vulnerability Scoring System to address gaps in CVSS for AI-specific flaws. β AI Scoring
Emerging Threats & Enterprise Risk
- A new browser security report outlines emerging risks for enterprises, highlighting web-based attack vectors and enterprise exposure. β Browser Report
- A new Microsoft Teams feature raises concerns that it could increase exposure to phishing and malware for users and organizations. β Teams Risk
- Security firms warn of a surge in attacks targeting IoT and mobile devices within critical infrastructure environments. β IoT Surge
Incidents & Enforcement
- A Nevada ransomware incident was traced to an employee downloading malware, underscoring insider-driven compromise vectors. β Ransomware Trace
- The TISZA data breach appears in Have I Been Pwnedβs registry, exposing affected users. β TISZA Breach
- Illuminate Education was fined $5.1M for failing to protect student data following a breach. β Illuminate Fine
- A China APT used DLL sideloading in a months-long espionage campaign against a US policy nonprofit, and Australia sanctioned hackers supporting North Koreaβs weapons program. β China APT, Australia Sanctions
- A Russian missile barrage disrupted internet connectivity and customs databases in Ukraine, impacting communications infrastructure. β Ukraine Outage
Events, Resources & Guides
- Europe hosted the first in-orbit satellite cybersecurity competition, a milestone for space-focused security research and training. β Satellite CTF
- Weekly threat research and recaps summarizing current activity are available for further situational awareness. β Weekly Recap
- India rolled out Digital Life Certificate 4.0 and urged pensioners to follow cybersecurity best practices for online services. β Digital Certificate
- A practical guide explains how to use the new Windows 11 Start menu as it rolls out to users. β Windows 11 Start