Cybersecurity News | Daily Recap [20 Nov 2025]

hendryadrian.com

hendryadrian.com

Malware & Mobile

• The new Android banking trojan Sturnus can intercept encrypted chats, steal credentials and fully hijack devices across Europe – Sturnus Trojan, Sturnus Trojan
• Ongoing global campaigns deploy fake installers and stealthy loaders including TamperedChef and advancing PhaaS kits like Sneaky2FA using Browser‑in‑the‑Browser tricks – TamperedChef, Sneaky2FA Kit
• WhatsApp-targeting campaigns including the social‑engineering HijackOnChat wave and a Python worm spreading the Eternidade stealer are rapidly infecting devices and distributing info‑stealers – HackOnChat, Eternidade Worm

Vulnerabilities & Exploits

• Attackers are actively exploiting the CVE-2025-11001 7‑Zip symbolic‑link RCE flaw, prompting NHS and other alerts — patch or mitigate now – 7-Zip RCE, 7-Zip RCE
• Recent disclosures and patches cover critical enterprise and web components, from SolarWinds Serv‑U fixes to a PHP command injection in W3 Total Cache and an exploited two‑year‑old Ray AI framework flaw – SolarWinds Fixes, W3TC Flaw, Ray Flaw

Routers & IoT

• The WrtHug campaign exploited six ASUS WRT flaws to hijack over 50,000 end‑of‑life routers worldwide, enabling persistent access and network abuse – ASUS WrtHug, ASUS WrtHug

Sanctions & Takedowns

• The US, UK, Australia and allies sanctioned multiple Russian bulletproof hosting providers tied to ransomware and illicit services, and operators’ domains have been disrupted – Hosting Sanctions, Hosting Sanctions, Hosting Sanctions, Hosting Sanctions

Piracy & Crypto Enforcement

• Law enforcement and industry operations disrupted major piracy networks, seized domains like Photocall (≈26M yearly visits) and traced roughly $55 million in crypto to fund takedowns – Photocall Shutdown, Crypto Trace, Crypto Trace
• Separately, founders of a prominent crypto mixer were sentenced for laundering over $237 million, underscoring intensified anti‑money‑laundering enforcement – Crypto Mixer

Threat Intelligence

• Weekly bulletins highlight active 0‑days, new malware waves, crypto crime trends and IoT flaws that defenders should prioritize — read the roundup for indicators and mitigations – ThreatsDay

Policy & Governance

• The EU is centralizing CVE governance as ENISA becomes a CVE root, while national and industry agreements like the Cyble–Botswana BOCRA MoU aim to shore up regional cyber frameworks – ENISA CVE Root, Botswana MoU
• Regulatory and legislative moves include a reintroduced bill to beef up SEC cybersecurity oversight, Canadian privacy regulators blaming schools after the PowerSchool breach, and an EU proposal that critics say could weaken GDPR/AI safeguards – SEC Bill, PowerSchool Ruling, GDPR Proposal
• An ARC data‑sale scandal revealed airlines’ travel records used for warrantless surveillance, raising fresh privacy and data‑sharing concerns – ARC Data Sale

Corporate Deals & Funding

• Cyber startups and vendors raised and closed major deals this week, including $70M for Doppel, a $3.35B Palo Alto acquisition of Chronosphere, and seed rounds for Secure.com ($4.5M) and Mate ($15.5M) – Doppel Funding, Palo Alto Deal, Secure.com Funding, Mate Funding

Cyber‑Physical Incidents

• Investigations link Iranian‑linked hackers to AIS mapping of ships days before a missile strike attempt and vendors like Amazon documented cyber‑enabled kinetic attacks tying espionage to physical strikes – AIS Mapping, Amazon Report
• A major Russian insurer experienced widespread outages after a cyberattack, impacting services and claims processing amid ongoing investigation – Insurer Outage

Consumer Fraud & Scams

• Seasonal shopping scams hit record levels with fake deals and storefronts driving increased consumer losses during Black Friday promotions — prioritise phishing and fraud controls – Black Friday Scams

Events & Research

• Webinar: practical guidance on protecting what WAFs and gateways can’t see — register for defensive strategies and demo material – WAF Webinar

Cybersecurity News | Daily Recap – hendryadrian.com