![Cybersecurity News | Daily Recap [26 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [26 Nov 2025]")
Daily Recap, London councils experienced a cyber incident that temporarily disrupted services across local authorities, while a widespread US emergency alert outage affected OnSolve’s CodeRED service and related Georgia Clerks Authority court-filing systems. The evolution of threats—from mass account-takeover fraud to Crypto Copilot-driven DeFi siphoning and state-sponsored web implants—highlights ongoing risk across public-sector, financial, and infrastructure targets and the imperative for effective risk management. #GeorgiaClerks #CryptoCopilot
News:
Public Sector Attacks
- London councils suffered a cyber incident that temporarily disrupted services across local authorities – London Councils
- A widespread incident and related claims disrupted US emergency alert systems and impacted OnSolve’s CodeRED service, causing nationwide alert outages – Emergency Alerts, OnSolve CodeRED
- Ransomware operators claim to have hit the Georgia Clerks Authority and related court-filing systems, prompting outage warnings and investigations – Georgia Clerks, Court Filing Org
Account Takeover & Fraud
- FBI warns cybercriminals stole over $262M this year via account-takeover schemes that impersonate bank support and leverage AI phishing ahead of the holidays – ATO Losses, FBI Report, ATO Coverage
Malware & DeFi Threats
- A malicious Chrome extension named Crypto Copilot was found injecting hidden Solana transfer fees into Raydium swaps to siphon funds from DeFi users – Crypto Copilot
- Malvertising and fake Windows-update pop-ups on adult sites are delivering the JackFix loader and multiple info-stealers to victims, increasing credential and fund theft risk – JackFix Stealers
Nation-State Activity
- Russian-linked actors targeted a US engineering firm over work for a Ukrainian sister city, illustrating persistent geopolitical targeting of third-party contractors – Russian Targeting
- A GRU unit (29155) deployed SocGholish lures to compromise a US organization, signaling continued use of sophisticated web-based implants by state actors – GRU / SocGholish
- Russian authorities arrested a young cybersecurity entrepreneur on treason charges amid a fraught domestic security climate for researchers and industry figures – Russia Arrest
Vulnerabilities & Privacy
- ASUS released updates for nine flaws including a critical authentication bypass in AiCloud-enabled routers (CVE-2025-59366), urging users to update and disable remote services – ASUS AiCloud
- A critical bug in Firefox was reported to expose roughly 180M users, underscoring urgent patching needs for browser security – Firefox Bug
- Tor migrated to the Counter Galois Onion (CGO) relay encryption algorithm to strengthen anonymity and mitigate relay-level weaknesses like key reuse and traffic modification – Tor CGO
Developer Tools & Data Leaks
- Researchers found years of leaks from formatter and beautifier tools (e.g., JSONFormatter, CodeBeautify) exposed thousands of passwords and API keys embedded in user-submitted code – Formatter Leaks, Code Formatting Tools
Messaging & Spyware Threats
- CISA warns that commercial spyware is being used to target messaging-app users via phishing, QR codes, zero-click exploits and impersonation, focusing on high-value individuals and orgs – CISA Spyware
- A Sharjah Police experiment showed how easily people fall for fake QR codes offering free Wi‑Fi, highlighting QR-based social engineering risks used by attackers – QR Experiment
Identity & Funding
- Identity security startup Opti raised $20M for its identity platform as investor interest in identity-first security grows – Opti Funding
- AI agent security firm Vijil secured $17M to protect autonomous agents and automated workflows from misuse and attacks – Vijil Funding
Microsoft Services & Outages
- An Exchange Online outage disrupted mailbox access for users in Asia Pacific and North America, with Microsoft advising Outlook on the Web as a workaround while they investigate – Exchange Outage
- Microsoft will introduce a new call-handler process in Windows Teams to speed performance and calls in Jan 2026; admins must allowlist the ms-teams_modulehost.exe process for security and troubleshooting – Teams Update
Security Ops & Strategy
- Experts argue that cybersecurity is now a core business discipline, advising measurable programs and executive accountability for risk reduction – Core Discipline
- An analysis asks if expensive detections still fail operations, exploring whether SOCs can salvage protection after a $2M detection investment falls short – SOC Failures
- A free webinar will cover safe use of community package tools like Chocolatey and Winget, teaching risk spotting, patch prioritization, and mitigation best practices – Patch Webinar
- Guidance on year‑end cyber spend urges prioritizing measurable risk reduction, identity controls, and tool consolidation to maximize limited budgets – Year-End Spend
Data Breaches & Vishing
- Harvard disclosed that alumni, student and staff contact information was stolen in a vishing-style breach, exposing donor and alumni data to fraud risks – Harvard Breach, Harvard Vishing
Deals
- Roundup of Black Friday 2025 deals for cybersecurity, IT, VPNs and antivirus products highlights seasonal discounts for security tools and subscriptions – Black Friday Deals
Public Sector Attacks
- London councils suffered a cyber incident that temporarily disrupted services across local authorities – London Councils
- A widespread incident and related claims disrupted US emergency alert systems and impacted OnSolve’s CodeRED service, causing nationwide alert outages – Emergency Alerts, OnSolve CodeRED
- Ransomware operators claim to have hit the Georgia Clerks Authority and related court-filing systems, prompting outage warnings and investigations – Georgia Clerks, Court Filing Org
Account Takeover & Fraud
- FBI warns cybercriminals stole over $262M this year via account-takeover schemes that impersonate bank support and leverage AI phishing ahead of the holidays – ATO Losses, FBI Report, ATO Coverage
Malware & DeFi Threats
- A malicious Chrome extension named Crypto Copilot was found injecting hidden Solana transfer fees into Raydium swaps to siphon funds from DeFi users – Crypto Copilot
- Malvertising and fake Windows-update pop-ups on adult sites are delivering the JackFix loader and multiple info-stealers to victims, increasing credential and fund theft risk – JackFix Stealers
Nation-State Activity
- Russian-linked actors targeted a US engineering firm over work for a Ukrainian sister city, illustrating persistent geopolitical targeting of third-party contractors – Russian Targeting
- A GRU unit (29155) deployed SocGholish lures to compromise a US organization, signaling continued use of sophisticated web-based implants by state actors – GRU / SocGholish
- Russian authorities arrested a young cybersecurity entrepreneur on treason charges amid a fraught domestic security climate for researchers and industry figures – Russia Arrest
Vulnerabilities & Privacy
- ASUS released updates for nine flaws including a critical authentication bypass in AiCloud-enabled routers (CVE-2025-59366), urging users to update and disable remote services – ASUS AiCloud
- A critical bug in Firefox was reported to expose roughly 180M users, underscoring urgent patching needs for browser security – Firefox Bug
- Tor migrated to the Counter Galois Onion (CGO) relay encryption algorithm to strengthen anonymity and mitigate relay-level weaknesses like key reuse and traffic modification – Tor CGO
Developer Tools & Data Leaks
- Researchers found years of leaks from formatter and beautifier tools (e.g., JSONFormatter, CodeBeautify) exposed thousands of passwords and API keys embedded in user-submitted code – Formatter Leaks, Code Formatting Tools
Messaging & Spyware Threats
- CISA warns that commercial spyware is being used to target messaging-app users via phishing, QR codes, zero-click exploits and impersonation, focusing on high-value individuals and orgs – CISA Spyware
- A Sharjah Police experiment showed how easily people fall for fake QR codes offering free Wi‑Fi, highlighting QR-based social engineering risks used by attackers – QR Experiment
Identity & Funding
- Identity security startup Opti raised $20M for its identity platform as investor interest in identity-first security grows – Opti Funding
- AI agent security firm Vijil secured $17M to protect autonomous agents and automated workflows from misuse and attacks – Vijil Funding
Microsoft Services & Outages
- An Exchange Online outage disrupted mailbox access for users in Asia Pacific and North America, with Microsoft advising Outlook on the Web as a workaround while they investigate – Exchange Outage
- Microsoft will introduce a new call-handler process in Windows Teams to speed performance and calls in Jan 2026; admins must allowlist the ms-teams_modulehost.exe process for security and troubleshooting – Teams Update
Security Ops & Strategy
- Experts argue that cybersecurity is now a core business discipline, advising measurable programs and executive accountability for risk reduction – Core Discipline
- An analysis asks if expensive detections still fail operations, exploring whether SOCs can salvage protection after a $2M detection investment falls short – SOC Failures
- A free webinar will cover safe use of community package tools like Chocolatey and Winget, teaching risk spotting, patch prioritization, and mitigation best practices – Patch Webinar
- Guidance on year‑end cyber spend urges prioritizing measurable risk reduction, identity controls, and tool consolidation to maximize limited budgets – Year-End Spend
Data Breaches & Vishing
- Harvard disclosed that alumni, student and staff contact information was stolen in a vishing-style breach, exposing donor and alumni data to fraud risks – Harvard Breach, Harvard Vishing
Deals
- Roundup of Black Friday 2025 deals for cybersecurity, IT, VPNs and antivirus products highlights seasonal discounts for security tools and subscriptions – Black Friday Deals