![Cybersecurity News | Daily Recap [11 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [11 Nov 2025]")
Daily Recap, APT & Malware campaigns underpin a surge in weaponized documents and backdoors like Comebacker and ChaCha20, while vulnerabilities in Triofox, runC, and expr-eval threaten broader ecosystems. The news also covers credential phishing trends via Quantum Route Redirect and LinkedIn, regulatory actions on NY pricing and data privacy whistleblowers, plus notable incidents at Asahi and GitHub secrets leaks.
#ChaCha20 #Comebacker #KONNI #APT37 #FindHub #Triofox #runC #expr-eval #Yanluowang #Asahi #GitHub
#ChaCha20 #Comebacker #KONNI #APT37 #FindHub #Triofox #runC #expr-eval #Yanluowang #Asahi #GitHub
APT & Malware Campaigns
- Lazarus is deploying weaponized documents and a new ChaCha20-encrypted Comebacker backdoor targeting aerospace and defense β Lazarus Attacks, Lazarus Comebacker
- Researchers reveal deep code and infrastructure links between banking malware Maverick and Coyote, suggesting shared development or reuse β Maverick & Coyote
- KONNI/APT37 actors are abusing Google Find Hub to remotely track and wipe South Korean Android devices in recent campaigns β Find Hub Abuse, Find Hub Abuse, Find Hub Abuse
Vulnerabilities & Exploits
- Attackers are exploiting a critical Triofox flaw to execute malicious payloads via antivirus configuration features and install remote access tools β Triofox Flaw, Triofox Flaw
- Researchers disclosed critical runC vulnerabilities (CVE-2025-31133) that allow full container escapes and arbitrary code execution from containers β runC Escape
- Popular JavaScript library expr-eval contains an RCE flaw enabling remote code execution in affected applications β expr-eval RCE
- CISA ordered federal agencies to patch a Samsung zero-day actively used in spyware attacks, forcing emergency remediation β Samsung Zero-Day
Phishing & Credential Attacks
- Global campaigns using the Quantum Route Redirect PhaaS are targeting Microsoft 365 users with credential-stealing redirects and 2FA bypass techniques β Quantum Redirect
- Attackers continue to favor LinkedIn for targeted phishing due to trusted profiles, business context, and high success rates against professionals β LinkedIn Phishing
Ransomware & Legal Actions
- A Russian hacker admitted intent to plead guilty for aiding the Yanluowang ransomware group, part of broader prosecutions against access brokers and operators β Yanluowang Plea, Yanluowang Plea
Incidents & Data Leaks
- A cyberattack on Asahi disrupted operations at Japanβs top brewer during peak season, impacting production and logistics β Asahi Outage
- Numerous Forbes AI 50 companies inadvertently leaked proprietary models and secrets on GitHub, exposing IP and credentials β AI 50 Leaks
Regulation & Industry
- New Yorkβs first-in-the-nation algorithmic pricing law went into effect and enforcement has begun targeting personalized pricing practices β NY Pricing Law, NY Pricing Law
- A California proposal would expand protections for data privacy whistleblowers reporting breaches or agency misconduct β CA Whistleblower
- Industry controversy grows as a former Trump official was named executive chairman of surveillance vendor NSO Group amid scrutiny over export and human-rights risks β NSO Appointment
Privacy & Browser Security
- Mozilla released new anti-fingerprinting defenses in Firefox to reduce cross-site tracking and improve user privacy protections β Firefox Privacy