Cybersecurity News | Daily Recap [21 Nov 2025]

Write 2 sentences summarizing the content (Cybersecurity News ‘Daily’ Recap). At the end, add hashtags for specific keywords mentioned in the article—such as names of malware, threat actors, or affected organizations/systems. Avoid general terms like #malware, #ransomware, or #cybersecurity. Use this format: #Keyword1 #Keyword2. Start with ‘Daily Recap, ‘
Daily Recap, The recap highlights ongoing third-party app risks with Gainsight tied to Salesforce after unusual OAuth activity, and tracks a large-scale state-backed espionage campaign by APT24 using BadAudio against Taiwan. It also covers Android backdoors like Baohuo and Sturnus targeting messaging apps, critical flaws and active exploitation in WSUS and network devices, plus financial crime, legal actions, and policy shifts shaping the broader cybersecurity landscape. #Gainsight #APT24 #BadAudio #Baohuo #Sturnus #WSUS #ShadowPad #ICAM365 #AsusRouter #DIR-878 #SamouraiWallet #Almaviva #NSO

Third-Party Apps

Salesforce is probing possible customer data access via the third-party Gainsight app after detecting unusual OAuth activity and has cut the app’s access while investigating a campaign targeting connected customer environments – Gainsight Probe, Gainsight OAuth, Gainsight Cutoff, Gainsight Theft, Gainsight Warning

State-backed Espionage

Researchers and Google link Chinese-backed APT24 to a years-long supply-chain campaign deploying the BadAudio malware against Taiwan and over 1,000 domains for espionage – BadAudio Report, APT24 Campaign, Google BadAudio

Mobile & Messaging Threats

New Android backdoors like Baohuo (embedded in tainted Telegram X builds) can hijack accounts and exfiltrate chats, while a new Sturnus banking trojan targets WhatsApp, Telegram, Signal and other Android strains can capture private messages — raising mobile-security concerns – Baohuo Backdoor, Sturnus Trojan, Android Snooping, Samsung Security

Vulnerabilities & Exploits

SonicWall released patches for multiple high-severity flaws in firewalls and email appliances even as an unpatched SonicOS bug can crash devices, prompting immediate remediation – SonicWall Patches, SonicOS Crash
A critical WSUS RCE (CVE-2025-59287) is being actively exploited to deploy the ShadowPad backdoor in the wild, urging urgent patching – WSUS ShadowPad
CISA and vendors warn of multiple device flaws: a CISA advisory flags vulnerable ICAM365 CCTV models, CERT-In warns of an Asus router flaw affecting millions in India, and D‑Link discloses RCEs in EoL DIR-878 routers with public exploit code – ICAM365 CCTV, Asus Router, DIR-878 RCE

Botnets & Cryptojacking

The Tsundere botnet is expanding on Windows using game-themed lures and an Ethereum-based C2, increasing clickbait-driven infections – Tsundere Botnet
ShadowRay 2.0 exploits an unpatched Ray AI framework flaw to build self-spreading GPU cryptomining botnets that abuse exposed dashboards for propagation, DDoS and mining – ShadowRay Botnet

VPN & Ransomware

Attackers probed GlobalProtect VPN portals in roughly 2.3 million scan sessions, underscoring research that stolen VPN credentials remain the most common ransomware attack vector – GlobalProtect Probe, Stolen VPN Vector

Financial Crime & Fraud

Analysis of the UNC2891 money-mule network reveals the full scale of coordinated ATM fraud operations and associated laundering infrastructure – UNC2891 ATM
U.S. courts sentenced the founders of Samourai Wallet for a $237M crypto money‑laundering scheme, highlighting enforcement against crypto-enabled crime – Samourai Verdict
A threat actor claims theft of 2.3TB of data from Italian IT provider Almaviva, including documents tied to FS Italiane, raising critical-infrastructure concerns – Almaviva Leak

Law, Enforcement & Disclosure

Two suspected Scattered Spider hackers pleaded not guilty over the Transport for London cyberattack as prosecutions continue – TFL Suspects
A Russian hacking suspect wanted by the FBI was arrested on a Thai resort island, marking an international law‑enforcement action – Russian Arrest
Reporting shows UK drug funds flowed into a bank tied to Russian spy services and military links, exposing illicit finance routes – UK-Russia Bank
The SEC dropped its long-running SolarWinds case after years of scrutiny, closing a chapter on a high-profile supply‑chain incident investigation – SolarWinds Case
NSO Group is appealing a court order limiting Pegasus use against WhatsApp, calling the ruling potentially “catastrophic” for the spyware maker – NSO Appeal
A privacy oversight board concluded the FBI does not buy real-time location data, according to its review – Privacy Ruling

Events & Policy

Experts warn of rising cybercrime threats ahead of the 2025 Las Vegas Grand Prix, urging heightened security planning for the large-scale Formula 1 event – Formula1 Risk
The city of Middletown plans to restart utility billing after a major cyber incident disrupted services, underscoring impacts on local infrastructure – Middletown Attack
The FCC is reversing Biden‑era telecom cybersecurity rules following breaches tied to the Salt Typhoon campaign, prompting debate over deregulation amid persistent threat activity – FCC Deregulation

Research & Disclosure Disputes

Researchers and vendors are in a public spat after SquareX and Perplexity clashed over an alleged Comet browser vulnerability and its disclosure timeline – Comet Dispute

Guidance & Trends

As GenAI adoption rises, guidance urges organizations to adopt cyber-resilience practices tailored to generative-AI risks and workflows – GenAI Guidance

Cybersecurity News | Daily Recap – hendryadrian.com

SHARE THIS STORY

WhatsApp X (Twitter)Telegram Bluesky Facebook LinkedIn Threads Email Print