![Cybersecurity News | Daily Recap [24 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [24 Nov 2025]")
Daily Recap, today’s cybersecurity news highlights Shai-Hulud’s second wave that steals npm credentials affecting 25,000+ repositories and leaks secrets to GitHub, along with ShadowPad actively exploiting a WSUS flaw and Grafana SCIM (CVE-2025-41115) enabling privilege escalation. The roundup also covers Microsoft and Windows risks—from agentic AI features and Windows 11 24H2 crashes to migration away from SCCM/WSUS—plus insider incidents, APT24/BADAUDIO activity, a Moscow-run postal outage in occupied Ukraine, and notable breaches like Harvard University and Mazda, plus the Passwork 7 launch. #ShaiHulud #ShadowPad #GrafanaSCIM #CVE-2025-41115 #WSUS #SCCM #APT24 #BADAUDIO #HarvardUniversity #Mazda #Passwork7 #DeepSeekR1 #CrowdStrike #CBI #Windows11_24H2
Vulnerabilities & Malware
- Shai-Hulud attacks continue in a second wave that leverages npm preinstall credential theft to impact 25,000+ repositories and infect ~500 packages while leaking secrets to GitHub – Shai-Hulud, Shai-Hulud
- ShadowPad is actively exploiting a WSUS flaw to achieve full-system access on targeted networks – ShadowPad Exploit
- Grafana SCIM flaw (CVE-2025-41115) rated maximum severity enables privilege escalation in affected deployments – Grafana SCIM
- Security guidance urges migration from legacy SCCM/WSUS workflows to cloud-native patching as exploitation risk rises – Cloud Patching
Microsoft & Windows
- Microsoft flags security concerns around its new agentic AI features that could expand attack surfaces – Agentic AI
- Windows 11 24H2 users face an Explorer and Start Menu crash bug that disrupts core system components – Windows 11 Bug
- Microsoft is testing File Explorer preloading to speed launches, potentially impacting startup behavior and telemetry – Explorer Preload
- WINS support will be removed after Windows Server 2025, prompting migration planning for legacy name services – WINS Removal
Insiders & Incidents
- CrowdStrike terminated a suspected insider after findings that the individual helped hackers falsely claim a company breach – CrowdStrike Insider, CrowdStrike Insider
- India’s CBI arrested a fugitive cybercrime kingpin and busted a fifth illegal call center targeting US nationals in an ongoing crackdown – CBI Arrest
Nation-state & Espionage
- China-linked APT24 deployed stealthy BADAUDIO malware via a Taiwanese supply-chain compromise, impacting 1,000+ domains – BADAUDIO Attack
- Hackers knocked out systems at a Moscow-run postal operator in occupied Ukraine, disrupting services and communications – Postal Outage
AI & Model Safety
- Chinese model DeepSeek-R1 was found to generate insecure code when prompts reference Tibet or Uyghurs, highlighting bias and safety gaps in AI coding models – DeepSeek-R1
Breaches & Products
- Harvard University disclosed a data breach affecting alumni and donors, prompting notification efforts – Harvard Breach
- Mazda says the recent Oracle incident caused no data leakage or operational impact to its systems – Mazda Oracle
- Passwork 7 debuts a self-hosted enterprise credentials and secrets management platform with zero-knowledge architecture and granular RBAC – Passwork 7
Policy & Regulation
- UK MPs recommend holding software companies legally liable to protect British economic security amid growing supply-chain and software risks – Software Liability
Consumer & Mobile
- A Black Friday cybersecurity survival guide offers tips to protect shoppers from scams and attacks during holiday sales – Black Friday Guide
- New Costco Gold Star members receive a promotional $40 digital shop card with membership sign-up – Costco Offer
- Google enables Pixel-to-iPhone file sharing via Quick Share and AirDrop, improving cross-platform mobile file transfers – Pixel QuickShare
Recaps & Research
- Weekly threat research roundup and daily recaps are available for ongoing monitoring and analysis – Weekly Recap