![Cybersecurity News | Daily Recap [27 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Nov 2025]")
Daily Recap, OpenAI disclosed that API/customer data was exposed after its vendor Mixpanel was hacked, prompting incident disclosures and investigations. Ransomware and outages were reported across multiple fronts, including Qilin’s data heist via a South Korean MSP breach and an Asahi Group ransomware incident potentially exposing about 2 million records, along with IT outages affecting London councils and the U.S. CodeRED emergency system. #Qilin #AsahiGroup
Vendor Exposure
- OpenAI discloses that API/customer data was exposed after its vendor Mixpanel was hacked, prompting incident disclosures and investigations – OpenAI Leak, OpenAI Leak, OpenAI Leak
Ransomware & Outages
- Qilin and other ransomware operations turned a South Korean MSP breach into a 28-victim data heist while Japan’s Asahi Group suffered a ransomware attack potentially exposing data of about 2 million customers and employees – Qilin Heist, Asahi Attack
- Emergency systems and local government services were disrupted after cyberattacks—multiple London councils faced IT outages and municipal emergency/alert services including the U.S. CodeRED system went offline following data theft and ransomware incidents – London Councils, London Councils, CodeRED Down, Municipal Offline
Dev Supply Chain
- Developer tooling and package ecosystems leaked thousands of secrets and were weaponized: Shai-Hulud v2 spread from npm to Maven, code-formatting platforms exposed thousands of secrets, a popular Forge library patched a signature verification bypass, and attackers abused 3D design software to target creators – Shai-Hulud, Secrets Leaked, Forge Fix, Blender Exploit
Malware & AI Threats
- Adversaries are weaponizing zero-days and testing botnets while AI-enabled offensive tools proliferate: Water Gamayun used an MSC EvilTwin zero-day for stealthy backdoors, the ShadowV2 botnet exploited an AWS outage for testing, and commercial AI malware like WormGPT is being sold (lifetime access advertised at $220)—see the roundup for wider AI/IoT threats – Water Gamayun, ShadowV2 Botnet, WormGPT Sale, ThreatsDay
Breaches & Fraud
- A string of breaches and fraud losses surfaced: Gainsight expanded its impacted-customer list after a Salesforce alert, Comcast faces a $1.5M fine for a vendor breach affecting 270,000 customers, Dartmouth reported at least 35,000 impacted via an Oracle EBS campaign, and the FBI attributes $262M in 2025 losses to account-takeover fraud – Gainsight List, Comcast Fine, Dartmouth Breach, ATO Losses
Policy, Controls & Funding
- New and updated regulations and privacy rulings: the U.S. House unveiled a draft children’s online safety bill and Thailand ordered deletion of World Iris scans in a biometric privacy ruling – KOSA Bill, Thailand Ban
- Platform and vendor security changes plus funding and tools: Microsoft will cause FIDO2 keys to prompt for PIN after recent Windows updates and is tightening Entra ID sign-ins with CSPs, Clover Security raised $36M to secure software-by-design, and Passwork 7 launched as a self-hosted secrets manager for enterprises – FIDO2 PIN, Entra CSP, Clover Funding, Passwork 7
Consumer & Misc
- NordVPN advertised a Black Friday deal of up to 77% off 2025 plans for users shopping VPN subscriptions – NordVPN Deal