New Tooling
- Strix: Open-Source AI Agents For Penetration Testing
"Security teams know that application flaws tend to show up at the worst time. Strix presents itself as an open source way to catch them earlier by using autonomous agents that behave like human attackers. These agents run code, explore an application, uncover weaknesses, and prove those findings with working proof of concepts."
https://www.helpnetsecurity.com/2025/11/17/strix-open-source-ai-agents-penetration-testing/
https://github.com/usestrix/strix
Vulnerabilities
- DoorDash Email Spoofing Vulnerability Sparks Messy Disclosure Dispute
"A vulnerability in DoorDash's systems could allow anyone to send "official" DoorDash-themed emails right from company's authorized servers, paving a near-perfect phishing channel. DoorDash has now patched the issue, but a contentious dispute has erupted between the researcher who reported the vulnerability and the company, with both sides accusing each other of acting improperly."
https://www.bleepingcomputer.com/news/security/doordash-email-spoofing-vulnerability-sparks-messy-disclosure-dispute/ - EchoGram: The Hidden Vulnerability Undermining AI Guardrails
"Large Language Models (LLMs) are increasingly protected by “guardrails”, automated systems designed to detect and block malicious prompts before they reach the model. But what if those very guardrails could be manipulated to fail? HiddenLayer researchers have uncovered EchoGram, a groundbreaking attack technique that can flip the verdicts of defensive models, causing them to mistakenly approve harmful content or flood systems with false alarms. The exploit targets two of the most common defense approaches, text classification models and LLM-as-a-judge systems, by taking advantage of how similarly they’re trained."
https://hiddenlayer.com/innovation-hub/echogram-the-hidden-vulnerability-undermining-ai-guardrails/
https://hackread.com/echogram-flaw-bypass-guardrails-major-llms/
Malware
- Defending The Cloud: Azure Neutralized a Record-Breaking 15 Tbps DDoS Attack
"On October 24, 2025, Azure DDOS Protection automatically detected and mitigated a multi-vector DDoS attack measuring 15.72 Tbps and nearly 3.64 billion packets per second (pps). This was the largest DDoS attack ever observed in the cloud and it targeted a single endpoint in Australia. By utilizing Azure’s globally distributed DDoS Protection infrastructure and continuous detection capabilities, mitigation measures were initiated. Malicious traffic was effectively filtered and redirected, maintaining uninterrupted service availability for customer workloads."
https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422
https://www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/
https://securityaffairs.com/184749/cyber-crime/microsoft-mitigated-the-largest-cloud-ddos-ever-recorded-15-7-tbps.html
https://www.theregister.com/2025/11/17/biggest_cloud_ddos_attack_azure/ - EVALUSION Campaign Delivers Amatera Stealer And NetSupport RAT
"Adversaries don’t work 9-5 and neither do we. At eSentire, our 24/7 SOCs are staffed with Elite Threat Hunters and Cyber Analysts who hunt, investigate, contain and respond to threats within minutes. We have discovered some of the most dangerous threats and nation state attacks in our space – including the Kaseya MSP breach and the more_eggs malware. Our Security Operations Centers are supported with Threat Intelligence, Tactical Threat Response and Advanced Threat Analytics driven by our Threat Response Unit – the TRU team."
https://www.esentire.com/blog/evalusion-campaign-delivers-amatera-stealer-and-netsupport-rat
https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html - RONINGLOADER: DragonBreath’s New Path To PPL Abuse
"Elastic Security Labs identified a recent campaign distributing a modified variant of the gh0st RAT, attributed to the Dragon Breath APT (APT-Q-27), through trojanized NSIS installers masquerading as legitimate software such as Google Chrome and Microsoft Teams. The infection chain employs a multi-stage delivery mechanism that leverages various evasion techniques, with many redundancies aimed at neutralising endpoint security products popular in the Chinese market. These include bringing a legitimately signed driver, deploying custom WDAC policies, and tampering with the Microsoft Defender binary through PPL abuse."
https://www.elastic.co/security-labs/roningloader
https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html - Npm Malware Campaign Uses Adspect Cloaking To Deliver Malicious Redirects
"The Socket Threat Research Team recently discovered dino_reborn, an npm threat actor with seven packages constructing an intricate malware campaign. Upon visiting a fake website constructed by one of the packages, the threat actor determines if the visitor is a victim or a security researcher. If the visitor is a victim, they see a fake CAPTCHA, eventually bringing them to a malicious site. If they are a security researcher, only a few tells on the fake website would tip them off that something nefarious may be occurring."
https://socket.dev/blog/npm-malware-campaign-uses-adspect-cloaking-to-deliver-malicious-redirects
https://www.bleepingcomputer.com/news/security/malicious-npm-packages-abuse-adspect-redirects-to-evade-security/
Breaches/Hacks/Leaks
- AIPAC Discloses Data Breach, Says Hundreds Affected
"AIPAC (American Israel Public Affairs Committee) has announced a data breach linked to an external system breach that involved an unknown third-party company. The disclosure appeared in a notification submitted to the Maine attorney general’s office on November 14 2025."
https://hackread.com/aipac-data-breach-hundreds-affected/ - Eurofiber France Warns Of Breach After Hacker Tries To Sell Customer Data
"Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. Eurofiber France SAS is the French unit of the Eurofiber Group N.V., a Dutch telecommunications service provider that operates a fiber network of 76,000 km across the Netherlands, Belgium, France, and Germany. The company specializes in providing digital infrastructure for businesses, rather than the consumer market."
https://www.bleepingcomputer.com/news/security/eurofiber-france-warns-of-breach-after-hacker-tries-to-sell-customer-data/
https://www.theregister.com/2025/11/17/eurofiber_breach/ - Princeton University Discloses Data Breach Affecting Donors, Alumni
"A Princeton University database was compromised in a cyberattack on November 10, exposing the personal information of alumni, donors, faculty members, and students. According to a FAQ page issued on Saturday, the threat actors breached Princeton's systems by targeting a University employee in a phishing attack. This allowed them to gain access to "biographical information pertaining to University fundraising and alumni engagement activities," including names, email addresses, telephone numbers, and home and business addresses stored in the compromised database."
https://www.bleepingcomputer.com/news/security/princeton-university-discloses-data-breach-affecting-donors-alumni/
https://therecord.media/princeton-donor-alumni-database-breach - Pennsylvania AG Confirms Data Breach After INC Ransom Attack
"The office of Pennsylvania's attorney general has confirmed that the ransomware gang behind an August 2025 cyberattack stole files containing personal and medical information. This comes after Attorney General Dave Sunday confirmed in early September that the incident was a ransomware attack and his office refused to pay the ransom requested by the cybercriminals after they encrypted compromised systems. "The OAG later learned that certain files may have been accessed without authorization. The OAG reviewed which data may have been involved and learned that certain personal information was contained in some files," said the Pennsylvania Office of the Attorney General (OAG) in a Friday press release."
https://www.bleepingcomputer.com/news/security/pennsylvania-ag-confirms-data-breach-after-inc-ransom-attack/
https://therecord.media/pennsylvania-attorney-general-office-data-breach-ssns - Everest Ransomware Says It Stole Data Of Millions Of Under Armour Users
"Everest ransomware gang is claiming to have breached Under Armour, Inc., the American sportswear giant, and stolen 343 GB of internal company data, employee information, along with personal data of millions from various countries. The claims were published earlier today on the group’s official dark web leak site."
https://hackread.com/everest-ransomware-under-armour-users-data/
General News
- October 2025 Infostealer Trend Report
"This report provides statistics, trends, and case information on Infostealer malware such as distribution volume, distribution methods, and disguising techniques, which were collected and analyzed for one month in October 2025. The following is a summary of the report."
https://asec.ahnlab.com/en/91062/ - October 2025 Trends Report On Phishing Emails
"This report provides the statistics, trends, and case information on the distribution of phishing emails and attachment-based threats collected and analyzed for one month in October 2025. Below is a portion of the statistics and cases included in the original report."
https://asec.ahnlab.com/en/91060/ - October 2025 APT Group Trends
"North Korea-affiliated cyber threat groups have stolen cryptocurrency, credentials, and performed reconnaissance and remote control attacks through various malware and operations. They used Node.js-based malware and a multi-stage infection chain to target both Windows and macOS environments. Through their recruitment scams, interview disguises, and industrial espionage campaigns, they intensively attacked relevant individuals in the defense, blockchain, and Web3 industries."
https://asec.ahnlab.com/en/91061/ - The Tech That Turns Supply Chains From Brittle To Unbreakable
"In this Help Net Security interview, Sev Kelian, CISO and VP of Security at Tecsys, discusses how organizations can strengthen supply chain resilience through a more unified and forward-looking strategy. Kelian also shares how new technologies and a blended view of cyber and physical risk are changing the way teams think about strategy and long-term planning."
https://www.helpnetsecurity.com/2025/11/17/sev-kelian-tecsys-supply-chain-resilience-strategy/ - Dutch Police Seizes 250 Servers Used By “bulletproof Hosting” Service
"The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity. Politie, the police force in the Netherlands, did not name the service but said that it has been used for illicit activities since 2022, and has emerged in more than 80 cybercrime investigations, both domestic and abroad. Bulletproof hosting providers are companies that intentionally ignore abuse reports and refuse to comply with content takedowns requests from law enforcement while protecting their customers by not enforcing Know Your Customer policies."
https://www.bleepingcomputer.com/news/security/dutch-police-seizes-250-servers-used-by-bulletproof-hosting-service/ - An Uncertain Future For The Global Internet
"Global internet freedom declined for the 15th consecutive year. Of the 72 countries assessed in Freedom on the Net 2025, conditions deteriorated in 28, while 17 countries registered overall gains. Kenya experienced the most severe decline of the coverage period, after authorities responded to nationwide protests over tax policy in June 2024 by shutting down internet connectivity for around seven hours and arresting hundreds of protesters. Bangladesh earned the year’s strongest improvement, as a student-led uprising ousted the country’s repressive leadership in August 2024 and an interim government made positive reforms. China and Myanmar remained the world’s worst environments for internet freedom, while Iceland held its place as the freest online environment."
https://freedomhouse.org/report/freedom-net/2025/uncertain-future-global-internet
https://www.helpnetsecurity.com/2025/11/17/freedom-house-global-internet-freedom-decline/ - Cyber Readiness Stalls Despite Confidence In Incident Response
"Cyber readiness is stalling as over-confident teams ignore the reality that incident response times have not improved despite more spending and oversight, according to Immersive. The cyber-training vendor’s Cyber Workforce Benchmark Report 2025 is based on anonymized data collected from the Immersive One platform, simulated exercises across technical and business functions, and a readiness perception survey. A resilience score quantifies organizational readiness across skills, practices, decision-making performance, framework coverage and adaptability to new threats."
https://www.infosecurity-magazine.com/news/cyber-readiness-stalls-incident/
https://www.theregister.com/2025/11/17/immersive_cyber_resilience_report/ - Frontline Security Predictions 2026: The Battle For Reality And Control In a World Of Agentic AI
"The power and potential of agentic AI — adaptive, automated and independent — dominated security conversations during 2025. Barracuda asked four colleagues leading cyberthreat and security areas around the world, what they expect from agentic AI in 2026 and what this means for cybersecurity."
https://blog.barracuda.com/2025/11/17/frontline-security-predictions-2026-agentic-ai - Europol And Partner Countries Combat Online Radicalisation On Gaming Platforms
"Europol supported eight countries in identifying and removing racist and xenophobic propaganda shared on gaming and gaming-related platforms. The Referral Action Day, involving Denmark, Finland, Germany, Luxembourg, Netherlands, Portugal, Spain, United Kingdom, led to the referral of thousands of URLs leading to dangerous and illicit online material."
https://www.europol.europa.eu/media-press/newsroom/news/europol-and-partner-countries-combat-online-radicalisation-gaming-platforms
https://www.theregister.com/2025/11/17/game_over_europol_storms_gaming/
https://www.infosecurity-magazine.com/news/europol-takedown-extremist-gaming/
อ้างอิง
Electronic Transactions Development Agency (ETDA) 
Research’s previous report, this exposure led to a marked decline in Lumma Stealer's activity, with many of its customers migrating to rival platforms such as Vidar and StealC. However, recent observations from our telemetry indicate a resurgence in Lumma Stealer activity, accompanied by notable changes in its command-and-control (C&C) behaviors, particularly the introduction of browser fingerprinting techniques."
