Healthcare Sector
- Healthcare Security Is Broken Because Its Systems Can’t Talk To Each Other
"In this Help Net Security interview, Cameron Kracke, CISO at Prime Therapeutics, discusses how the healthcare ecosystem can achieve cohesive security visibility. With hospitals, clinics, telehealth, and cloud partners all in the mix, maintaining visibility remains a complex task. Kracke shares how interoperability, collaboration, and strategic investment can strengthen resilience across the healthcare security landscape."
https://www.helpnetsecurity.com/2025/11/13/cameron-kracke-prime-therapecutics-healthcare-security-ecosystem/
Industrial Sector
- CISA Releases 18 Industrial Control Systems Advisories
"CISA released 18 Industrial Control Systems (ICS) Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS."
https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-releases-18-industrial-control-systems-advisories
New Tooling
- Sprout: Open-Source Bootloader Built For Speed And Security
"Sprout is an open-source bootloader that delivers sub-second boot times and uses a clean, data-driven configuration format that works across operating systems. “We built Sprout because we were frustrated by how fragile and slow traditional bootloaders are,” said Alex Zenla, CTO at Edera. Sprout is designed for modern infrastructure where every second counts. It can boot Linux in under 50 milliseconds, which is critical for autoscaling and deployment in cloud environments."
https://www.helpnetsecurity.com/2025/11/13/sprout-open-source-bootloader/
https://github.com/edera-dev/sprout
Vulnerabilities
- Firefox 145 And Chrome 142 Patch High-Severity Flaws In Latest Releases
"Google and Mozilla on Tuesday released fresh updates for Chrome and Firefox to resolve multiple high-severity vulnerabilities. Google announced a Chrome 142 update that resolves a high-severity inappropriate implementation issue in the V8 JavaScript engine. The bug is tracked as CVE-2025-13042. The internet giant has not detailed the flaw, but such V8 defects can typically be exploited remotely to cause denial-of-service (DoS) conditions or for code execution, Hong Kong CERT/CC notes. Google has yet to determine the bug bounty reward for the defect."
https://www.securityweek.com/firefox-145-and-chrome-142-patch-high-severity-flaws-in-latest-releases/ - Critical: Remote Code Execution Via Malicious Obfuscated Malware In Imunify360 AV (AI-Bolit)
"Recently a critical Remote Code Execution issue was patched in the Imunify360 AV product. Imunify360 serves up to 56 million websites. Hosting companies should patch the issue immediately. The information about this vulnerability has been spreading since the end of October, so we also recommend affected hosting companies to check whether their servers have been compromised."
https://patchstack.com/articles/remote-code-execution-vulnerability-found-in-imunify360/
https://www.bleepingcomputer.com/news/security/rce-flaw-in-imunifyav-puts-millions-of-linux-hosted-sites-at-risk/ - When GPTs Call Home: Exploiting SSRF In ChatGPT’s Custom Actions
"In cybersecurity, you begin to develop a kind of hacker mindset or “sixth sense”. You start seeing the world not just for what it does, but for what it could do. So, when I was building my first custom GPT in ChatGPT and got to the “Actions” section, that sense started tingling! I wasn’t even on a bug hunt, just curious about the custom GPT feature and building a custom assistant. The goal was to have a GPT pull data from my own external API, but once I realized this feature was returning data from a user-provided URL, alarm bells went off and the hacker instinct took over, telling me to check for SSRF."
https://sirleeroyjenkins.medium.com/when-gpts-call-home-exploiting-ssrf-in-chatgpts-custom-actions-5df9df27dbe9
https://www.securityweek.com/chatgpt-vulnerability-exposed-underlying-cloud-infrastructure/
Malware
- CISA And Partners Release Advisory Update On Akira Ransomware
"Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware, to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity."
https://www.cisa.gov/news-events/alerts/2025/11/13/cisa-and-partners-release-advisory-update-akira-ransomware
https://www.bleepingcomputer.com/news/security/cisa-warns-of-akira-ransomware-linux-encryptor-targeting-nutanix-vms/
https://therecord.media/akira-gang-received-million
https://cyberscoop.com/akira-ransomware-fbi-cisa-joint-advisory/ - “IndonesianFoods” Worm Publishes More Than 78,000 Malicious NPM Packages
"I’ve identified an NPM worm that has published over 78,000 malicious packages to the NPM registry, affecting at least eleven NPM users. This attack focuses on creating new packages rather than stealing credentials or engaging in other, more immediately malicious behaviours. This attack almost doubles the known number of malicious NPM packages."
https://sourcecodered.com/indonesianfoods-npm-worm/
https://www.endorlabs.com/learn/the-great-indonesian-tea-theft-analyzing-a-npm-spam-campaign
https://thehackernews.com/2025/11/over-46000-fake-npm-packages-flood.html
https://www.bleepingcomputer.com/news/security/new-indonesianfoods-worm-floods-npm-with-100-000-packages/
https://www.infosecurity-magazine.com/news/indonesianfoods-npm-worm-44000/
https://www.securityweek.com/tens-of-thousands-of-malicious-npm-packages-distribute-self-replicating-worm/ - Popular Android-Based Photo Frames Download Malware On Boot
"Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. Mobile security company Quokka conducted an in-depth security assessment on the Uhale app and found behavior suggesting a connection with the Mezmess and Voi1d malware families. The researchers reported the issues to ZEASN (now ‘Whale TV’), the Chinese firm behind the Uhale platform used in the digital picture frames of numerous different brands, but received no reply to multiple notificaitions since May."
https://www.bleepingcomputer.com/news/security/popular-android-based-photo-frames-download-malware-on-boot/
https://go.quokka.io/hubfs/App-Intel/Technical_Uhale-Digital-Picture-Frame-Security-Assessment.pdf - Unleashing The Kraken Ransomware Group
"In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block (SMB) vulnerabilities for initial access, then used tools like Cloudflared for persistence and SSH Filesystem (SSHFS) for data exfiltration before encryption. Kraken is a cross-platform ransomware with distinct encryptors for Windows, Linux, and VMware ESXi, targeting a wide range of enterprise environments."
https://blog.talosintelligence.com/kraken-ransomware-group/ - Uncovering a Multi-Stage Phishing Kit Targeting Italy's Infrastructure
"Group-IB researchers uncovered a professional phishing framework that mimics trusted brands with remarkable precision. Using layered evasion, CAPTCHA filtering, and Telegram-based data exfiltration, attackers harvest credentials and bypass automated detection. The findings highlight how phishing-as-a-service operations are scaling through automation, lowering technical barriers for cybercriminals, and industrializing one of the oldest yet most effective forms of digital fraud."
https://www.group-ib.com/blog/uncover-phishing-italy/
https://therecord.media/phishing-campaign-targets-italian-web-hosting-customers - We Opened a Fake Invoice And Fell Down a Retro XWorm-Shaped Wormhole
"Somebody forwarded an “invoice” email and asked me to check the attachment because it looked suspicious. Good instinct—it was, and what we found inside was a surprisingly old trick hiding a modern threat."
https://www.malwarebytes.com/blog/threats/2025/11/we-opened-a-fake-invoice-and-fell-down-a-retro-xworm-shaped-wormhole - Thousands Of Domains Target Hotel Guests In Massive Phishing Campaign
"A Russian-speaking threat actor operating an ongoing, mass phishing campaign targeting people who might be planning (or about to leave for) a vacation has registered more than 4,300 domain names used in the attacks since the beginning of the year. The ongoing campaign employs a sophisticated phishing kit that customizes the page presented to the site visitor depending on a unique string in the URL path when the target first visits the website. The customizations use the logos from major online travel industry brands, including Airbnb and Booking.com."
https://www.netcraft.com/blog/thousands-of-domains-target-hotel-guests-in-massive-phishing-campaign
https://thehackernews.com/2025/11/russian-hackers-create-4300-fake-travel.html - Malicious Chrome Extension Exfiltrates Seed Phrases, Enabling Wallet Takeover
"Socket’s Threat Research Team uncovered the malicious Chrome extension Safery: Ethereum Wallet, published on November 12, 2024. Marketed as a simple, secure Ethereum (ETH) wallet, it contains a backdoor that exfiltrates seed phrases by encoding them into Sui addresses and broadcasting microtransactions from a threat actor-controlled Sui wallet."
https://socket.dev/blog/malicious-chrome-extension-exfiltrates-seed-phrases
https://thehackernews.com/2025/11/fake-chrome-extension-safery-steals.html
https://securityaffairs.com/184585/malware/chrome-extension-safery-steals-ethereum-wallet-seed-phrases.html - Chinese Spies Told Claude To Break Into About 30 Critical Orgs. Some Attacks Succeeded
"Chinese cyber spies used Anthropic's Claude Code AI tool to attempt digital break-ins at about 30 high-profile companies and government organizations – and the government-backed snoops "succeeded in a small number of cases," according to a Thursday report from the AI company. The mid-September operation targeted large tech companies, financial institutions, chemical manufacturers, and government agencies."
https://www.theregister.com/2025/11/13/chinese_spies_claude_attacks/
https://assets.anthropic.com/m/ec212e6566a0d47/original/Disrupting-the-first-reported-AI-orchestrated-cyber-espionage-campaign.pdf - Increase In Lumma Stealer Activity Coincides With Use Of Adaptive Browser Fingerprinting Tactics
"In the wake of a targeted doxxing campaign last month that exposed the alleged core members of Lumma Stealer (which Trend Micro tracks as Water Kurita), the underground infostealer landscape experienced a significant upheaval. As detailed in Trend
Research’s previous report, this exposure led to a marked decline in Lumma Stealer's activity, with many of its customers migrating to rival platforms such as Vidar and StealC. However, recent observations from our telemetry indicate a resurgence in Lumma Stealer activity, accompanied by notable changes in its command-and-control (C&C) behaviors, particularly the introduction of browser fingerprinting techniques."
https://www.trendmicro.com/en_us/research/25/k/lumma-stealer-browser-fingerprinting.html
Breaches/Hacks/Leaks
- Washington Post Data Breach Impacts Nearly 10K Employees, Contractors
"The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack. The news organization is one of the largest daily newspapers in the U.S. with approximately 2.5 million digital subscribers. Between July 10 and August 22, threat actors accessed parts of its network. They leveraged a vulnerability in Oracle E-Business Suite software that was a zero-day at the time to steal sensitive data."
https://www.bleepingcomputer.com/news/security/washington-post-data-breach-impacts-nearly-10k-employees-contractors/
https://cyberscoop.com/washington-post-oracle-clop-attacks/
https://www.theregister.com/2025/11/13/washington_post_clop/
General News
- Police Disrupts Rhadamanthys, VenomRAT, And Elysium Malware Operations
"Law enforcement authorities from nine countries have taken down over 1,000 servers used by the Rhadamanthys infolstealer, VenomRAT, and Elysium botnet malware operations in the latest phase of Operation Endgame, an international action targeting cybercrime. The joint action, coordinated by Europol and Eurojust, was also supported by multiple private partners, including Cryptolaemus, Shadowserver, Spycloud, Cymru, Proofpoint, CrowdStrike, Lumen, Abuse.ch, HaveIBeenPwned, Spamhaus, DIVD, and Bitdefender. Between 10 and 14 November 2025, police officers conducted searches at 11 locations in Germany, Greece, and the Netherlands, seized 20 domains, and took down 1,025 servers used by the targeted malware operations."
https://www.bleepingcomputer.com/news/security/police-disrupts-rhadamanthys-venomrat-and-elysium-malware-operations/
https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down
https://www.proofpoint.com/us/blog/threat-insight/operation-endgame-quakes-rhadamanthys
https://www.proofpoint.com/us/blog/threat-insight/security-brief-venomrat-defanged
https://therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium
https://thehackernews.com/2025/11/operation-endgame-dismantles.html
https://www.bankinfosecurity.com/operation-endgame-disrupts-more-malware-a-30028
https://cyberscoop.com/operation-endgame-disrupts-global-malware-networks-rhadamanthys-venomrat-elysium/
https://www.infosecurity-magazine.com/news/operation-endgame-3-dismantles/
https://hackread.com/operation-endgame-rhadamanthys-venomrat-elysium-malware/
https://www.securityweek.com/1000-servers-hit-in-law-enforcement-takedown-of-rhadamanthys-venomrat-elysium/
https://securityaffairs.com/184581/cyber-crime/a-new-round-of-europols-operation-endgame-dismantled-rhadamanthys-venom-rat-and-elysium-botnet.html
https://www.theregister.com/2025/11/13/rhadamanthys_takedown/
https://www.helpnetsecurity.com/2025/11/13/rhadamanthys-infostealer-operation-disrupted/ - The State Of Ransomware In Q3 2025
"The ransomware landscape in Q3 2025 has reached a critical inflection point. Despite multiple law enforcement takedowns earlier in the year, ransomware attacks remain at historically high levels. Check Point Research tracked 1,592 new victims across 85 active extortion groups, marking a 25% increase year-over-year. While major brands like RansomHub and 8Base have vanished, new and smaller threat actors have rapidly filled the void, fragmenting the ransomware-as-a-service (RaaS) market more than ever before."
https://blog.checkpoint.com/research/the-state-of-ransomware-in-q3-2025/ - October 2025 Attacks Soar 30% As New Groups Redefine The Cyber Battlefield
"Near-record ransomware attacks and the rise of new threats like Sinobi highlight the need for rapid detection and response. Ransomware attacks soared to the second-highest total on record in October 2025. October’s 623 ransomware attacks were up more than 30% from September, and below only February 2025’s record totals (chart below). It was the sixth consecutive monthly increase in ransomware attacks."
https://cyble.com/blog/ransomware-attacks-surge-october-2025/ - Orgs Move To SSO, Passkeys To Solve Bad Password Habits
"New survey data indicates that organizations are pushing hard for passwordless authentication. A significant chunk of online account passwords in 2025 remain basic and easy to crack — a fact that will surprise few. But last month, Dark Reading asked readers how their organizations are handling password security these days. The results were, perhaps surprisingly, optimistic."
https://www.darkreading.com/identity-access-management-security/sso-passkeys-password-bad-habits - Wanna Bet? Scammers Are Playing The Odds Better Than You Are
"Placing a bet has never been this easy, and that’s the problem. The convenience of online gambling is the same thing scammers are cashing in on. Whether it’s a fake app, a “can’t-miss” tipster, or a rigged casino, the game is stacked against you. By 2030, the online gambling market is projected to reach around $169 billion. 22 percent of Americans, including 48 percent of men ages 18 to 49, have an account with at least one online sportsbook."
https://www.helpnetsecurity.com/2025/11/13/cybercrime-online-betting-scams/ - Automation Can’t Fix Broken Security Basics
"Most enterprises continue to fall short on basic practices such as patching, access control, and vendor oversight, according to Swimlane’s Cracks in the Foundation: Why Basic Security Still Fails report. Leadership often focuses on broad resilience goals while the day-to-day work that supports them remains inconsistent and underfunded."
https://www.helpnetsecurity.com/2025/11/13/swimlane-security-basics-still-broken-report/ - When Attacks Come Faster Than Patches: Why 2026 Will Be The Year Of Machine-Speed Security
"Based on multiple 2025 industry reports: roughly 50 to 61 percent of newly disclosed vulnerabilities saw exploit code weaponized within 48 hours. Using the CISA Known Exploited Vulnerabilities Catalog as a reference, hundreds of software flaws are now confirmed as actively targeted within days of public disclosure. Each new announcement now triggers a global race between attackers and defenders. Both sides monitor the same feeds, but one moves at machine speed while the other moves at human speed."
https://thehackernews.com/2025/11/when-attacks-come-faster-than-patches.html
อ้างอิง
Electronic Transactions Development Agency (ETDA) 
