Cyber News 05NOV2025

General

• SpecterOps seem to have really accelerated since adding OpenGraph support to BloodHound (Both CE & Enterprise). Now you can collect and import file-share permissions into BloodHound.
  • https://specterops.io/blog/2025/10/30/sharehound-an-opengraph-collector-for-network-shares/
  • https://github.com/p0dalirius/sharehound
• Library of OpenGraph integrations: https://bloodhound.specterops.io/opengraph/library
• Microsoft Teams - a case study in why you can't trust client-side values
  • https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/
  • https://www.theregister.com/2025/11/04/microsoft_teams_bugs_could_let/
  • https://www.cybersecuritydive.com/news/researchers-flaws-manipulation-microsoft-teams-messages/804636/
• Virtualisation - can be used for good (CredGuard) or evil.
  (Why do Russian threat-actors love RAR so much - dead giveaway!)
  • https://www.bitdefender.com/en-us/blog/businessinsights/curly-comrades-evasion-persistence-hidden-hyper-v-virtual-machines
  • https://www.theregister.com/2025/11/04/russian_spies_pack_custom_malware/
  • https://www.bleepingcomputer.com/news/security/russian-hackers-abuse-hyper-v-to-hide-malware-in-linux-vms/
  • https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/
• Another month another 'Critical' Android RCE
  • https://source.android.com/docs/security/bulletin/2025-11-01
  • https://www.forbes.com/sites/zakdoffman/2025/11/04/samsung-and-google-issue-update-warning-no-fix-for-1-billion-users/
• Apple users - time to patch as well - 26.1 releases out for all the standard Apple products
  • iOS/iPadOS https://support.apple.com/en-us/125632
  • macOS https://support.apple.com/en-us/125634
  • tvOS https://support.apple.com/en-us/125637
  • watchOS https://support.apple.com/en-us/125639
• Crypto-currency prices mean mining is back on threat-actors radar
  • https://www.greynoise.io/blog/php-cryptomining-campaign
• Akira claims attack on OpenOffice, threatens to leak data - OpenOffice Project responds - we do everything in the open
  • https://www.bleepingcomputer.com/news/security/apache-openoffice-disputes-data-breach-claims-by-ransomware-gang/
  • https://www.ransomlook.io/group/akira
• [AU] The AN0M 'secure' messenger app (an AFP sting operation) is still providing value for Australian police, four years on - 55 new arrests.
  • https://www.theregister.com/2025/11/04/an0m_ironside_more_arrests/
  • https://www.abc.net.au/news/2025-11-02/operation-ironside-an0m-arrests-messages-new-phase-explained/105950980
  • (Older background) https://www.afp.gov.au/about-us/history/unique-stories/operation-ironside
• [EU] Nine arrested in €600m fake crypto-currency investment scam. Unfortunately, ~€1.5m recovered
  • https://www.eurojust.europa.eu/news/decisive-actions-against-cryptocurrency-scammers-earning-over-eur-600-million
  • https://www.bleepingcomputer.com/news/security/european-police-dismantles-600-million-crypto-investment-fraud-ring/
  • https://therecord.media/9-arrested-europe-crypto-platform-takedown
• [KO] IT Company and Bank sanctioned for aiding North Korean IT worker operations.
  • https://therecord.media/north-korea-us-sanctions-it-worker-scams-cybercrime

Getting Techy

• Reverse-engineering the well-protected XLoader malware, with the help of an LLM. (The secure-call trampoline is a neat anti-analysis trick)
  • https://research.checkpoint.com/2025/generative-ai-for-reverse-engineering/

Geo-Politics

• [CN] Don't know your Volt Typhoon from your Salt/Flax/Silk(Hafnium)... Typhoon?
  • https://mccraryinstitute.com/app/uploads/2025/10/McCrary-Institue-Code-Red-Release-Ready.pdf
• [CN] Disputed control of the South China Sea impacting subsea cable repairs.
  • https://globalnation.inquirer.net/297187/expert-notes-chinas-strategic-leverage-in-scs-subsea-networks
• [PL] The impact of Poland's support for Ukraine?
  • https://therecord.media/poland-hacks-loan-platform-mobile-payments-system-travel-agency
• [US] Criminals taking advantage of increased ICE activity.
  • (Wired) https://archive.is/RGnKv
• [US] Whitehouse.gov admin...are you okay? (Or is it just hacked WordPress)
  • https://www.whitehouse.gov/mysafespace/

Privacy

• [EU] Data Brokers are a real danger for privacy
  • https://netzpolitik.org/2025/databroker-files-targeting-the-eu/
  • https://therecord.media/data-brokers-selling-location-info-tracking-officials
• [US] There is some hope - How to Opt-Out of Airlines Selling Your Travel Data to the Government
  • https://www.404media.co/how-to-opt-out-of-airlines-selling-your-travel-data-to-the-government/
• [US] Remember the Mobile Fortify app mentioned earlier? Now there's a Police version "Mobile Identify".
  • (404 Media) https://archive.li/XzIwr
  • https://play.google.com/store/apps/details?id=gov.dhs.cbp.mobile.identify.global

AI

• Using AI to assist with coding? SlopGuard is designed to help with hallucinated and malicious package dependencies
  • https://github.com/aditya01933/SlopGuard