Cyber News 06NOV2025

General

• Actively exploited WordPress email plugin 'Post SMTP', can be used to read WordPress password-reset emails, enabling account takeover.
  • https://www.wordfence.com/blog/2025/11/400000-wordpress-sites-affected-by-account-takeover-vulnerability-in-post-smtp-wordpress-plugin/
  • https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-post-smtp-to-hijack-admin-accounts/
• Google's Threat Intelligence Group (GTIG) on attacker use of AI tools. Yes - people have tried things, no - the examples don't work, yes - existing tools detect them with no problem.
  • https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools
  • https://bsky.app/profile/doublepulsar.com/post/3m4vfri4kx22d
  • https://therecord.media/new-malware-uses-ai-to-adapt
  • https://www.theregister.com/2025/11/05/attackers_experiment_with_gemini_ai/
• Sticking with Google - their acquisition of Wiz looks a step closer to finally closing, after gaining DoJ approval.
  • https://www.theregister.com/2025/11/05/googles_32b_wiz_acquisition_its/
• [EU] 18 arrested in old (2016-2021) 'low and slow' €300m credit-card fraud operation
  • https://www.eurojust.europa.eu/news/eurojust-coordinates-major-operation-against-eur-300-million-global-credit-card-fraud-18
  • https://www.bleepingcomputer.com/news/security/europol-credit-card-fraud-rings-stole-eur-300-million-from-43-million-cardholders/
  • https://therecord.media/europe-police-bust-global-fraud-ring-payment-firms
• [UK] Cost of a breach - M&S profits down 99% (£291.1m -> £3.4m) in the first half-year, even after a £100m insurance payout
  • https://corporate.marksandspencer.com/sites/marksandspencer/files/2025-11/marks-and-spencer-hy-2526-rns.pdf
  • https://therecord.media/marks-spencer-profits-wiped-out-cyberattack
  • https://www.theregister.com/2025/11/05/ms_pegs_cyberattack_cleanup_costs/

Geo-Politics

• [CN] Heavy sentences for chinese nationals involved in scam Myanmar compounds.
  • https://therecord.media/china-sentences-5-myanmar-scam-kingpins-to-death

According to Xinhua, the Bai family and its associates built 41 industrial parks where they “engaged in telecommunications and online fraud, operating casinos, intentional homicide, intentional injury, kidnapping, extortion, organizing and forcing prostitution, and organizing illegal border crossings.” They defrauded people of more than 29 billion yuan (more than $4 billion), the court alleged, and their operations resulted in the deaths of at least six Chinese citizens.

• [US] Impact of Government Shutdown - US Army lists food banks in Germany, that could help support the staff at their bases.
  • https://www.404media.co/army-tells-soldiers-to-go-to-german-food-bank-then-deletes-it/

Privacy

• [US] DHS proposes massive increase in biometric collection powers
  • https://www.federalregister.gov/documents/2025/11/03/2025-19747/collection-and-use-of-biometrics-by-us-citizenship-and-immigration-services
  • https://www.theregister.com/2025/11/04/dhs_wants_to_collect_biometric_data/

AI

• Anthropic propose the next evolution beyond direct Model Context Protocol (MCP) execution. Essentially, turning the MCP calls and data flow into an external program. This has performance, accuracy and security benefits.
  To add some numbers - GitHub MCP definition at launch took +50k tokens of context - most self-hosted models max out at 128k of context. Anthropic, Google and X all charge more for context over either 128k or 200k.
  • (Anthropic) https://archive.li/fJx1Z
  • https://simonwillison.net/2025/Nov/4/code-execution-with-mcp/
  • https://www.llm-prices.com/
• Amazon and Perplexity clash over shopping agents
  • (Bloomberg) https://archive.li/nGmOJ
• AI everywhere...now entering the dating-apps space
  • (NY Times) https://archive.li/Y0JuN
• Speaking of space - how about putting your AI chips in orbit? Better access to solar power, but the radiation might hurt.
  • https://www.semafor.com/article/11/04/2025/google-wants-to-build-solar-powered-data-centers-in-space
• Cassie Kozyrkov breaks down the "AI Therapist" arguments, for and against.
  • https://archive.li/1MW89