Cyber News 10NOV2025
General
- Microsoft is rolling out more features to deal with future CrowdStrike-like boot issues.
- [AU] Is it just network connectivity "Australia Connect" or an AI Datacentre - Google building infrastructure on Christmas Island
- [KR] Threat actors using legitimate lost-device-wiping capabilities to erase devices, using Google Find Hub.
- [UK] Impact of the JLR attack, on the UK economy, GDP growth 1/3 less than prior prediction.
- [US] An interesting way to ensure companies are complying with their cybersecurity claims - the "False Claims Act". Whistleblowers under the act can expect 15-30% of any damages. Given some settlements are ~US$10m, that's quite an incentive.
- [US] Brian Krebs has a write-up on the US's latest bans of chinese equipment. Partly due to bad security posture...but are the other options any better?
Maybe the US should invest in a Secure-by-Design programme? - [US] Congressional Budget Office breached. Feels like a legitimate target for foreign spying.
Getting Techy
- Socket uncovers delayed-action malware in otherwise operational .Net libraries published on NuGet
- Another humorous write-up from Watchtowr Labs - this time Monsta FTP
- PAN Unit 42 takes a look at a Samsung-specific (Android) zero-click image-processing bug, patched in April 2025, and accompanying malware dubbed "LANDFALL". Similarities to a recently patched iOS exploit chain, targeting WhatsApp, also a DNG-parsing attack.
- https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
- https://www.bleepingcomputer.com/news/security/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages/
- https://arstechnica.com/gadgets/2025/11/commercial-spyware-landfall-ran-rampant-on-samsung-phones-for-almost-a-year/
- https://www.theregister.com/2025/11/07/landfall_spyware_samsung_0days/
- https://therecord.media/landfall-spyware-middle-east-appears-commercial-grade
- Flashpoint looks at the gradual evolution of LockBit 5 - likely a little faster, a little stealthier (and potentially more destructive).
Geo-Politics
- [MM] Notorious scam-compound KK Park being demolished by junta, to "improve the BGF and regime's reputation in the eyes of the world". Initial reports - 24 buildings destroyed, now up to 101 buildings (of ~250)
- [US] Five-weeks in to the US Government shutdown...
Privacy
- Mozilla Surveillance Watch - watching the watchers
- [AU] The Office of the Australian Information Commissioner (OAIC) has launched a Notifiable Data Breaches statistics dashboard.
Sources of data breaches for H1CY2025: 59% Malicious/Criminal, 37% Human error, 3% System fault. - [EU] Microsoft attempts to quell some of the noise around data & computing sovereignty, however they're limited in what they can actually do.
- [MX] Mexico City - most surveilled city in the Americas, but they still want more.
AI
- Google like releasing Gemini 3 this month
- OpenAI likely to release GPT5.1 around the same time. Meanwhile GPT-5-Codex-Mini is available via CLI/VS-Code extension (API access "coming soon")
- Side-channel attack against streaming of tokens from LLMs - fingerprinting the tokens, even when transmitted inside TLS, to uncover the prompt.
- https://github.com/yo-yo-yo-jbo/whisper_leak
- https://arxiv.org/abs/2511.03675
- https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
- https://www.itnews.com.au/news/ai-providers-plug-metadata-leak-that-exposed-encrypted-chat-topics-621649
- Probably the result of sycophancy-driving Reinforcement Learning from Human Feedback (RLHF) - LLM-created conversations are missing human snark.
- OpenAI's attempts to split ChatGPT into multiple models for safety, broken by open-redirect on trusted bing.com domain
- [US] Bill introduced to require reporting when jobs are replaced with AI