Cyber News 11NOV2025

General

• Increased investment in undersea cables, and a nod to the level of attacks on said cables
  • (CNBC) https://archive.li/79NGE
• An Initial Access Broker pleads guilty in US court to "hacking half a dozen American companies (including Cisco)". Could face up to "53 years in prison".
  • https://storage.courtlistener.com/recap/gov.uscourts.insd.225440/gov.uscourts.insd.225440.1.1.pdf
  • https://x.com/SeamusHughes/status/1985454013203218728
  • https://www.bleepingcomputer.com/news/security/yanluowang-initial-access-broker-to-plead-guilty-to-ransomware-attacks/
  • https://www.theregister.com/2025/11/10/russian_iab_pleads_guilty_to/
• Using legitimate services to mask phishing - this time it's Meta/Facebook Business. (Plus a bonus one in DoorDash)
  • https://www.theregister.com/2025/11/10/5k_facebook_advertising_customers_phishing/
  • https://gitlab.com/mato.ferech/doordash-disclosure-public/-/blob/54535fa7b497e13100aa14f32a46f6aedb4aaf28/index.md
• Plain old Phishing as a Service, at scale. Quantum Route Redirect targets M365 credentials, with a rather large pool of domains
  • https://blog.knowbe4.com/quantum-route-redirect-anonymous-tool-streamlining-global-phishing-attack
  • https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/
• RIPE's lack of action in removing bulletproof hosting providers - they can definitely do more.
  • https://bindinghook.com/neutral-internet-governance-enables-sanctions-evasion/

Getting Techy

• NPM Expression Evaluation library "expr-eval" contains a CVSS 9.8 vulnerability. Supposed to be a safe expression parser, a validation failure can lead to Remote Code Execution (RCE).
  • https://www.bleepingcomputer.com/news/security/popular-javascript-library-expr-eval-vulnerable-to-rce-flaw/
• When Unix/Window End-of-Line differences bite - HTTP request smuggling when Reverse-Proxy and Webserver use different versions (\n versus \r\n). A writeup on an earlier disclosed and patched issue in .Net Core's "Kestrel" webserver.
  • https://www.praetorian.com/blog/how-i-found-the-worst-asp-net-vulnerability-a-10k-bug-cve-2025-55315/
• Medium- and Deep-Dives into the Balancer DeFi hack. Rounding down rather than up.
  • https://blog.trailofbits.com/2025/11/07/balancer-hack-analysis-and-guidance-for-the-defi-ecosystem/
  • https://www.certora.com/blog/breaking-down-the-balancer-hack

Geo-Politics

• [AU] Chinese-made electric buses from Yutong, that caused concern in Denmark and Norway, also sold (maybe different model) into Australia.
  • https://www.abc.net.au/news/2025-11-07/chinese-electric-buses-in-australia-spark-security-concerns/105982738
• [AU/IN] Australia and India co-operation on critical minerals important, in the face of chinese (postponed) restrictions on supply and processing
  • https://www.aspistrategist.org.au/india-australia-engagement-on-critical-minerals-is-evolving-and-expanding/
  • (NYT) https://archive.is/WCsX3
• [CN] Data leak at chinese cybersecurity company "KnownSec". Claims of 12,000 internal documents leaked.
  • (1) https://netaskari.substack.com/p/breaking-knownsec-databreach
  • (2) https://netaskari.substack.com/p/knownsec-breach-what-we-know-so-far
• [RU] Hitting new lows - Russia's ongoing targeting of Ukrainian power infrastructure, to knock out civilian heating, as Winter sets in.
  • https://therecord.media/russian-missile-barrage-disrupts-internet-ukraine
  • https://x.com/netblocks/status/1987093802549739842
• [US] Government funding should hopefully resume shortly, and bring with it a return of some cyber-security measures, including the (threat intel) sharing act. However, the current resolution only pushes out times to January 2026. The major sticking point - "Affordable Care Act" (healthcare tax subsidies) - has not been resolved, so things may grind to a halt again at the end of January.
  • https://www.theregister.com/2025/11/10/federal_cybersecurity_funding_set_to_resume/
  • https://therecord.media/cisa-2015-information-sharing-law-renewal-bill-ending-shutdown

Privacy

• Background piece on why commercial spyware gets abused by governments
  • https://techcrunch.com/2025/11/10/why-a-lot-of-people-are-getting-hacked-with-government-spyware/
• [EU] Draft changes to GDPR, to make it easier for AI

Draft changes would create new exceptions for AI companies that would allow them to legally process special categories of data (like a person’s religious or political beliefs, ethnicity or health data) to train and operate their tech.

The EU had been “engaging” with the Trump administration on adjustments to the AI act and other digital regulations as part of its wider simplification process, a senior EU official told the Financial Times.

• https://www.politico.eu/article/brussels-knifes-privacy-to-feed-the-ai-boom-gdpr-digital-omnibus/
• (Financial Times) https://archive.li/wXvoR
• [US] California looking to expand data privacy and whistleblower protection. Current privacy protection only covers deletion of first-party collected data, proposal is to expand to data obtained from third-parties as well. Whistleblowers "to share a portion of an administrative fine", and be covered by "protections from retaliation available in the Labor Code".
  Finally - making it easier to submit Consumer Privacy Requests, expanding beyond the current single-channel requirement of an email address, to more options, such as webforms.
  • https://www.cppa.ca.gov/meetings/materials/20251107_item_2_legis_update_and_agency_prop_memo.pdf
  • https://therecord.media/california-data-privacy-agency-whistleblower-protections-proposal
• [US] New York algorithmic pricing law now in effect - businesses must disclose if they're altering the price based upon the customer
  • https://therecord.media/enforcement-begins-new-york-pricing-law

AI

• Agentic AI needs more infrastructure, more run-budget, more integration...and don't forget the security problems still haven't been fixed.
  • https://www.cybersecuritydive.com/news/AI-agent-infrastructure-enterprise-demand-SPGlobal-data/805099/
  • (FastCompany - AI Spending is replacing humans, not AI Bots) https://archive.li/9sdT5
• Microsoft looks set to launch their own autonomous agents, complete with their own identities (to make them look more human?). Pricing looks set to be consumption-based, so predicting costs may be hard.
  From a security perspective, this does not sound well thought-out. Remember Simon Willison's Lethal Trifecta - Access to Private Data ✔️, Exposure to Untrusted Content (Teams/Email)✔️, Ability to Externally Communicate (Teams/Email)✔️.

Agentic Users are a new class of AI that operate as independent users within the enterprise workforce. Each embodied agent has its own identity, dedicated access to organizational systems and applications, and the ability to collaborate with humans and other agents. These agents can attend meetings, edit documents, communicate via email and chat, and perform tasks autonomously.

• https://www.microsoft.com/en-US/microsoft-365/roadmap?filters=&searchterms=518220
• https://www.theregister.com/2025/11/10/microsoft_agentic_users_a365/
• https://cloudywithachanceoflicensing.com/2025/11/06/microsoft-agent-365-what-we-know-so-far/
• Good for a laugh - Cisco moving beyond an 8b model, up to a massive 17b params. They've also updated SecureBERT (The BERT model was released by Google back in 2018).
  • https://www.theregister.com/2025/11/10/cisco_new_17bn_parameter_model/