Cyber News 14NOV2025
General
- Operation Endgame, Season 3 - confirmed that the Rhadamanthys takedown was part of the operation.
"The actions targeted one of the biggest infostealers Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime."
- https://www.operation-endgame.com/
- https://www.europol.europa.eu/media-press/newsroom/news/end-of-game-for-cybercrime-infrastructure-1025-servers-taken-down
- (Full of report-worthy graphics) https://www.shadowserver.org/news/rhadamanthys-historical-bot-infections-special-report/
- https://www.bleepingcomputer.com/news/security/police-disrupts-rhadamanthys-venomrat-and-elysium-malware-operations/
- https://therecord.media/operation-endgame-cybercrime-takedowns-rhadamanthys-venomrat-elysium
- https://www.theregister.com/2025/11/13/rhadamanthys_takedown/
- Brian Krebs write-up on Google's efforts against Lighthouse (aka Smishing Triad) mentioned yesterday.
- Teams to allow blocking of screen-capture for Premium users - annoying for vendor demos if (explicitly) enabled.
- Attackers are getting smarter - using browser full-screen-mode to make clickfix more believable.
- An interesting alternate approach to paying attacker demands - donate the requested amount to cyber-crime research instead.
"We will be donating the ransom amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to support their research in the fight against cybercrime"
- https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion
- https://www.theregister.com/2025/11/13/ransomed_cto_refuses_extortion_demand/
- Washington Post added to list of Oracle e-Business Suite victims
- [US] CISA's back operating again - starting with updated Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs) for the Akira ransomware group.
- [US] Department of Justice to target Scam Centres, such as those running in Myanmar and Cambodia. The strike force has already seized more than US$400m in crypto-currency.
Getting Techy
- Botnets in unusual places - a "digital picture frame"
- Anti-virus de-obfuscation logic goes a bit far, and runs the obfuscated code
- MS Defender has Low Fidelity detections, that create telemetry data, but no local actions. Need to know more!
Geo-Politics
- [KZ] Kazakhstan falls to new low, implements anti-LGBTQ+ laws
Privacy
- [UK] Monitoring VPN usage after introducing age verification laws (Online Safety Act).
- [US] More attacks on user privacy - after discovering that people are using VPNs to bypass age bans, parts of the US are moving to ban VPNs
- [US] Potential privacy win against a US data-broker, not allowed to profit off location data.
- https://therecord.media/data-broker-kochava-business-change
- (Earlier coverage with more case details) https://therecord.media/ftc-complaint-against-kochava-unsealed
AI
- Surprise - AI startups aren't great at security. Wiz finds 65% of their sample had leaked secrets on GitHub.