Cyber News 18NOV2025

General

• Software engineering practices at Microsoft are clearly improving. This time, the M365 desktop app failing due to updated authentication components. There was also another M365 bug, an Intune bug, a bug with Win10 ESU...and that's just in the last week.
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-bug-blocks-microsoft-365-desktop-app-installs/
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-kb5068781-esu-update-may-fail-with-0x800f0922-errors/
• Washing phishing attacks through Entra ID invites, to give a patina of legitimacy (emails come from a valid microsoft.com address). Microsoft only adds a small disclaimer to the invites.
  • https://taggart-tech.com/entra-toad/
• Sticking with the use of legitimate services to mask phishing - the DoorDash vulnerability mentioned last week (11NOV2025) has turned messy.
  • https://www.bleepingcomputer.com/news/security/doordash-email-spoofing-vulnerability-sparks-messy-disclosure-dispute/
• More fallout from Operation Endgame - CrazyRDP loses its servers. Appears to be 'thousands of virtual servers' (which explains the original headlines "Thousands of servers seized...") on ~250 servers.
  • https://www.bleepingcomputer.com/news/security/dutch-police-seizes-250-servers-used-by-bulletproof-hosting-service/
  • (Dutch) https://www.politie.nl/nieuws/2025/november/14/02---duizenden-servers-in-beslaggenomen-in-omvangrijk-cybercrime-onderzoek.html
• Remember the July 2020 take-over of high-profile Twitter accounts....that was then just used for lame crypto-currency scams? Perpetrator - already jailed in the US - has been ordered by a UK court to repay £4.1m worth of Bitcoin.
  • https://www.itnews.com.au/news/uk-twitter-hacker-ordered-to-repay-83-million-in-bitcoin-621864
  • https://www.theregister.com/2025/11/17/cps_41m_crypto_twitter/
• [AU] Azure Australia hit with 15Tbps DDoS. Reported as "launched from over 500,000 source IPs"...but it was a UDP-flood, so source-IP spoofing is trivial. Unclear how Microsoft are asserting "minimal source spoofing".
  • https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-aisuru-botnet-used-500-000-ips-in-15-tbps-azure-ddos-attack/
• [AU] Outdated mobile software blocks emergency calling - leading to a death. Samsung phone, on TPG-based networks (inc. Lebara)
  • https://www.abc.net.au/news/2025-11-18/nsw-tpg-telecom-sydney-person-samsumg-triple-0-death/106021692
• [EU] Europol Internet Referral Unit going after extremist content on gaming/gaming-related platforms.
  • https://www.europol.europa.eu/media-press/newsroom/news/europol-and-partner-countries-combat-online-radicalisation-gaming-platforms
  • https://www.theregister.com/2025/11/17/game_over_europol_storms_gaming/

Getting Techy

• Interview with a car hacker (more background than tech).
  • https://therecord.media/car-hacking-interview-kamel-ghali-click-here-podcast
• 🤦🏻‍♀️Getting access to an admin-panel shouldn't be this easy - Cracker Barrel rewards.
  • https://eaton-works.com/2025/11/17/cracker-barrel-hack/
• [RU] Bullet-proof hosting provider Stark Industries, sanctioned by EU, just moved to a new name and new Autonomous System Number (ASN)
  • https://www.greynoise.io/blog/stark-industries-shell-game

Geo-Politics

• [US] CISA looking to rebuild again after recent staff losses
  • https://www.cybersecuritydive.com/news/cisa-hiring-workforce-strategy/805733/

Privacy

• [US] More privacy-invading tech from ICE - going from a licence-plate, deep into the data from data-brokers.

"capabilities allow for predicting where a car may travel in the future, and also can collect face scans for facial recognition."
" can look at license plate results in a specific location across time, to see what other vehicles had been there."
"combines data from across public records and the web. That can include details on phone numbers, addresses, associates, and social media activity...also contains driver license data, credit header data from Experian (which is the personal information, such as addresses, at the top of a credit report), marriage records, vehicle registrations, voter registrations, and much more."

• (404 Media) https://archive.is/LGkVd
• [US] Government Accountability Office (GAO) finds DoD needs to do more to stop data leaking into the public space, e.g. social media. Funnily enough, part of the problem is data-brokers, like the ones used by ICE.

"Massive amounts of traceable data about military personnel and operations now exist due to the digital revolution. When aggregated, these "digital footprints" can threaten military personnel and their families, operations, and ultimately national security."

• https://www.gao.gov/products/gao-26-107492
• https://www.theregister.com/2025/11/17/pentagon_soldiers_secrets_socials_whoops/

AI

• OpenAI breaks through one of the key LLM barriers to progress.

"If you tell ChatGPT not to use em-dashes in your custom instructions, it finally does what it’s supposed to do!”

• https://arstechnica.com/ai/2025/11/forget-agi-sam-altman-celebrates-chatgpt-finally-following-em-dash-formatting-rules/
• Leaking Sora's system prompt, through video of text, video of encodings such as QR codes, audio.
  • https://mindgard.ai/resources/openai-sora-system-prompts