Cyber News 19NOV2025

General

• Cloudflare Outage, lasting just under 6-hours end-to-end

A Cloudflare spokesperson said the “root cause” of the outage was an automatically generated configuration file used to manage threat traffic that “grew beyond an expected size of entries,” which triggered a crash in the software system that handles traffic for several of its services.

“In short, a latent bug in a service underpinning our bot mitigation capability started to crash after a routine configuration change we made. That cascaded into a broad degradation to our network and other services. This was not an attack”

• (UPDATE - RCA) https://blog.cloudflare.com/18-november-2025-outage/
• https://www.cloudflarestatus.com/incidents/8gmgl950y3h7
• https://x.com/dok2001/status/1990791419653484646?s=46
• https://www.bbc.com/news/articles/c629pny4gl7o
• https://www.bleepingcomputer.com/news/technology/cloudflare-hit-by-outage-affecting-global-network-services/
• https://www.cnbc.com/2025/11/18/cloudflare-down-outage-traffic-spike-x-chatgpt.html
• https://techcrunch.com/2025/11/18/cloudflare-blames-massive-internet-outage-on-latent-bug/
• Actively exploited Chrome vulnerability in the V8 JavaScript engine, report from Google TAG.
  • https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
  • https://www.bleepingcomputer.com/news/security/google-fixes-new-chrome-zero-day-flaw-exploited-in-attacks/
  • https://www.theregister.com/2025/11/18/google_chrome_seventh_0_day/
• If you needed any more reasons to get rid of password - younger generations are getting worse, not better
  • https://www.theregister.com/2025/11/18/zoomer_passwords/
• [AU] Optus fined AU$826k for identity-verification failures during number porting for its Coles-branded product. Australian Communications and Media Authority (ACMA) found that Optus contravened "Mobile Number Pre-Porting Additional Identity Verification" requirements of the Telecommunications Industry Standard 2020.

"Optus did not complete any of the identify verification processes under subsection 8(2) for 44 mobile service numbers ported to it in the Relevant Period through its online form."

• https://www.acma.gov.au/sites/default/files/2025-11/Final%20findings%20investigation%20report%20-%20Optus%20Mobile%20Pty%20Limited_Redacted.pdf
• https://www.itnews.com.au/news/optus-takes-826000-hit-for-anti-scam-breaches-621882
• [KO] Akira ransomware hits LG's battery subsidiary
  • https://therecord.media/lg-energy-solution-ransomware-incident-battery-maker
• [RU] Provider of web surveillance tech 'Protei' has website defaced, and 182GiB of data (inc. emails) dumped. DDoS says "238GB"
  • https://techcrunch.com/2025/11/17/surveillance-tech-provider-protei-was-hacked-its-data-stolen-and-its-website-defaced/
  • https://ddosecrets.com/article/protei
• [RU] Russian detained in Thailand identified as "Denis Obrezko", a member of Void Blizzard / Laundry Bear. Void Blizzard was reported by Microsoft as:

"targeting organizations that are important to Russian government objectives. These include organizations in government, defense, transportation, media, NGOs, and healthcare, especially in Europe and North America."

• https://therecord.media/russian-arrested-thailand-allegedly-void-blizzard-apt-member
• https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/
• [US] HOPE (Hackers On Planet Earth) conference kicked out of their venue at St. John's University for apparent "anti-police agenda".
  • https://www.404media.co/hope-hacking-conference-banned-from-university-venue-over-apparent-anti-police-agenda/
• [US] FCC to vote on winding back earlier interpretation of section 105 of CALEA (Communications Assistance for Law Enforcement Act - aka wiretapping) as requiring providers to improve their cyber-security. This interpretation was brought in to fight Salt Typhoon attacks on TelCos.
  • https://www.theregister.com/2025/11/18/fcc_salt_typhoon_rules/

Getting Techy

• The DFIR Report has dropped their latest walkthrough - RDP access with known creds, temp.sh data exfiltration, deploying Lynx ransomware. Veeam backup was installed, so that may be the original source of the Domain Admin credentials used.
  • https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware/
• Reversing the Shelly Pro 4M, to find vulnerabilities. A JSON-parsing library (Frozen) doesn't limit memory allocation (malloc). TL;DR - upgrade to 1.6.0+ firmware, keep these devices on a separate VLAN.
  • https://www.nozominetworks.com/blog/shelly-pro-4pm-vulnerabilities
• [VN] Inside a residential-proxy supplier, the warehouse-datacentre is pretty interesting.
  • https://www.qurium.org/alerts/proxy-vns-hidden-tin-roof-datacenter/

Geo-Politics

• [UK] MI5 warns of chinese targeting of MPs, and those working for them, over LinkedIn.

"Our intelligence agencies have warned that China is attempting to recruit and cultivate individuals with access to sensitive information about Parliament and the UK government."

• https://www.bbc.com/news/articles/c4gpnz05kr8o
• https://therecord.media/mi5-warns-chinese-spies-using-linkedin-lawmakers
• [US] House votes almost unanimously to make justice department release the Epstein files - 427 to 1. Passes Epstein Transparency Act with "unanimous consent".
  • https://www.bbc.com/news/live/cvgmrrrrlvmt

Privacy

• WhatsApp profile data vulnerable to brute-force scanning of all possible numbers

"Austrian researchers have now shown that they were able to use that simple method of checking every possible number in WhatsApp's contact discovery to extract 3.5 billion users’ phone numbers from the messaging service. For about 57 percent of those users, they also found that they could access their profile photos, and for another 29 percent, the text on their profiles."

• (Research Paper) https://github.com/sbaresearch/whatsapp-census/blob/main/Hey_there_You_are_using_WhatsApp.pdf
• (Earlier research - 2017) https://archive.is/3GYNm
• (Wired) https://archive.is/85pog
• [US] EFF (Electronic Frontier Foundation) fighting back against Flock ALPR (Automated Licence Plate Recognition) surveillance
  • https://www.eff.org/press/releases/lawsuit-challenges-san-joses-warrantless-alpr-mass-surveillance
  • https://www.eff.org/files/2025/11/18/siren_v._san_jose_-_filed_complaint.pdf
  • https://www.404media.co/aclu-and-eff-sue-a-city-blanketed-with-flock-surveillance-cameras/
  • https://deflock.me/map
• [US] If CBP (Customs and Border Protection) impounds your device, just use your contacts in the White House to intervene.
  • https://www.propublica.org/article/andrew-tate-investigation-dhs-paul-ingrassia

AI

• Google have released Gemini 3, with both normal and "Deep Think" modes. It's a Mixture of Experts (MoE) model. Biggest upgrade appears to be in visual understanding.
  Knowledge cut-off: January 2025
  Tool support: yes
  Input types: text, image, audio, video
  Input limit: 1 million tokens
  Output types: text
  Output limit: 64 thousand tokens
  • https://blog.google/products/gemini/gemini-3/
  • https://storage.googleapis.com/deepmind-media/Model-Cards/Gemini-3-Pro-Model-Card.pdf
  • https://blog.google/products/gemini/gemini-3-collection/
• More warnings about the AI spending/"investment" bubble, this time from Alphabet CEO Sundar Pichai.

"I think no company is going to be immune, including us"

• https://www.bbc.com/news/articles/cwy7vrd8k4eo
• https://arstechnica.com/ai/2025/11/googles-sundar-pichai-warns-of-irrationality-in-trillion-dollar-ai-investment-boom/
• Billionaire Peter Thiel dumped all of his Nvidia stock: https://ca.investing.com/news/stock-market-news/peter-thiel-dumps-entire-nvidia-stake-slashes-tesla-holdings-amid-bubble-fears-4320129
• xAI also released an update for Grok - 4.1 and 4.1 Thinking. Reported benchmarks focus on text/chat capabilities, rather than the coding/agentic focus of other models (such as Claude, GPT5.1 and Gemini 3). Biggest result is hallucination rate, down from 12.09% (Grok 4 Fast, Non-Reasoning) to 4.22% (Grok 4.1, Non-Reasoning).
  • (xAI) https://archive.is/7WZ87
  • https://data.x.ai/2025-11-17-grok-4-1-model-card.pdf
  • https://www.bleepingcomputer.com/news/artificial-intelligence/xais-grok-41-rolls-out-with-improved-quality-and-speed-for-free/
• Microsoft's Security Copilot is selling so well, they're bundling it with E5, "activated through a phased roll-out in the upcoming months"
  • https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-security-copilot-with-microsoft-365-e5/
  • https://learn.microsoft.com/en-us/copilot/security/security-copilot-inclusion
• [CN] In news that should surprise few - if any - an analysis of chinese GenAI mobile apps, finds multiple issues with the security and privacy of all those tested.

"All the China-made apps were found requesting their users' access to location data, collecting screenshots, forcing users to accept unreasonable privacy terms, and harvesting device parameters."

• https://focustaiwan.tw/cross-strait/202511160005