Cyber News 27NOV2025

General

• Scattered Lapsus$ Hunters, meet Brian Krebs

the tables seem to have turned somewhat for “Rey,” the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.

• https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
• Entra-ID to get Content Security Policy (CSP) support, just 13 years after support by major browsers. Performed under the banner of Microsoft's Secure Future Initiative, launched at the end of 2023, CSP is set to be rolled out in October 2026.
  Content Security Policy, originally proposed in 2004 under the name Content Restrictions, was rolled out under the current name to Chrome and Firefox in 2013, then Safari in 2015. CSP provides an out-of-band (HTTP Header) mechanism for the website to define where trusted content can come from, fighting Cross-Site-Scripting (XSS) and code-injection attacks.
  • https://www.bleepingcomputer.com/news/microsoft/microsoft-to-secure-entra-id-sign-ins-from-external-script-injection-attacks/
• Be careful what you consume.... M&A's that ingested insecure networks, leading to Akira ransomware.
  • https://reliaquest.com/blog/threat-spotlight-akira-ransomwares-sonicwall-campaign-creates-enterprise-m&a-risk
  • https://www.theregister.com/2025/11/25/akira_ransomware_acquisitions/
• How not to respond to a breach - Gainsight massively downplays the impact.
  Step 1 don't admit you have a problem, or take responsibility
  Step 2 say the numbers are much smaller than credible reporting (e.g. Google TIG)
  Step 3 say it's "an industry wide problem" and not your fault
  • https://www.gainsight.com/blog/supporting-our-customers-and-community-an-update-on-the-recent-security-advisory-related-to-gainsight/
  • https://www.theregister.com/2025/11/26/gainsight_ceos_handful_customers_data_stolen/

Getting Techy

• Supply-Chain attacks turn up everywhere - Python embedded in 3D models for Blender, used to deploy info-stealers.
  • https://www.morphisec.com/blog/morphisec-thwarts-russian-linked-stealc-v2-campaign-targeting-blender-users-via-malicious-blend-files/
  • https://therecord.media/hackers-blender-software-malware

Geo-Politics

• [MM] It looks as though the cinematic destruction of a few buildings in KK Park, was all show. Only a small number of buildings were destroyed, hundreds remain.

Multiple experts tell WIRED that the raids at KK Park and some other scam compounds are likely part of a wider “performative” effort by Myanmar's military government

“All of the critical buildings that you would need to perpetrate the scams are still intact and still ready for use”

• (Wired) https://archive.li/GetUX
• [US] ASX-listed Novonix is aiming to help fix one of the supply-chain weaknesses for batteries - graphite - with a US plant set to be fully operational in 2028.

Graphite, a crystalline form of carbon, is used in a battery's anode to ensure a stable and long charge.

More than 85% of the world's supply of graphite came from China last year

At its maximum capacity, the ASX-listed company is expected to produce 20 kilotons of synthetic graphite, which is equivalent to 10% of the market

• (Nikkei Asia) https://archive.is/NeoBr

Privacy

• [TH] Thailand bans Sam Altman's "Tools for Humanity" company from trading a scan of a person's (highly unique) iris, for some worthless WLD tokens.
  • https://therecord.media/thailand-world-iris-scans-ban
• [US] Jury management system was leaking juror details

To log into these platforms, a juror is provided a unique numerical identifier assigned to them, which could be brute-forced since the number was sequentially incremental. The platform also did not have any mechanism to prevent anyone from flooding the login pages with a large number of guesses, a feature known as “rate-limiting.”

Inside that portal, TechCrunch saw full names, dates of birth, occupation, email addresses, cell phone numbers, and home and mailing addresses....questions asked about the person’s gender, ethnicity, education level, employer, marital status, children, if the person was a citizen, whether they were older than 18, and whether they have been convicted or faced indictment for a theft or felony. 

• https://techcrunch.com/2025/11/26/bug-in-jury-systems-used-by-several-us-states-exposed-sensitive-personal-data/

AI

• More AI use and training, means more data-centres, wiring and power-consumption, leading to higher power costs. It's having a real impact in the US.

Average electricity costs have risen 11 percent since January, more than three times the rate of inflation.

Nearly 1 in 20 households, or about 14 million Americans, were so behind on utility debt that it was reported to collections agencies

• (Washington Post) https://archive.is/Daxp0
• Slop Evader - Search the web like it's 2022 and all of the content is human-generated

Slop Evader was created by artist and researcher Tega Brain, who says she was motivated by the growing dismay over the tech industry’s unrelenting, aggressive rollout of so-called “generative AI”—despite widespread criticism and the wider public’s distaste for it.

• https://www.404media.co/slop-evader-browser-extension-pre-generative-ai-search-filter/