Cyber News 28NOV2025

General

• Running something based upon Next.js? Make sure it's patched... memory-consumption based Denial-of-Service in pre 13OCT2025 versions (patched in 15.5.5), due to an unbounded memory copy.
  • https://www.harmonyintelligence.com/taking-down-next-js-servers
• ZenDesk typo-squatting - the next Scattered Lapsus$ Hunters target?

identified Zendesk-related domains, including more than 40 typosquatted domains and impersonating URLs, created within the past six months.

• https://reliaquest.com/blog/zendesk-scattered-lapsus-hunters-latest-target/
• https://www.theregister.com/2025/11/27/scattered_lapsus_hunters_zendesk/
• Mixpanel SMishing campaign - not entirely clear whether it was a Mixpanel staff member, or customers that were initially compromised. OpenAI one of those caught up in the attack (API frontend only, not ChatGPT).
  • https://mixpanel.com/blog/sms-security-incident/
  • (OpenAI) https://archive.is/V94Qa
  • https://www.theregister.com/2025/11/27/openai_mixpanel_api/
• Long-tail of ransomware disruption - Asahi "aims to normalise logistical operations by February next year after a cyberattack in late September forced widespread suspension"
  • https://www.itnews.com.au/news/asahi-aims-to-restore-logistics-by-february-following-cyberattack-622127
  • https://www.theregister.com/2025/11/27/asahi_ransomware_numbers/
• In Scotland, an even longer tail... two-years later, not fully rebuilt, recommend cybersecurity improvements not implemented.

Systems for housing benefits, council tax, and non-domestic rates remain unrestored, with their large data volumes slowing the digital renovation, the audit noted.
At the time of the Comhairle's ransomware attack, the audit notes that five out of the total 17 IT positions at the council were vacant

• https://www.theregister.com/2025/11/27/western_isles_ransomware_council/

Getting Techy

• Nerdy live thread, pulling apart Cellebrite artefacts found on a seized phone.
  • https://donotsta.re/notice/B0etpuWyWytSdbRnTU

Geo-Politics

• [PL] Infuriating lack of information - Russian hacker, suspected of breaking into some databases, has been arrested in Poland. Announced by Polish Interior Minister Kierwinski.

"Police officers in Krakow have detained a Russian citizen suspected of serious crimes related to unauthorized interference in the IT systems of Polish companies...He breached their security to gain access to databases. He was temporarily arrested"

A more detailed statement from the Krakow prosecutor’s office said the suspect allegedly hacked into an online retailer’s systems without authorization and manipulated its databases in ways that could have disrupted operations and endangered customers.

• https://www.reuters.com/world/poland-arrests-russian-suspected-hacking-polish-companies-2025-11-27/
• https://therecord.media/poland-detains-russian-citizen-accused-of-hacks
• [MY] Malaysia set to follow Australia's lead in banning under-16's from social media.

the cabinet has decided that children younger than 16 will not be allowed to open social media accounts. ... Malaysia is studying mechanisms used in other countries, including Australia

• (Nikkei Asia) https://archive.is/bQuZb
• [EU] Calls for a softer age-ban in Europe

The European Parliament on Wednesday called for a Europe-wide minimum threshold of 16 for minors to access social media without their parents’ consent

• https://www.politico.eu/article/european-parliament-backs-minimum-age-of-16-for-social-media/
• [US] A bleak look at the maintenance and repair of undersea cables.
  • https://www.lawfaremedia.org/article/the-subsea-sputnik-moment