Tracking Threats, Incidents, and Vulnerabilities
Tracking Threats, Incidents, and Vulnerabilities
Mac users targeted by fake LinkedIn job offers to download Flexible Ferret malware via counterfeit software updates. Attackers impersonate recruiters to steal passwords and gain covert access through a backdoor. Individuals are advised to keep software updated, avoid running unverified commands, use real-time anti-malware, and verify sender authenticity to stay safe.
JSONFormatter and CodeBeautify leaks expose thousands of sensitive data, including passwords and API keys. Research identified over 80,000 files revealing credentials from sectors like government and finance. Both tools allowed users to store and share links, making sensitive data accessible to malicious actors. The tools' functionality has been temporarily disabled amid security concerns, as organizations are warned against using such platforms for sensitive information.
https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html
New ClickFix campaign mimics Windows updates to distribute malware. Attackers use fake update screens prompting users to run commands, leading to infections via steganography embedded in images. Users are urged to be cautious with commands from untrusted sources, limit copy-pasting, and utilize antivirus software for protection.
SLSH (Scattered LAPSUS$ Hunters) has resumed activities with claims of accessing Salesforce data through a Gainsight breach, threatening to leak information and demanding ransom before a self-imposed deadline. Their new ransomware, “ShinySp1d3r,” currently targets Windows, with plans for broader compatibility. Additionally, there are reports of insider recruitment attempts and involvement in significant data theft on a large scale. With a volatile holiday season approaching, cybersecurity vigilance is critical as SLSH escalates their threats, fostering concerns for various organizations.
https://unit42.paloaltonetworks.com/new-shinysp1d3r-ransomware/
Rey, admin of the notorious cybercriminal group “Scattered LAPSUS$ Hunters” (SLSH), has been identified following an interview where he confirmed his real identity. SLSH, comprising three hacking groups, has extorted major corporations through social engineering, including companies like Toyota and FedEx. Rey previously managed data leak operations for other ransomware groups and recently launched a new ransomware service called ShinySp1d3r. Despite initially engaging in cybercrime, Rey, now 15, claims to be trying to distance himself from the criminal activities and has communicated with law enforcement about his involvement. His digital footfalls, however, led to his identification.
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
WormGPT 4, a malicious AI tool, costs $220 for lifetime access, allowing cybercriminals to easily generate malware and phishing attempts without requiring extensive technical knowledge. This AI can create ransomware scripts and other malicious code, significantly lowering entry barriers for attackers. Another model, KawaiiGPT, is free and also capable of producing harmful scripts, exemplifying the growing accessibility of malicious AI tools.
https://www.theregister.com/2025/11/25/wormgpt_4_evil_ai_lifetime_cost_220_dollars/
Mirai-based botnet ShadowV2 emerged during an AWS outage, infecting IoT devices globally and potentially testing for future attacks, as reported by Fortinet. It exploited device vulnerabilities to orchestrate DDoS attacks, affecting 28 countries across various sectors. Although its activity was limited to the outage period, it highlights ongoing IoT security weaknesses, prompting calls for better device protection and monitoring.
https://www.theregister.com/2025/11/26/miraibased_botnet_shadowv2/
CISOs and security experts debunk common cybersecurity myths affecting everyday individuals and small businesses, advocating for updated, fact-based guidance. They criticize outdated advice like avoiding public WiFi and regularly changing passwords, instead suggesting practical measures such as keeping devices updated, using multi-factor authentication, and employing password managers. They call on software manufacturers to ensure systems are secure by design and support better security practices, urging communicators to promote realistic, effective cybersecurity strategies.
Phishing attacks consistently evade modern enterprise security, according to Okta’s multi-organization study. Even mature companies with advanced defenses remain vulnerable, especially since many do not regularly use phishing-resistant authentication. Attackers rely on widely available proxy tools, and breaches often go undetected until system alerts are triggered. U.S. companies and Office 365 accounts are prime targets. Increased cross-company information sharing shows promise as a defense, but evolving phishing techniques keep the threat persistent.
https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
CISA warns of active spyware campaigns targeting Signal and WhatsApp users, utilizing social engineering and commercial spyware to gain unauthorized access. High-value individuals, including government officials, are primary targets. Notable campaigns exploit app features and security flaws to deploy malware. Users are advised to use encrypted communications, avoid SMS-based MFA, update software, and secure app permissions to enhance safety.
https://thehackernews.com/2025/11/cisa-warns-of-active-spyware-campaigns.html
TL;DR: watchTowr researchers discovered over 80,000 exposed credentials and sensitive data inadvertently shared on online code formatters like JSONFormatter and CodeBeautify, affecting numerous critical sectors. The mishaps illustrate the risks of sharing sensitive information online, demonstrating a lack of understanding of confidentiality practices. Organizations must cease using random platforms for credential storage to mitigate potential threats.
TLDR: Major resurgence of Shai-Hulud malware, now called “Sha1-Hulud: The Second Coming,” compromises over 800 npm packages and tens of thousands of GitHub repos. It embeds credential-stealing payloads and can delete users' home directories if unsuccessful. It exploits GitHub Actions for remote code execution, allowing attackers to run commands through victim accounts. Organizations should scan endpoints, remove affected packages, rotate credentials, and audit workflows to mitigate risks.
Bandana Kaur, an 18-year-old Gen Z cybersecurity specialist, views AI as a tool that transforms, rather than threatens, entry-level cybersecurity roles. While AI automates repetitive work and improves both cyberattack and defense capabilities, creative and complex security work remains a human domain. Kaur notes job market difficulties are more about unrealistic hiring practices than about AI itself. She encourages peers to leverage AI for learning and communication while remaining critical and curious. Her self-taught background and hands-on experience suggest that curiosity and online resources are key for Gen Z entering the field of cybersecurity.
https://www.darkreading.com/cybersecurity-operations/gen-z-cybersecurity-jury-out-ai-impact
Video gaming industry faces significant cyber risks due to rapid growth, attracting cyber criminals. Regulators worldwide are extending critical infrastructure legislation to gaming. This includes the NIS2 Directive and Cyber Resilience Act which impose stringent cybersecurity requirements on game companies. Key risks involve in-game integrity, data breaches, and compliance with regulations like GDPR. Effective cybersecurity measures are essential for legal compliance and to maintain user trust in an evolving digital landscape.
FBI reports over $262M lost to account takeover (ATO) fraud this year, targeting various sectors through social engineering and phishing. Cybercriminals impersonate financial institutions to steal sensitive information and funds. Users are advised to monitor accounts and protect personal information. The rise of AI in phishing tactics is linked to increased holiday scams, with significant vulnerabilities exploited across e-commerce platforms. A shift towards sophisticated purchase scams is noted, involving authorized payments by victims, complicating fraud detection.
https://thehackernews.com/2025/11/fbi-reports-262m-in-ato-fraud-as.html
