Quantum Route Redirect PhaaS Targets Microsoft 365 Users Worldwide

,

Quantum Route Redirect, a new phishing automation platform, uses around 1,000 domains to steal Microsoft 365 credentials, primarily targeting users in the U.S. It automates phishing attacks by routing victims to malicious sites through deceptive emails. The kit is designed for ease of use, even for less skilled attackers, and incorporates mechanisms to evade detection by automated security tools. Security analysts recommend implementing robust URL filtering to combat this threat.

https://www.bleepingcomputer.com/news/security/quantum-route-redirect-phaas-targets-microsoft-365-users-worldwide/

GlassWorm Malware Discovered in Three VS Code Extensions With Thousands of Installs

GlassWorm Malware targets VS Code via three malicious extensions, harvesting credentials and using invisible code to spread. Despite attempts to remove it, the campaign persists, affecting various regions, including government entities. The malware showcases evolving attack techniques, such as utilizing blockchain for command/control. Security researchers identified a Russian-speaking attacker behind it, indicating significant risks to organizations using affected tools.

https://thehackernews.com/2025/11/glassworm-malware-discovered-in-three.html

America’s Cybersecurity Defenses Are Cracking

CISA's role in US cybersecurity is diminished due to staffing cuts, reassignments, and politicization, leading to a loss of trust among state officials like Arizona's Secretary of State, who now hesitate to engage with the agency. This situation jeopardizes cybersecurity efforts, especially for critical infrastructure, as agencies are wary of sharing sensitive information. Historically, CISA provided vital support for election security and other sectors, but recent developments have created significant vulnerabilities in the nation's defenses.

https://www.theverge.com/policy/816882/cisa-cybersecurity-elections-infrastructure-shutdown

Afterpay Confronts New Fraud Type

Fraudsters are colluding as fake merchants and consumers to exploit Afterpay's buy now, pay later services, leading to significant losses. This emerging fraud type leverages synthetic identities and artificial intelligence to create false profiles. Experts warn that as buy now, pay later options expand to high-ticket items, such scams may increase, making it critical for payment services to enforce stringent checks on merchants.

https://www.paymentsdive.com/news/afterpay-confronts-new-fraud-type/805103/

Better Business Bureau Issues Warning About ‘ghost Tapping’ Scam. Here’s Why You May Not Even Be Aware if You’ve Been a Victim of This Trend

,

Ghost tapping scam exploits contactless payments. Scammers charge unsuspecting victims large amounts through “tap-to-pay” without consent. Methods include bumping into people or posing as vendors. Victims may not realize until seeing charges. Stay vigilant: use RFID-blocking wallets, verify merchants, enable transaction alerts, and report suspicious activity swiftly.

https://moneywise.com/news/better-business-bureau-issues-warning-about-ghost-tapping

5 Reasons Why Attackers Are Phishing Over LinkedIn

,

LinkedIn phishing is rising, with 34% of attacks occurring outside email. Key reasons include:

  1. Bypasses traditional security tools since LinkedIn DMs evade email security protections.
  2. Cheap and easy for attackers, leveraging legitimate account hijacking.
  3. Facilitates targeting high-value individuals due to easy reconnaissance.
  4. Users more likely to trust messages from familiar contacts.
  5. Potential rewards are high because breaches can compromise core business accounts and data.

Organizations must adapt security to guard against these threats across multiple channels, not just email.

https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/

Synthetic Identity Theft On The Rise

,

Synthetic identity theft, a growing credit card fraud method, involves creating fake identities rather than stealing existing ones. This rise follows the Equifax data breach, exposing personal information of 143 million consumers. Reports show this fraud accounts for up to 20% of unpaid credit card loans and cost banks over $6 billion in 2016. Law enforcement is now focusing on this issue as banks face increasing concerns over synthetic fraud.

https://www.pymnts.com/news/security-and-risk/2017/synthetic-identity-theft-equifax/

Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATT&CK Framework

Summary: Google's report predicts AI will fundamentally change cybersecurity in 2026, with AI tools becoming standard for both attackers and defenders. MITRE updates its ATT&CK framework to address new threats, including for Kubernetes and cloud databases. McKinsey advises treating autonomous AI as “digital insiders” to mitigate risks. Agencies warn about vulnerabilities in on-prem Exchange servers, urging immediate patching, while the CIS updates benchmarks for software security configurations.

https://securityboulevard.com/2025/11/cybersecurity-snapshot-ai-will-take-center-stage-in-cyber-in-2026-google-says-as-mitre-revamps-attck-framework/

12 Steps You Can Take Right Now to Be Safer Online

12 cybersecurity tips:
1. Install updates immediately for software security.
2. Use strong passwords; consider a password manager.
3. Set up two-factor authentication to add security layers.
4. Backup data using the 3-2-1 rule to combat ransomware.
5. Recognize social engineering tactics to spot scams.
6. Check links before clicking to avoid malware.
7. Limit personal information shared online to reduce risks.
8. Use a VPN to protect your online identity.
9. Conduct regular virus scans for malware detection.
10. Utilize email maskers and private search engines for privacy.
11. Employ data removal services to manage personal information usage.
12. Maintain physical security of devices to prevent unauthorized access.

https://www.engadget.com/cybersecurity/12-steps-you-can-take-right-now-to-be-safer-online-130008335.html

DDoS Attacks Dominate as Hacktivists Target Public Sector

EU public administrations face increasing DDoS attacks from hacktivists, per an ENISA report. Central government targets account for 69% of incidents, with DDoS attacks making up 60%. Public sector vulnerability is high due to sensitive data management. Recommendations for resilience under NIS2 Directive include implementing CDNs, multi-factor authentication, and cross-border preparedness to safeguard essential services and public trust.

https://www.digit.fyi/enisa-cyber-report/

Understanding Prompt Injections: a Frontier Security Challenge

,

Prompt injection is a security challenge in AI, where attackers manipulate AI responses using malicious instructions in user inputs. As AI gains more capabilities and access to sensitive data, protecting users from these risks is crucial. OpenAI employs a multi-layered defense approach, including safety training, monitoring, security protections, user controls, red-teaming, and a bug bounty program. Users are advised to limit data access, verify agent actions, provide explicit instructions, and stay informed about security. Ongoing research aims to enhance AI robustness against these attacks and ensure safe interactions.

https://openai.com/index/prompt-injections/

Death by a Thousand Prompts: Open Model Vulnerability Analysis

,

TLDR: Cisco's analysis of open-weight AI models shows high vulnerability to multi-turn attacks, with success rates significantly higher than single-turn, risking data integrity and security. Evaluations of major models reveal gaps related to alignment strategies, emphasizing the need for stronger safety protocols and the adoption of proactive security measures in AI deployments.

https://blogs.cisco.com/ai/open-model-vulnerability-analysis

Cloudflare Scrubs Aisuru Botnet From Top Domains List

Cloudflare removed Aisuru botnet domains from its top websites list after they manipulated rankings by usurping major sites like Amazon and Google. Aisuru, a growing botnet exploiting IoT devices, redirected traffic to Cloudflare's DNS services. Concerns arose over domain credibility, prompting Cloudflare to partially redact malicious domains. Experts criticized Cloudflare's ranking integrity, emphasizing the need to separate malicious domains to maintain trust. Aisuru continues to operate mainly through .su domains, raising security alarms as it impacts DNS traffic significantly.

https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/

Gootloader Malware Is Back With New Tricks After 7-month Break

Gootloader malware has returned after a 7-month hiatus, using SEO tricks to promote fake websites that distribute malicious files. It tricks users into downloading harmful documents, often disguised as legal templates, to install additional malware like ransomware. Researchers have discovered new techniques to evade detection, including obfuscating filenames and using malformed ZIP archives. Users are cautioned to avoid suspicious sites when searching for legal documents.

https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/

Scroll to Top