Daily Cybersecurity Briefing – 11 November 2025
Aleksei Volkov, a Russian national, pleaded guilty to operating as an initial access broker for the Yanluowang ransomware group, which targeted multiple United States companies between 2021 and 2022. Court filings indicate he gained unauthorised access to victim networks and sold those credentials for ransom proceeds.
The Cybersecurity and Infrastructure Security Agency (CISA) directed all federal agencies to patch a Samsung zero-day actively exploited in LandFall spyware attacks against WhatsApp users. The flaw enabled remote monitoring on affected Android devices.
Researchers from Volexity linked new spear phishing operations to China-aligned threat group UTA0388, using artificial intelligence tools to craft more convincing phishing messages. Simultaneously, a new phishing-as-a-service platform named Quantum Route Redirect was discovered targeting Microsoft 365 users worldwide via over 1,000 malicious domains.
A report by Wiz revealed that 65% of leading artificial intelligence firms leaked sensitive credentials and model data through GitHub repositories. Exposed secrets potentially compromise proprietary assets valued at hundreds of billions of dollars.
Cybersecurity researchers identified the GlassWorm malware spreading through compromised Visual Studio Code extensions, infecting thousands of developer systems. Meanwhile, ClickFix-style phishing attacks resurfaced, targeting hotels with PureRAT malware delivered through malicious emails.
The Open Worldwide Application Security Project (OWASP) updated its Top 10 web application risks, adding two new categories reflecting emerging threats in application security. Additionally, Mozilla enhanced its Firefox 145 release with stronger anti-fingerprinting protections to bolster online privacy.
Today's advisories highlight multiple high-severity vulnerabilities across the Linux kernel, Red Hat, and Ubuntu, including the VMSCAPE flaw affecting virtualised environments. Critical issues were also patched in Samba, Samsung Android (actively exploited), and Intel microcode, while coordinated updates spanned Python, OpenSSL, and libTIFF, indicating a broad focus on foundational open-source components.
Highlights of the day:
GlassWorm resurfaces via infected OpenVSX extensions: new wave compromises three developer plugins and GitHub repos, using hidden Unicode and Solana blockchain C2; victims include a Middle Eastern government entity.
Booking.com phishing hijacks hotel accounts worldwide: attackers abused legitimate business logins to send PureRAT-laced messages to guests, enabling large-scale credential theft and financial fraud.
OWASP updates Top 10 for 2025: revised list introduces “Software Supply Chain Failures” and “Insecure Design” while reaffirming “Broken Access Control” as the top web application risk.
AI firms leak secrets on GitHub: Wiz found 65% of Forbes AI 50 companies exposed API keys and credentials across deleted forks and personal repos, revealing weak secrets management.
Russian hacker admits role in Yanluowang ransomware: Aleksei Volkov pleaded guilty in the US to selling stolen access and laundering ransom payments, facing prison and $9.1 million restitution.
Source: CyberSecBrief
