The Friday Wrap up
@thefwu.com
Your daily, and weekly, cybersecurity digest. I curate and categorize the day's and week's top security incidents, vulnerabilities, and threats. Essential intelligence without the overwhelm.
Another week, another supply chain attack. This time: worms, fake Zendesk portals, and code beautifiers that've been hoarding credentials. Plus emergency alerts got ransomed. Full FWU breakdown 👇 #CyberSecurity #FWU #fridaywrapup
Friday Wrap Up: 28 November 2025
This week’s cybersecurity landscape?
open.substack.com
November 28, 2025 at 8:00 PM
Another week, another supply chain attack. This time: worms, fake Zendesk portals, and code beautifiers that've been hoarding credentials. Plus emergency alerts got ransomed. Full FWU breakdown 👇 #CyberSecurity #FWU #fridaywrapup
Microsoft plans to block unauthorized scripts in Windows 2025 for better security. This aims to protect against malware by restricting code execution. It highlights the ongoing focus on enhancing cyber defenses. #CyberSecurity2025
Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft is tightening Entra ID security with CSP updates blocking unauthorized scripts by October 2026.
thehackernews.com
November 28, 2025 at 2:05 PM
Microsoft plans to block unauthorized scripts in Windows 2025 for better security. This aims to protect against malware by restricting code execution. It highlights the ongoing focus on enhancing cyber defenses. #CyberSecurity2025
OpenAI revealed a breach where some API customer data was exposed due to a third-party analytics tool, Mixpanel, being compromised. The leak included user org names and email addresses, but not sensitive data. #DataPrivacy
OpenAI discloses API customer data breach via Mixpanel vendor hack
OpenAI is notifying some ChatGPT API customers that limited identifying information was exposed following a breach at its third-party analytics provider Mixpanel.
www.bleepingcomputer.com
November 28, 2025 at 11:05 AM
OpenAI revealed a breach where some API customer data was exposed due to a third-party analytics tool, Mixpanel, being compromised. The leak included user org names and email addresses, but not sensitive data. #DataPrivacy
Qilin ransomware is targeting South Korean MSPs, using unique TTPs to evade detection. Threat actors may disrupt business operations, raising alarms in the cybersecurity community. Understanding these risks is crucial to better safeguard digital infrastructures. #CyberThreats
Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim 'Korean Leaks' Data Heist
Bitdefender links Qilin ransomware to a South Korean MSP hack that stole 1M files and 2 TB from 28 victims.
thehackernews.com
November 27, 2025 at 2:05 PM
Qilin ransomware is targeting South Korean MSPs, using unique TTPs to evade detection. Threat actors may disrupt business operations, raising alarms in the cybersecurity community. Understanding these risks is crucial to better safeguard digital infrastructures. #CyberThreats
Comcast will pay $15 million after a third-party vendor breach exposed data of 270,000 customers, raising concerns about how companies secure their partners. #databreach
Comcast to pay $1.5M fine for vendor breach affecting 270K customers
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
www.bleepingcomputer.com
November 27, 2025 at 11:05 AM
Comcast will pay $15 million after a third-party vendor breach exposed data of 270,000 customers, raising concerns about how companies secure their partners. #databreach
A dangerous malware named JackFix tricks users with fake Windows updates to steal data. It shows how hackers continuously innovate to bypass security measures. #MalwareThreats
JackFix Uses Fake Windows Update Pop-Ups on Adult Sites to Deliver Multiple Stealers
Fake Windows update lures using ClickFix deliver multi-stage PowerShell malware via adult-site malvertising.
thehackernews.com
November 26, 2025 at 2:05 PM
A dangerous malware named JackFix tricks users with fake Windows updates to steal data. It shows how hackers continuously innovate to bypass security measures. #MalwareThreats
Cybercriminals stole $262M by tricking people into thinking they were bank support. Since January, fake calls and pop-ups have been used to access victims’ accounts. Stay sharp—scammers are getting smarter. #OnlineSecurity
FBI: Cybercriminals stole $262M by impersonating bank support teams
The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start...
www.bleepingcomputer.com
November 26, 2025 at 11:05 AM
Cybercriminals stole $262M by tricking people into thinking they were bank support. Since January, fake calls and pop-ups have been used to access victims’ accounts. Stay sharp—scammers are getting smarter. #OnlineSecurity
SHA-1 vulnerabilities hit 25,000 servers, hackers exploit weaknesses in outdated encryption to cause data breaches. Encourages strong encryption updates. #CybersecurityAwareness
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Security vendors warn Sha1-Hulud has hijacked 25,000+ GitHub repos via npm packages, stealing cloud credentials or wiping dev home directories.
thehackernews.com
November 25, 2025 at 2:05 PM
SHA-1 vulnerabilities hit 25,000 servers, hackers exploit weaknesses in outdated encryption to cause data breaches. Encourages strong encryption updates. #CybersecurityAwareness
Real estate firm SitusAMC suffered a data breach exposing sensitive client info like Social Security numbers and bank details after unauthorized access to its systems. The company is notifying affected individuals. #databreach
Real-estate finance services giant SitusAMC breach exposes client data
SitusAMC, a company that provides back-end services for top banks and lenders, disclosed on Saturday a data breach it had discovered earlier this month that impacted customer data.
www.bleepingcomputer.com
November 25, 2025 at 11:05 AM
Real estate firm SitusAMC suffered a data breach exposing sensitive client info like Social Security numbers and bank details after unauthorized access to its systems. The company is notifying affected individuals. #databreach
Grafana patched a critical CVSS 10.0 flaw in its SCIM API, which posed severe security risks by allowing unauthorized access and data manipulation. This highlights the importance of timely software updates. #CybersecurityAlert
Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana fixes CVSS 10.0 SCIM flaw that enabled user impersonation and privilege escalation in versions 12.x.
thehackernews.com
November 24, 2025 at 2:05 PM
Grafana patched a critical CVSS 10.0 flaw in its SCIM API, which posed severe security risks by allowing unauthorized access and data manipulation. This highlights the importance of timely software updates. #CybersecurityAlert
Microsoft released an emergency fix for a Windows 11 bug causing update loops during hotpatch installs. The issue mainly hit systems using Azure-based patching. Now resolved, users should see smoother updates.
#WindowsUpdateFix
#WindowsUpdateFix
Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop
Microsoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly.
www.bleepingcomputer.com
November 24, 2025 at 11:05 AM
Microsoft released an emergency fix for a Windows 11 bug causing update loops during hotpatch installs. The issue mainly hit systems using Azure-based patching. Now resolved, users should see smoother updates.
#WindowsUpdateFix
#WindowsUpdateFix
Weekly cyber roundup: Record DDoS attacks, zero-days everywhere, nation-state chaos, & AI-powered fraud. Plus Cloudflare broke the internet with a file mishap. Stay informed! 🔒 #FWU #CyberSecurity #InfoSec
Friday Wrap Up: 21 November 2025
Another week, another reminder that cybersecurity never sleeps—and neither do the threat actors!
open.substack.com
November 21, 2025 at 8:02 PM
Weekly cyber roundup: Record DDoS attacks, zero-days everywhere, nation-state chaos, & AI-powered fraud. Plus Cloudflare broke the internet with a file mishap. Stay informed! 🔒 #FWU #CyberSecurity #InfoSec
Discover the latest in cybersecurity: new zero-day exploits, LinkedIn scams, and evolving digital threats that demand our vigilance. Stay informed to protect your digital life. #CyberAwareness
ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves
Discover the latest edition packed with expert insights, tech trends, and strategic analysis across cybersecurity, AI, and innovation — all in one pow
thehackernews.com
November 21, 2025 at 2:05 PM
Discover the latest in cybersecurity: new zero-day exploits, LinkedIn scams, and evolving digital threats that demand our vigilance. Stay informed to protect your digital life. #CyberAwareness
A hacker claims to have stolen 23TB of sensitive data from Italian rail company Almaviva, including personal and financial info. The breach highlights growing cyber threats to critical infrastructure. #databreach
Hacker claims to steal 2.3TB data from Italian rail group, Almavia
Data from Italy's national railway operator, the FS Italiane Group, has been exposed after a threat actor breached the organization's IT services provider, Almaviva.
www.bleepingcomputer.com
November 21, 2025 at 11:05 AM
A hacker claims to have stolen 23TB of sensitive data from Italian rail company Almaviva, including personal and financial info. The breach highlights growing cyber threats to critical infrastructure. #databreach
A new Python-based worm is spreading on WhatsApp through deceptive messages, posing security risks. Protect your data by being cautious with suspicious links and messages. #CyberSafety
Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices
Eternidade Stealer spreads via WhatsApp hijacking, using Python scripts and IMAP-driven C2 updates to target Brazilian users.
thehackernews.com
November 20, 2025 at 2:05 PM
A new Python-based worm is spreading on WhatsApp through deceptive messages, posing security risks. Protect your data by being cautious with suspicious links and messages. #CyberSafety
A critical flaw in the W3 Total Cache WordPress plugin lets attackers run harmful PHP code remotely. Over 1M sites using this plugin could be at risk if left unpatched. #WordPressSecurity
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload.
www.bleepingcomputer.com
November 20, 2025 at 11:05 AM
A critical flaw in the W3 Total Cache WordPress plugin lets attackers run harmful PHP code remotely. Over 1M sites using this plugin could be at risk if left unpatched. #WordPressSecurity
Explore how top companies shield against rising cyber threats using advanced security strategies. Stay informed about industry best practices for safeguarding data and systems. #CyberSecurityEssentials
Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale
Learn how CyberArk experts help businesses secure multi-cloud access, reduce identity risks, and stay compliant.
thehackernews.com
November 19, 2025 at 2:05 PM
Explore how top companies shield against rising cyber threats using advanced security strategies. Stay informed about industry best practices for safeguarding data and systems. #CyberSecurityEssentials
Microsoft is adding Sysmon directly into Windows 11 and Server 2025, making it easier to detect threats and monitor system activity without extra setup. A big step for built-in security features. #WindowsSecurity
Microsoft to integrate Sysmon directly into Windows 11, Server 2025
Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools.
www.bleepingcomputer.com
November 19, 2025 at 11:05 AM
Microsoft is adding Sysmon directly into Windows 11 and Server 2025, making it easier to detect threats and monitor system activity without extra setup. A big step for built-in security features. #WindowsSecurity
This week's highlight: Fortinet vulnerabilities exploited, China's digital espionage, and cybersecurity challenges. Stay informed and secure as cyber threats evolve. #CyberAwareness
⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More
Fortinet CVE exploited, China-linked AI attacks exposed, PhaaS platform dismantled, and fake crypto apps deploy RATs. Catch this week’s top threats.
thehackernews.com
November 18, 2025 at 2:05 PM
This week's highlight: Fortinet vulnerabilities exploited, China's digital espionage, and cybersecurity challenges. Stay informed and secure as cyber threats evolve. #CyberAwareness
A massive DDoS attack hit Microsoft Azure using the AiSuRu botnet, leveraging 500,000 IPs to reach 15.3 Tbps—one of the largest ever. The event reveals growing threats to cloud infrastructure. #CyberThreats
Microsoft: Azure hit by 15 Tbps DDoS attack using 500,000 IP addresses
Microsoft said today that the Aisuru botnet hit its Azure network with a 15.72 terabits per second (Tbps) DDoS attack, launched from over 500,000 IP addresses.
www.bleepingcomputer.com
November 18, 2025 at 11:05 AM
A massive DDoS attack hit Microsoft Azure using the AiSuRu botnet, leveraging 500,000 IPs to reach 15.3 Tbps—one of the largest ever. The event reveals growing threats to cloud infrastructure. #CyberThreats
Claims that Claude AI can launch cyberattacks on its own are being challenged. Experts say AI still needs human help and can’t act independently. The debate highlights growing concerns around AI misuse and media hype. #AIMisuse
Anthropic claims of Claude AI-automated cyberattacks met with doubt
Anthropic reports that a Chinese state-sponsored threat group, tracked as GTG-1002, carried out a cyber-espionage operation that was largely automated through the abuse of the company's Claude Code AI...
www.bleepingcomputer.com
November 17, 2025 at 11:05 AM
Claims that Claude AI can launch cyberattacks on its own are being challenged. Experts say AI still needs human help and can’t act independently. The debate highlights growing concerns around AI misuse and media hype. #AIMisuse
FWU: PhaaS targets M365, Cl0p lists Oracle victims, Russian IAB pleads guilty, 67K fake npm packages, Iranian APT42 spy ops, FortiWeb actively exploited, & more! #FWU #cybersecurity #infosec
Friday Wrap Up: 14 November 2025
Another wild week in cybersecurity!
open.substack.com
November 14, 2025 at 8:00 PM
FWU: PhaaS targets M365, Cl0p lists Oracle victims, Russian IAB pleads guilty, 67K fake npm packages, Iranian APT42 spy ops, FortiWeb actively exploited, & more! #FWU #cybersecurity #infosec
Researchers uncover significant bugs in AI systems that could be exploited for cyberattacks, emphasizing the importance of strengthening AI security. Stay informed on potential risks and safeguard your systems. #AIBugAlert
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Researchers reveal RCE flaws in AI inference engines and Cursor IDE from unsafe code reuse.
thehackernews.com
November 14, 2025 at 6:54 PM
Researchers uncover significant bugs in AI systems that could be exploited for cyberattacks, emphasizing the importance of strengthening AI security. Stay informed on potential risks and safeguard your systems. #AIBugAlert
A fake Chrome extension named Safery is stealing data from thousands of users. It imitates a security feature but instead collects browsing details. Stay cautious about what you install. #cybersecurityconcerns
Fake Chrome Extension “Safery” Steals Ethereum Wallet Seed Phrases Using Sui Blockchain
A fake Chrome wallet “Safery” is stealing Ethereum seed phrases using hidden Sui blockchain transactions.
thehackernews.com
November 14, 2025 at 2:05 PM
A fake Chrome extension named Safery is stealing data from thousands of users. It imitates a security feature but instead collects browsing details. Stay cautious about what you install. #cybersecurityconcerns
The Washington Post experienced a data breach affecting nearly 10,000 employees and contractors, exposing sensitive personal information due to a third-party vendor compromise. #databreach
Washington Post data breach impacts nearly 10K employees, contractors
The Washington Post is notifying nearly 10,000 employees and contractors that some of their personal and financial data has been exposed in the Oracle data theft attack.
www.bleepingcomputer.com
November 14, 2025 at 11:05 AM
The Washington Post experienced a data breach affecting nearly 10,000 employees and contractors, exposing sensitive personal information due to a third-party vendor compromise. #databreach