In this week;s news: AI used for a hacking campaign where the AI did 80% of the work. Crowdstrike fires employees involved in hacking incident, FCC rolls back rules for telcos, Oracle EBusiness vuln leads to COX breach, and WhatsApp API rate limiting allows for scraping.

Subscribe to this newsletter
New Website

The first reported AI-orchestrated cyber espionage campaign was detected. AI performed 80-90% of the work. Human operators were responsible for only 10-20% of the effort, acting as strategic decision-makers, not keyboard operators.
https://www.anthropic.com/news/disrupting-AI-espionage

https://www.linkedin.com/posts/conordsherman_anthropics-new-november-2025-report-just-activity-7395141282999992320-Jukc/

Leading cybersecurity firm CrowdStrike recently confirmed it fired an employee for sharing confidential internal details with a major hacking group. This incident, which became public on Friday, shows that internal human risk can be just as dangerous as technical flaws.
https://hackread.com/crowdstrike-fires-worker-insider-leak-scattered-lapsus-hunters/

Cybercriminals are delivering malware via web browser features using a newly discovered command-and-control (C2) platform dubbed Matrix Push C2. The malicious C2 platform, discovered by BlackFrog, tricks users with fake system notifications, redirecting them to malicious sites, monitoring infected clients in real time, and even scanning for cryptocurrency wallets.
https://www.infosecurity-magazine.com/news/browser-push-notifications-deliver/

The Federal Communications Commission (FCC) has rolled back a previous ruling that required U.S. telecom carriers to implement stricter cybersecurity measures following the massive hack from the Chinese threat group known as Salt Typhoon.
https://www.bleepingcomputer.com/news/security/fcc-rolls-back-cybersecurity-rules-for-telcos-despite-state-hacking-risks/

Salesforce, a renowned customer relationship management (CRM) platform, has confirmed it is dealing with a significant security incident. The company announced late Wednesday that some of its customers’ data was likely accessed by an outside party through an issue involving apps published by Gainsight, a company that provides customer success software.
https://hackread.com/shinyhunters-breach-gainsight-salesforce-1000-firms/

Data belonging to Italy’s national railway operator Ferrovie dello Stato Italiane (FS) was leaked after a data breach at IT provider Almaviva. FS Italiane Group is Italy’s state-owned railway company, managing passenger and freight transport, infrastructure, and logistics.
https://securityaffairs.com/184907/data-breach/massive-data-leak-hits-italian-railway-operator-ferrovie-dello-stato-via-almaviva-hack.html

Two British teens accused of Computer Misuse Act offenses for a cyberattack on Transport for London pleaded not guilty in court. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, and Owen Flowers, 18, were arrested in September by the NCA at their homes in East London and Walsall. Both appeared at Southwark Crown Court on Friday to formally deny the charges.
https://securityaffairs.com/185000/hacking/scattered-spider-alleged-members-deny-tfl-charges.html

FIN7 Gang Hides Malware in AI “Deepnude” Sites
https://www.infosecurity-magazine.com/news/fin7-hides-malware-ai-deepnude/

A vulnerability has been found in the very popular, free file-compressing tool 7-Zip. The flaw, tracked as CVE-2025-11001, has a public exploit, leading to a high-risk warning from the UK’s NHS England Digital.
https://hackread.com/7-zip-vulnerability-public-exploit-manual-update/

A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and Gen8 firewalls. SonicWall is urging all customers to apply patches immediately, as the issue stems from a stack-based buffer overflow that can trigger a denial-of-service condition on vulnerable devices.
https://securityaffairs.com/184967/security/sonicwall-flags-sslvpn-flaw-allowing-firewall-crashes.html

Researchers compiled a list of 3.5 billion WhatsApp mobile phone numbers and associated personal information by abusing a contact-discovery API that lacked rate limiting. The team reported the issue to WhatsApp, and the company has since added rate-limiting protections to prevent similar abuse.
https://www.bleepingcomputer.com/news/security/whatsapp-api-flaw-let-researchers-scrape-35-billion-accounts/

Cox Enterprises is notifying impacted individuals of a data breach that exposed their personal data to hackers who breached the company network after exploiting a zero-day flaw in Oracle E-Business Suite. The compromise occurred in August, but the company didn’t detect the intrusion until late September, when it launched its internal investigation.
https://www.bleepingcomputer.com/news/security/cox-enterprises-discloses-oracle-e-business-suite-data-breach/

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated remote code execution.
https://thehackernews.com/2025/11/cisa-warns-of-actively-exploited.html