Another wild week in cybersecurity where insider threats meet nation-state attacks, AI-powered malware rewrites itself hourly, and even our security pros are allegedly moonlighting with ransomware gangs. 🤦‍♂️

From YouTube ghost networks spreading infostealers through fake videos to logic bombs hiding in code packages set to detonate in 2027 (mark your calendars!), the threat landscape keeps getting more creative—and concerning 😳 .

The Congressional Budget Office got breached, Samsung phones were compromised via malicious images, and ChatGPT vulnerabilities could leak your AI conversations. Meanwhile, the cybercrime equivalent of a corporate merger just happened with three major gangs joining forces 💸 .

Dive into this week’s Friday Wrap Up for all the details on what kept security teams busy this week 📰 .

Major Cyberattacks & Incidents

This week saw major breaches across government agencies and corporate infrastructure, raising serious questions about security response capabilities.

• 🚨 Two incident response professionals are accused of using ALPHV/BlackCat ransomware to attack at least five U.S. companies while employed by their respective security firms. (Published on 3-Nov-2025, CyberScoop). Read More

• 🔒 Nation-state actors breached SonicWall’s MySonicWall portal, stealing firewall backups in an attack separate from recent Akira ransomware campaigns targeting the company’s devices. (Published on 6-Nov-2025, Dark Reading). Read More

• 🏛️ The U.S. Congressional Budget Office confirmed a suspected foreign cyberattack on its network, potentially exposing sensitive government data to unauthorized access. (Published on 6-Nov-2025, BleepingComputer). Read More

Malware & Vulnerabilities

Attackers continue exploiting developer tools and AI platforms while targeting everything from WordPress sites to Samsung devices with sophisticated malware campaigns.

• 🦆 A remote access trojan called SleepyDuck masquerades as the legitimate Solidity extension in Open VSX registry, using Ethereum smart contracts for attacker communication. (Published on 3-Nov-2025, BleepingComputer). Read More

• 👻 Kaspersky uncovered Operation ForumTroll deploying Dante spyware from Memento Labs (rebranded Hacking Team), exploiting Chrome zero-day CVE-2025-2783 and COM hijacking for persistence. (Published on 3-Nov-2025, Hackread). Read More

• 📹 Check Point exposed the YouTube Ghost Network, a sophisticated operation using hijacked channels and bots to distribute Lumma and Rhadamanthys infostealers through 3,000 fake videos. (Published on 3-Nov-2025, Hackread). Read More

• 🚚 Cybercriminals target trucking and logistics companies with remote monitoring tools, collaborating with organized crime groups to steal cargo freight for financial gain since June 2025. (Published on 3-Nov-2025, The Hacker News). Read More

• 🔌 Attackers actively exploit a critical vulnerability in Post SMTP plugin on 400,000+ WordPress sites to hijack administrator accounts and gain complete site control. (Published on 4-Nov-2025, BleepingComputer). Read More

• 🤖 Microsoft discovered SesameOp backdoor abusing OpenAI’s Assistants API to establish remote access, steal data, and communicate commands through the AI platform’s infrastructure. (Published on 4-Nov-2025, Hackread). Read More

• 🍎 Apple released security updates patching over 100 vulnerabilities across iPhones, Macs, and iPads, though no active exploitation was reported for the addressed defects. (Published on 4-Nov-2025, CyberScoop). Read More

• 🕸️ Three notorious cybercrime groups—Scattered Spider, LAPSUS$, and ShinyHunters—merged operations, creating 16 Telegram channels since August despite repeated platform removals and recreations. (Published on 4-Nov-2025, The Hacker News). Read More

• 🧱 Cisco disclosed a new attack variant targeting ASA and FTD firewall devices vulnerable to CVE-2025-20333 and CVE-2025-20362, causing unexpected device reloads and denial-of-service. (Published on 6-Nov-2025, The Hacker News). Read More

• ⚛️ JFrog discovered CVE-2025-11953, a critical RCE flaw in React Native CLI allowing remote command execution through Metro development server’s insecure “/open-url” endpoint on Windows systems. (Published on 6-Nov-2025, CSO Online). Read More

• 💾 A malicious VS Code extension with basic ransomware capabilities, apparently AI-generated, was published on Microsoft’s official marketplace without attempting to hide its malicious functionality. (Published on 6-Nov-2025, BleepingComputer). Read More

• 🎨 Researchers flagged “susvsex,” a vibe-coded malicious VS Code extension with built-in ransomware capabilities that appears to have been created using AI without concealing its malicious intent. (Published on 6-Nov-2025, The Hacker News). Read More

• 💣 Socket identified nine malicious NuGet packages with logic bombs set to detonate in August 2027, designed to sabotage database operations and corrupt industrial control systems. (Published on 7-Nov-2025, The Hacker News). Read More

• 📱 Threat actors exploited Samsung zero-day CVE-2025-21042 to deliver Landfall Android spyware via specially crafted images, targeting users in the Middle East region. (Published on 7-Nov-2025, SecurityWeek). Read More

• 🤖 Security researchers discovered multiple vulnerabilities in AI infrastructure products from Ollama and Nvidia, including flaws capable of enabling remote code execution on affected systems. (Published on 7-Nov-2025, Dark Reading). Read More

AI & Policy

Artificial intelligence continues reshaping both attack and defense landscapes while policy developments raise concerns about U.S. cybersecurity readiness.

• ⚠️ F5 breach, CISA job cuts, and potential government shutdown create skeleton crews and declining oversight, giving nation-state operators an expanding attack surface and opportunity window. (Published on 5-Nov-2025, CyberScoop). Read More

• 🧠 Google’s Threat Intelligence Group identified adversaries deploying new malware families that integrate large language models during execution, marking a significant evolution in attack capabilities. (Published on 5-Nov-2025, BleepingComputer). Read More

• ☁️ AWS report reveals credentials and misconfigurations cause most cloud breaches, with vulnerability exploitation accounting for 24% of security failures in cloud environments. (Published on 5-Nov-2025, Hackread). Read More

• 🔄 Google discovered PROMPTFLUX malware that interacts with Gemini AI API to rewrite its VBScript source code hourly, achieving improved obfuscation and evasion capabilities. (Published on 5-Nov-2025, The Hacker News). Read More

• 🔓 Tenable researchers disclosed seven vulnerabilities in ChatGPT’s GPT-4o and GPT-5 models allowing attackers to steal personal information from users’ memories and chat histories. (Published on 5-Nov-2025, The Hacker News). Read More

• 💭 Security researchers successfully hacked ChatGPT’s memory and web search features, discovering vulnerabilities affecting the latest GPT model that could compromise user data. (Published on 6-Nov-2025, SecurityWeek). Read More

• 🛡️ Computer-using agents (CUAs) enable attackers to automate phishing and credential-stuffing attacks at scale, accelerating the shift toward phishing-resistant credentials like FIDO2 and passkeys. (Published on 7-Nov-2025, CSO Online). Read More

Cybersecurity Tools & Techniques

Industry moves toward AI-enhanced security testing capabilities promise to strengthen defenses against evolving threats.

• 🔧 Bugcrowd acquired Mayhem Security to enhance its ethical hacking community with AI-backed software testing capabilities, combining human ingenuity with automated security analysis. (Published on 5-Nov-2025, ComputerWeekly.com). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!