Cyber Security Headlines – November 19, 2025

Host: Sara Lane, CISO Series
Main Theme:
A fast-paced overview of major cybersecurity incidents, industry updates, and national security threats reported on November 19, 2025, with particular focus on regulatory changes, election interference, cyber espionage, and new attack vectors.

Key Discussion Points & Insights

1. FCC to Scrap Salt Typhoon-Inspired Cybersecurity Rules

[00:07]

• Context: The FCC is poised to vote on removing cybersecurity rules enacted after the 2024 "Salt Typhoon" cyberattacks, a China-linked espionage campaign.
• Previous Mandates: Required telecoms to implement core security measures like multi-factor authentication (MFA), role-based access, and consistent patching.
• Current Stance: The administration labels these requirements as "legally overreaching and ineffective." They want a “collaborative, voluntary approach” between industry and federal agencies instead.
• Background on Salt Typhoon:
  • The campaign targeted US government, telecom, and university networks.
  • Impacted sensitive data of millions globally.

Notable Quote:

"Salt Typhoon, a China linked cyber espionage campaign compromised US Government, telecom and university networks, affecting sensitive data from millions globally." — Sara Lane [00:14]

2. DDoS Attacks Target Danish Political Party Websites

[00:45]

• Attackers: Pro-Russian group Noname 05716 executed DDoS attacks.
• Targets: Political parties—The Conservatives, Moderates, Social Democrats, Red-Green Alliance, and the Copenhagen Post—right before local elections.
• Impact:
  • Websites were briefly knocked offline.
  • Voting process unharmed as ballots are hand-counted.
• Patterns: Reflects a broader "nuisance style" DDoS spike from Russian-aligned groups across Europe during elections (Moldova, Poland, Romania).

Notable Quote:

"Officials say voting was unaffected because ballots are counted by hand." — Sara Lane [01:02]

3. MI5 Warns of Chinese Spy Activity via LinkedIn

[01:15]

• Warning: MI5 cautions that Chinese Ministry of State Security is using LinkedIn and fake headhunter companies to approach UK lawmakers and policy influencers.
• Details:
  • Alert names two suspected recruiters.
  • Economists, think tank staff, and officials reported as targets.
• Backdrop:
  • Follows a failed spying prosecution involving alleged Chinese agents in the UK.
  • Part of ongoing concern around cyber espionage, political interference, and tech theft.

Notable Quote:

"Chinese operatives are trying to recruit and cultivate UK lawmakers and policy influencers through LinkedIn headhunters and front companies tied to China's Ministry of State Security." — Sara Lane [01:20]

4. Microsoft Teams Adds Way to Report False Positive Security Flags

[01:52]

• Update: Teams users can now report messages incorrectly flagged as malicious.
• Rollout: Feature available on desktop, mobile, web for organizations with Microsoft Defender for Office 365 Plan 2 or Defender XDR (enabled by default).
• Other Safety Enhancements:
  • Malicious link alerts
  • Screen capture blocking
• Admin Control: Setting manageable via Teams admin center.

5. npm Packages Abuse ADSpect Cloaking in Crypto Scam

[03:06]

• Discovery: Seven hostile npm packages used cloaking to evade detection and direct users to crypto scam sites, filtering out researchers.
• Threat Actor: “Dino Reborn.”
• Mechanism:
  • Gathers device/browser fingerprints
  • Sends through proxy (ADSpect)
  • Shows malicious captchas or decoy pages as needed
• Current Status: Packages removed, but method likely to resurface.

Notable Quote:

"Researchers warn this cloaking plus open source distribution method will likely reappear under new names." — Sara Lane [03:36]

6. Sneaky2FA Phishing Kit Upgrades with Bitby Pop-Ups

[03:39]

• Technique: Employs “browser in the browser” (Bitby pop-ups) to convincingly mimic Microsoft logins.
• Protections: Uses bot defense, conditional loading, code obfuscation to foil detection.
• Bypassing Security: Even phishing-resistant methods (like passkeys) vulnerable to downgrade or extension-based attacks.
• Advice: Emphasized need for strong conditional access policies.

Notable Quote:

"Identity based attacks remain the leading cause of breaches and urges users and orgs to exercise caution and enforce conditional access policies to prevent account takeovers." — Sara Lane [04:20]

7. Chrome Issues Emergency Patches for Two Zero-Days

[04:24]

• Bugs: Two high-severity V8 JavaScript engine zero-days (type confusion flaws).
• Status: Actively exploited; Google urges immediate upgrade.
• Discovery:
  • First by Clement Lessing (Google Tag)
  • Second by "Big Sleep" tool at Google
• 2025 Tally: These are the 7th and 8th Chrome zero days patched this year.

Notable Quote:

"If you're keeping track, and I know you are, these are the 7th and 8th Chrome 0 days patched in 2025." — Sara Lane [04:56]

8. Data Breach at French Childcare Social Security Service

[05:07]

• Incident: Posen Pleis (France's child care social security service) breach possibly exposed personal data of over 1.2 million.
• Data Exposed: Names, birthplaces, postal addresses, social security numbers, banking institutions, internal IDs.
• Safe: No IBANs, emails, phone numbers, or passwords accessed.
• Risk: Targeted phishing attempts anticipated—service warning all affected users.

Memorable Moments & Quotes

• On the effectiveness of election interference:
  “Officials say voting was unaffected because ballots are counted by hand.” [01:02]

• On the persistent threat of identity-based attacks:
  “Identity based attacks remain the leading cause of breaches and urges users and orgs to exercise caution and enforce conditional access policies to prevent account takeovers.” [04:20]

• Tracking Chrome zero-day explosions:
  “If you're keeping track, and I know you are, these are the 7th and 8th Chrome 0 days patched in 2025.” [04:56]

Timeline of Key Segments

| Segment | Timestamp | |----------------------------------------------------------|---------------| | FCC to scrap Salt Typhoon rules | 00:07 | | Danish party websites hit by DDoS | 00:45 | | MI5: Chinese spies recruiting via LinkedIn | 01:15 | | Teams: Users can report false security flags | 01:52 | | npm malicious packages/crypto scam | 03:06 | | Sneaky2FA phishing kit & Bitby pop-ups | 03:39 | | Chrome emergency security updates | 04:24 | | French childcare data breach | 05:07 |

The episode offers a concise, actionable summary of major risks and responses across the cybersecurity landscape as of November 19, 2025, highlighting the evolving nature of threats and the regulatory, organizational, and technical moves to address them.