Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, November 12, 2025. I'm Sara Lane. Google's Find Hub turns into remote white weapon Researchers at South Korea's cybersecurity firm Genans say North Korean hacking group Connie used Google's Find My Device service to remotely wipe and and raid phones of South Korean targets, erasing evidence of their espionage. The attackers stole Google credentials through phishing, then triggered unauthorized factory resets. Using the cloud feature, Connie spread further infections via the Kakaotalk app and exploited GPS data to time attacks. The group linked to Pyongyang's intelligence agency has increasingly used cloud tools to conceal operations. Qilin Ransomware Activity Surges Cybersecurity firm SRM reported a surge in ransomware attacks linked to the long running Qilin Group, which mainly targets small and mid sized businesses in construction, healthcare and finance. Qilin affiliates, including members of Scattered spider, exploit unpatched VPNs, weak authentication and and exposed interfaces to steal data and encrypt Systems. SRM says 88% of cases this year involved both data theft and encryption, with stolen data leaked on dark websites. The firm now warns that Qilin uses telegram and WikiLeaks v2 for extortion. Gootloader is back Cybersecurity firm Huntress says that the gut loader malware has resurfaced using a new evasion technique that hides malicious zip files behind custom Woof2 web fonts on compromised WordPress sites. The trick disguises file names by substituting glyphs, making them appear harmless until rendered in browsers. Goot Loader infections have led to domain controller compromises within 17 hours. Deploying the Supper backdoor for remote access. Linked to threat group hive0127. Goot loader continues spreading via SEO poisoning and also Google Ads. SAP fixes hard coded credentials flaw SAP's November patch cycle fixed two critical flaws, including a hard coded credentials bug in the SQL Anywhere monitor rated 10.0 severity, which could let attackers execute arbitrary code. Another critical issue in SAP Solution Manager let authenticated users inject malicious code and take full system control. SAP also patched one high and 14 medium severity bugs, plus reissued a netweaver fix from October. No active exploitation has been observed. Huge thanks to our sponsor Vanta. What is your 2am Security worry? Is it do I have the right controls in place or are my vendors secure? Or the really scary one? How do I get out from under these old tools and manual processes? Enter Vanta Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Vanta's trust platform continuously monitors your systems, centralizes your data, and simplifies your security at scale. Vanta also fits within right into your workflow, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently, and get back to sleep. Get started at Vanta.com Headlines Android Rat boasts Full device Espionage Researchers at Zimperium uncovered Fantasy Hub, a Russian sold Android Remote Access Trojan or rat, offered as malware as a service enabling full device surveillance and control through Telegram. The spyware steals data, intercepts messages, accesses cameras and microphones via WebRTC, and uses fake Google Play pages to spread. Attackers also deploy counterfeit banking apps for Alpha, PSB T, bank and Saber to steal credentials, Symperium says. Fantasy Hubs MAS model social engineering and SMS handler abuse make it especially dangerous for BYOD and consumer devices. Critical Trio Fox vulnerability exploited A critical Treo Fox vulnerability was exploited in the wild by threat actor UNC 6485, allowing creation of a new admin account and execution of remote access tools. The flaw stems from improper access control on initial setup pages. Attackers abuse the built in antivirus feature to run malicious scripts, including a Zoho UEMS installer enabling Zoho Assistant and any desk access, lateral movement and password changes. Organizations are advised to update Triofox, audit admin accounts and restrict antivirus execution paths. Global Logic impacted by ATTCK on Oracle Hitachi subsidiary GlobalLogic was affected by a CLOP ransomware campaign targeting Oracle E Business suite customers. Human resources Data for nearly 10,500 current and former employees was exposed, including names, contact information, Social Security numbers and bank details. The breach began July 10. It was discovered Oct. 9, with the last malicious activity apparently Aug. 20. Klopp reportedly demanded up to $50 million from victims, and dozens of Oracle customers were impacted. Google Intros Private AI Compute Google is launching Private AI Compute, a cloud platform that lets devices run advanced AI tasks while keeping data private. Similar to Apple's private Cloud Compute, it moves intensive AI processing to the cloud without exposing sensitive information back to Google. The system is meant to expand AI features on devices like Pixel 10 phones, enabling more personalized suggestions from tools like MagicQ and supporting additional languages for recorder transcriptions. Google frames it as a secure way to handle complex AI tasks beyond on device capabilities. Hey Boston, we are doing a meetup on Monday, November 24th at 6 City Tap House. If you are in cybersecurity or trying to get into it, this is your chance to meet other people in the community, swap some war stories, and actually enjoy talking shop. Register@cisoseries.com Events before spots fill up. If you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we want to hear from you. I am Sarah Lane reporting for the CISO series and we will talk to you tomorrow. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.