Mobile blackout for Russian travelers, Windows 11 supports 3rd party passkeys, Synology patches BeeStation flaw

Cyber Security Headlines – November 13, 2025

Host: Sarah Lane (CISO Series)
Episode Theme:
A rapid-fire update on the latest developments in cybersecurity, covering new government policies, major software updates, notable threats, high-impact attacks, and market trends driving responses in cyber defense.

Key Discussion Points

1. Mobile Blackout for Russian Travelers

Summary:

Russia imposed 24-hour mobile Internet blackouts on citizens returning from abroad.
- Purpose: Designed to prevent Ukrainian drones from using Russian domestic SIM cards for navigation.
- Restoration: Travelers must complete a captcha or identity verification to restore access.
- Unintended Impact: The blackout caused outages in border regions.
- Broader Trend: Follows previous restrictions on foreign SIM users from last month.
- FSB Authority: Russia is giving its intelligence service expanded powers to order network shutdowns for “emerging threats.”

Quote:

"Russia started imposing 24 hour mobile Internet blackouts for citizens returning from abroad as a security measure to stop Ukrainian drones from using domestic SIM cards for navigation."
— Sarah Lane (00:12)

2. Windows 11 Supports Third-Party Passkey Apps

Summary:

Microsoft’s latest Windows 11 update adds native support for third-party passkey managers (initially 1Password and Bitwarden, currently in beta).
- Passkey API: Developed with these companies for expanded passwordless authentication.
- Integration: Users can now store/manage passkeys using Windows Hello or supported apps, backed by Azure's hardware security.
- Edge Password Manager: Integrated directly into Windows.

Quote:

"The update introduces a new Passkey API developed with these companies to expand passwordless authentication options."
— Sarah Lane (00:42)

3. Synology Patches BeeStation RCE Flaw

Summary:

Critical remote code execution vulnerability patched in Synology BeeStation devices, first revealed at PWN2Own Ireland 2025.
- Root Cause: Improper buffer size checks allowed attackers to run arbitrary code.
- Update Needed: Users urged to install BeeStation OS version 1.3.265648 or later.
- QNAP also affected: Patched multiple zero-days revealed at the same event.

Quote:

"The bug stemmed from improper buffer size checks that let attackers run arbitrary code remotely."
— Sarah Lane (01:18)

4. Amazon Ties Cisco, Citrix Attacks to APT Group

Summary:

Amazon’s Threat Intelligence team linked zero-day exploits in Cisco Identity Services Engine (ISE) and Citrix Netscaler to an advanced persistent threat (APT) group.
- Timeline: Attacks began as early as May 2025.
- Target: Custom malware and backdoors built for Cisco ISE, likely for espionage.
- Response: Amazon alerted Cisco; Citrix Bleed 2 (Netscaler) added to CISA’s exploited vulnerabilities in July.

Quote:

"The attackers used custom malware and backdoors tailored to Cisco ISE, likely for long term espionage."
— Sarah Lane (01:59)

5. Danabot Malware Returns in New Form

Summary:

Danabot banking trojan resurfaces with a new Windows variant after being targeted by Operation Endgame in May.
- Scope: Targeting Australia, North America, and Europe.
- Functionality: Offered as malware-as-a-service, with modular plugins.
- Background: Operation Endgame had neutralized several strains and led to 20 international warrants.
- Detection: Zscaler Threat Labs tracked new command-and-control infrastructure.

Quote:

"Danabot has resurfaced with a new Windows variant, six months after being disrupted by Operation Endgame back in May."
— Sarah Lane (03:29)

6. UK Unveils New Cybersecurity Bill

Summary:

British government introduces long-awaited Cybersecurity and Resilience Bill.
- Provisions: Expands 2018 NIS regulations to health, energy, and IT sectors.
- Requirements: Enforces strict standards, rapid incident reporting, and broad regulator oversight.
- Penalties: Large fines for non-compliance.

Quote:

"The British government introduced its long delayed Cybersecurity and Resilience Bill, which would impose strict standards and large fines on critical infrastructure..."
— Sarah Lane (04:00)

7. UK Cyber Insurance Payouts Soar

Summary:

UK cyber insurance payouts up 230% in 2024 (to £197 million), with rising malware/ransomware claims.
- Trends: Policy numbers up 17%. 51% of claims tied to ransomware, up from 32% last year.
- Insurer Strategy: Increased focus on prevention, baseline cyber controls, and potential tightening with ransom payment bans.

Quote:

"Malware and ransomware accounted for 51% of claims, that is up from 32%."
— Sarah Lane (04:28)

8. Google Sues Lighthouse Phishing Kit Operators

Summary:

Google files a lawsuit against 25 unnamed individuals in China responsible for the "Lighthouse" phishing-as-a-service kit.
- Impact: Over 1 million global victims, using SMS phishing disguised as Easy Pass/USPS notices.
- Legal Action: Lawsuit under RICO, Lanham Act, and CFAA, seeking damages and domain takedowns.
- Advocacy: Google supports pending US bills to target fraud/scam operations.

Quote:

"Google filed a lawsuit against 25 unnamed individuals in China behind the Lighthouse phishing as a service kit, which has reportedly victimized over 1 million people."
— Sarah Lane (05:17)

Notable Quotes & Memorable Moments

On Russia’s blackout strategy:
"Travelers can regain access by completing a captcha or verifying their identity." (00:24)
On UK insurance trends:
"Insurers increasingly require baseline cybersecurity measures and the proposed government ban on ransom payments could tighten these requirements even more." (04:51)
On Google’s lawsuit:
"The suit alleges violations of the Racketeer Influenced and Corrupt Organizations act, the Lanham act and the Computer Fraud and Abuse act, and seeks damages and a court order to block Lighthouse linked domains." (05:27)

Timestamps for Important Segments

Russia’s Mobile Blackout: 00:07–00:37
Windows 11 Passkey Support: 00:37–01:07
Synology BeeStation Flaw: 01:07–01:40
Cisco/Citrix APT Attack: 01:40–02:18
Danabot Banking Trojan Update: 03:28–03:57
UK Cybersecurity Bill: 03:57–04:26
UK Cyber Insurance Payouts: 04:26–05:06
Google vs. Lighthouse Kit: 05:06–06:01

Tone and Style

The episode delivers urgent, succinct news with a focus on real-world impacts, industry responses, and evolving threats. Sarah Lane maintains a professional yet conversational tone, making the headlines accessible and actionable for security professionals and interested listeners.

For more in-depth coverage on these stories, listeners are directed to CISOseries.com.

Cyber Security Headlines – November 13, 2025

Key Discussion Points

1. Mobile Blackout for Russian Travelers

Summary:

Russia imposed 24-hour mobile Internet blackouts on citizens returning from abroad.
- Purpose: Designed to prevent Ukrainian drones from using Russian domestic SIM cards for navigation.
- Restoration: Travelers must complete a captcha or identity verification to restore access.
- Unintended Impact: The blackout caused outages in border regions.
- Broader Trend: Follows previous restrictions on foreign SIM users from last month.
- FSB Authority: Russia is giving its intelligence service expanded powers to order network shutdowns for “emerging threats.”

Quote:

"Russia started imposing 24 hour mobile Internet blackouts for citizens returning from abroad as a security measure to stop Ukrainian drones from using domestic SIM cards for navigation."
— Sarah Lane (00:12)

2. Windows 11 Supports Third-Party Passkey Apps

Summary:

Microsoft’s latest Windows 11 update adds native support for third-party passkey managers (initially 1Password and Bitwarden, currently in beta).
- Passkey API: Developed with these companies for expanded passwordless authentication.
- Integration: Users can now store/manage passkeys using Windows Hello or supported apps, backed by Azure's hardware security.
- Edge Password Manager: Integrated directly into Windows.

Quote:

"The update introduces a new Passkey API developed with these companies to expand passwordless authentication options."
— Sarah Lane (00:42)

3. Synology Patches BeeStation RCE Flaw

Summary:

Critical remote code execution vulnerability patched in Synology BeeStation devices, first revealed at PWN2Own Ireland 2025.
- Root Cause: Improper buffer size checks allowed attackers to run arbitrary code.
- Update Needed: Users urged to install BeeStation OS version 1.3.265648 or later.
- QNAP also affected: Patched multiple zero-days revealed at the same event.

Quote:

"The bug stemmed from improper buffer size checks that let attackers run arbitrary code remotely."
— Sarah Lane (01:18)

4. Amazon Ties Cisco, Citrix Attacks to APT Group

Summary:

Amazon’s Threat Intelligence team linked zero-day exploits in Cisco Identity Services Engine (ISE) and Citrix Netscaler to an advanced persistent threat (APT) group.
- Timeline: Attacks began as early as May 2025.
- Target: Custom malware and backdoors built for Cisco ISE, likely for espionage.
- Response: Amazon alerted Cisco; Citrix Bleed 2 (Netscaler) added to CISA’s exploited vulnerabilities in July.

Quote:

"The attackers used custom malware and backdoors tailored to Cisco ISE, likely for long term espionage."
— Sarah Lane (01:59)

5. Danabot Malware Returns in New Form

Summary:

Danabot banking trojan resurfaces with a new Windows variant after being targeted by Operation Endgame in May.
- Scope: Targeting Australia, North America, and Europe.
- Functionality: Offered as malware-as-a-service, with modular plugins.
- Background: Operation Endgame had neutralized several strains and led to 20 international warrants.
- Detection: Zscaler Threat Labs tracked new command-and-control infrastructure.

Quote:

"Danabot has resurfaced with a new Windows variant, six months after being disrupted by Operation Endgame back in May."
— Sarah Lane (03:29)

6. UK Unveils New Cybersecurity Bill

Summary:

British government introduces long-awaited Cybersecurity and Resilience Bill.
- Provisions: Expands 2018 NIS regulations to health, energy, and IT sectors.
- Requirements: Enforces strict standards, rapid incident reporting, and broad regulator oversight.
- Penalties: Large fines for non-compliance.

Quote:

"The British government introduced its long delayed Cybersecurity and Resilience Bill, which would impose strict standards and large fines on critical infrastructure..."
— Sarah Lane (04:00)

7. UK Cyber Insurance Payouts Soar

Summary:

UK cyber insurance payouts up 230% in 2024 (to £197 million), with rising malware/ransomware claims.
- Trends: Policy numbers up 17%. 51% of claims tied to ransomware, up from 32% last year.
- Insurer Strategy: Increased focus on prevention, baseline cyber controls, and potential tightening with ransom payment bans.

Quote:

"Malware and ransomware accounted for 51% of claims, that is up from 32%."
— Sarah Lane (04:28)

8. Google Sues Lighthouse Phishing Kit Operators

Summary:

Google files a lawsuit against 25 unnamed individuals in China responsible for the "Lighthouse" phishing-as-a-service kit.
- Impact: Over 1 million global victims, using SMS phishing disguised as Easy Pass/USPS notices.
- Legal Action: Lawsuit under RICO, Lanham Act, and CFAA, seeking damages and domain takedowns.
- Advocacy: Google supports pending US bills to target fraud/scam operations.

Quote:

"Google filed a lawsuit against 25 unnamed individuals in China behind the Lighthouse phishing as a service kit, which has reportedly victimized over 1 million people."
— Sarah Lane (05:17)

Notable Quotes & Memorable Moments

On Russia’s blackout strategy:
"Travelers can regain access by completing a captcha or verifying their identity." (00:24)
On UK insurance trends:
"Insurers increasingly require baseline cybersecurity measures and the proposed government ban on ransom payments could tighten these requirements even more." (04:51)
On Google’s lawsuit:
"The suit alleges violations of the Racketeer Influenced and Corrupt Organizations act, the Lanham act and the Computer Fraud and Abuse act, and seeks damages and a court order to block Lighthouse linked domains." (05:27)

Timestamps for Important Segments

Russia’s Mobile Blackout: 00:07–00:37
Windows 11 Passkey Support: 00:37–01:07
Synology BeeStation Flaw: 01:07–01:40
Cisco/Citrix APT Attack: 01:40–02:18
Danabot Banking Trojan Update: 03:28–03:57
UK Cybersecurity Bill: 03:57–04:26
UK Cyber Insurance Payouts: 04:26–05:06
Google vs. Lighthouse Kit: 05:06–06:01

Tone and Style

For more in-depth coverage on these stories, listeners are directed to CISOseries.com.

wavePod

Powered by Wave AI

Summary

Cyber Security Headlines – November 13, 2025

Key Discussion Points

1. Mobile Blackout for Russian Travelers

2. Windows 11 Supports Third-Party Passkey Apps

3. Synology Patches BeeStation RCE Flaw

4. Amazon Ties Cisco, Citrix Attacks to APT Group

5. Danabot Malware Returns in New Form

6. UK Unveils New Cybersecurity Bill

7. UK Cyber Insurance Payouts Soar

8. Google Sues Lighthouse Phishing Kit Operators

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style

Summary

Cyber Security Headlines – November 13, 2025

Key Discussion Points

1. Mobile Blackout for Russian Travelers

2. Windows 11 Supports Third-Party Passkey Apps

3. Synology Patches BeeStation RCE Flaw

4. Amazon Ties Cisco, Citrix Attacks to APT Group

5. Danabot Malware Returns in New Form

6. UK Unveils New Cybersecurity Bill

7. UK Cyber Insurance Payouts Soar

8. Google Sues Lighthouse Phishing Kit Operators

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone and Style