Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Wednesday, November 5, 2025. I'm Sarah Lane. Scattered Spider Lapsus and Shiny Hunters join Forces trustwave Spider Labs said in a report shared with the Hacker News that three major cybercrime groups, Scattered Spider Lapsus and Shiny Hunters, have merged into a new collective called Scatter lapsus hunters, or SLH, operating at least 16 Telegram channels since August, running an extortion as a service model and possibly developing its own ransomware. Shiny Spider Trust Wave describes the group as blending profit driven crime with hacktivist theatrics using Telegram poor coordination and reputation building. Nikkei reports Data breach impacting 17,000 people Japanese publishing giant Nikkei disclosed a slack breach affecting 17,368 employees and partners after malware stole an employee's credentials. Exposed data included names, emails and chat histories, but no journalistic sources appear to be affected. The breach was discovered back in September and prompted password resets and voluntary notification to Japan's Personal Information Protection Commission. React Native NPM flaw leads to attacks JFrog researchers discovered a critical vulnerability in the popular react native community CLI npm package. Used roughly 2 million times each week. The flaw lets unauthenticated attackers execute arbitrary code via crafted post requests. It affects developers running the Metro Development Server on Windows macrosOS and Linux meta, which maintains React Native patched the issue and developers are urged to update immediately. Data stolen in university Hacking the University of Pennsylvania confirmed a cyber incident on October 31st after mass emails were sent from compromised Graduate School of Education accounts criticizing the university. The purported attacker told Bleeping Computer the they accessed a Penkey SSO account, gaining entries to Penn's VPN, Salesforce, SAP and other systems. About 1.2 million records were reportedly stolen, including names, contact details, donation history and demographic data. A 1.7 gigabyte archive of the data has since been published online. Huge thanks to our sponsor ThreatLocker. Imagine having the power to decide exactly what runs your IT environment and blocking everything else by default. That is what ThreatLocker delivers as a zero trust endpoint protection platform. ThreatLocker fills the gaps traditional solutions leave behind, giving your business stronger security and control. Don't just react to threats, stop them with ThreatLocker. Trufflenet wields stolen credentials against AWS Fortinet AI researchers uncovered a large scale campaign dubbed Trufflenet that uses stolen AWS credentials and open source tools like Trufflehog to perform reconnaissance and launch business email compromise or BEC scams. The attackers exploited AWS's simple email service through hundreds of compromised hosts across 57 networks, using Docker management tool Portainer to coordinate their infrastructure, Fortinet warns. The attack highlights how credential theft enables large scale AWS abuse and cloud based fraud. Eight sanctioned for laundering North Korea earnings the US treasury sanctioned eight individuals and two North Korean entities, Korea Mangyongdae Computer Technology Co. Or KMCTC, and Ryujiang Credit bank for laundering funds from North Korea's cybercrime and IT worker schemes, officials say. KMCTC runs IT operations in China that use local proxies to funnel earnings home, while Ryujiang manages laundering. Treasury linked the network to $5.3 million in stolen crypto tied to ransomware and broader efforts towards a weapons program. Cybersecurity program not effective after staff cuts the Federal Reserve's Office of Inspector General found the Consumer Financial Protection Bureau cybersecurity program ineffective after staff cuts and reduced contractor support. The audit noted. The agency is not keeping up with system authorizations, relying on undocumented risk acceptance and using outdated software. The program dropped to level 2 maturity in 2025 from level 4. Remaining staff have been implementing some mitigations, including ransomware response processes and weekly risk meetings, while legacy IT modernization continues. Swedish Data breach impacts 1.5 million Swedish IT supplier Mobile Data experienced a cyber attack, exposing data for 1.5 million people. The breach impacted roughly 80% of Sweden's municipalities, including names, addresses, emails, pharma phone numbers, government IDs and dates of birth. Attackers demanded 1.5 Bitcoin and later posted the stolen data on the dark web via Threat Group. Data Carry, Sweden's Authority for Privacy Protection, also known as imy, is now investigating potential GDPR violations. Don't forget to register to join us for our upcoming Super Cyber Friday conversation all about hacking remediation. We will be spending an hour digging into how to move alerts from found to fixed. If you've never come to a Super Cyber Friday live stream, these are fully interactive conversations. We've got a chat room going, we've got fun games and a meetup with our guests. After the show, head on over to the events page@cisoseries.com to register. And if you have thoughts on the news from today or about our show in general, be sure to reach out to us feedbackisoseries.com we would love to hear from you. I am Sarah Lane reporting for the CISO series. Thank you for listening and we'll talk to you tomorrow.