Lesson from the Cloudflare Outage: Don’t Jump to Conclusions About External Threats

Article link: https://www.scworld.com/perspective/lesson-from-the-cloudflare-outage-dont-jump-to-conclusions-about-external-threats  

• A review of the recent Cloudflare outage highlights how quickly speculation about cyberattacks can spread. Early speculation about a Distributed Denial-of-Service (DDoS) attack circulated widely before technical details were confirmed.
• Engineers later confirmed that internal configuration errors caused the disruption. Despite thwarted recent attacks by Mirai botnet variants, no evidence linked the event to outside interference.
• The article points out that limited early information, combined with the security community’s desire for immediate answers, often fuels misinterpretation, complicating communications during incidents.
• Organizations are encouraged to prioritize fact-based updates, as transparent messaging during service interruptions helps maintain trust.

Google Chrome Bug Exploited as an 0-Day – Patch Now or Risk Full System Compromise

Article Link: https://www.theregister.com/2025/11/18/google_chrome_seventh_0_day/

• Google disclosed a high-severity Chrome vulnerability (CVE-2025-13223) being actively exploited by unknown threat actors. The flaw allows attackers to trigger memory corruption and potentially gain full system control.
• The article warns that exploitation can lead to arbitrary code execution and requires only a crafted webpage. Victims can be compromised without downloads or additional interaction.
• Google issued an emergency patch while urging users to update immediately. The company issued a second patch the same day for another high-severity Chrome vulnerability, tracked as CVE-2024-13224, for which there have not yet been any reports of exploitation.
• Security teams are encouraged to fast-track browser updates and monitor for unusual browser crashes. Lagging enterprise patching remains a leading risk for drive-by compromise campaigns.

Microsoft Urgent Warning: Agentic OS Features in Windows 11 Open the Door to Malware

Article link: https://www.windowscentral.com/microsoft/windows-11/microsoft-warns-security-risks-agentic-os-windows-11-xpia-malware

• Microsoft issued an advisory about new agentic OS features that allow autonomous AI processes to operate on Windows 11. These autonomous capabilities allow AI agents to perform complex tasks across the system.
• Adversaries may abuse the behavior-execution layer to trigger unauthorized tasks. Microsoft noted that unmonitored agent activity could bypass traditional controls.
• Early testing shows that the behavior-execution layer could trigger unapproved file operations or network activity. Such misuse complicates detection because actions appear system-initiated.
• Microsoft recommends strict policy controls and human oversight of agent activity with tamper-evident logging. Monitoring agent-generated activity helps reduce the risk of covert manipulation.

Germany’s BSI Warns of Rising Evasion Attacks on LLMs

Article link: https://securityaffairs.com/184606/security/germanys-bsi-issues-guidelines-to-counter-evasion-attacks-targeting-llms.html  

• Germany’s Federal Office for Information Security (BSI) issued new guidance warning about the rise of evasion attacks targeting large language models. These attacks involve crafted inputs designed to bypass controls and manipulate system behavior.
• The publication highlights risks such as prompt injection, jailbreak methods, and data manipulation. It stresses these techniques can subvert safeguards even in otherwise well-configured environments.
• BSI recommends combining secure system prompts, malicious-content filtering, and Zero Trust principles. Additional steps include anomaly monitoring and requiring explicit user confirmation before executing sensitive actions.
• The guidance urges organizations to adopt layered defenses rather than relying on single controls. A practical checklist and use cases help developers and IT managers integrate protections into operational AI systems.
• Report: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/KI/Evasion_Attacks_on_LLMs-Countermeasures.pdf?__blob=publicationFile&v=2

Overconfidence Is the New Zero-Day as Teams Stumble Through Cyber Simulations

Article link: https://www.theregister.com/2025/11/17/immersive_cyber_resilience_report/

• Immersive Labs’ 2025 Cyber Workforce Benchmark Report shows that teams routinely “fail” tabletop exercises due to misplaced confidence in their readiness. Many assume their procedures are mature but struggle when faced with simulated disruption.
• Analysts found that organizations often underestimate communication breakdowns during incidents. Even well-staffed teams misjudge how long it takes to coordinate responses.
• Exercises revealed repeated delays in decision making and escalation marked in part by participation disparities. Only 41 percent of organizations included non-technical roles in their exercises, yet 90 percent believe their interdepartmental communications during an incident are effective.
• The report’s statistics and conclusions suggest steps for improvement include increasing both training rigor and leadership-level involvement. Consistent simulation builds confidence grounded in real capability, rather than assumptions.

*Note: The word “fail” in this article summary reflects language used by the Founder and Chief Innovation Officer of Immersive Labs, creators of the Immersive One cyber simulation platform being referenced in the article. We at FRSecure believe in the importance of cyber simulations and offer both incident response and disaster recovery tabletop exercise facilitation for our clients. We do not use the word “failure” as it pertains to stumbling on an exercise, for we consider such occurrences as a purely learning experiences that build organizations’ cyber resilience, not failure.

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

Article Link: https://thehackernews.com/2025/11/sneaky-2fa-phishing-kit-adds-bitb-pop.html

• A phishing kit uses “Browser-in-the-Browser” (BitB) pop-ups to mimic real authentication windows, making fake login prompts nearly indistinguishable from legitimate ones.
• Attackers lure victims with crafted URLs that open deceptive panels layered inside the browser with the goal of tricking a user into bypassing their visual cues and entering their credentials.
• Sneaky 2FA’s sophistication extends beyond its BitB functionality. The kit utilizes CAPTCHA and Cloudflare Turnstile to prevent security tools from accessing the phishing sites, while leveraging conditional loading to funnel only intended targets to the sites and redirect the rest to benign sites.
• The article emphasizes extreme user caution in opening suspicious messages or installing browser extensions, as well as conditional access policies that prevent takeover attacks due to illicit logins.

DoorDash Confirms Data Breach After Hackers Access Users’ Personal Data

Article link: https://cyberpress.org/doordash-confirms-data-breach/  

• DoorDash confirmed a breach that exposed personal information after attackers tricked an employee through a social engineering scam. The company emphasized that the intrusion bypassed technical controls by targeting human behavior rather than system flaws.
• The attacker accessed names, email addresses, phone numbers, and physical addresses. DoorDash confirmed that identification numbers, payment data, and other sensitive financials remained secure.
• Investigators quickly contained the breach and brought in law enforcement and external cybersecurity specialists. This response reflects the seriousness of the incident and DoorDash’s effort to determine the full scope of unauthorized access.
• The company introduced new security upgrades and expanded employee training to counter social engineering tactics. The incident highlights the growing trend of human-focused attacks that evade traditional defenses, further emphasizing the need for continued investment in employee education.

Chinese Nation-State Groups Hijacking Software Updates

Article link: https://www.databreachtoday.com/chinese-nation-state-groups-hijacking-software-updates-a-30059

• Security researchers from ESET reported that Chinese nation-state groups are increasingly hijacking trusted software updates to widely used apps to deliver Windows malware. Researchers observed attackers redirecting DNS queries to attacker-controlled nodes pushing malicious updates.
• One major campaign is attributed to PlushDaemon, active since at least 2018 and targeting users across Asia, New Zealand, and the U.S. The group reportedly often compromises routers and network devices likely through vulnerabilities or weak or well-known default admin credentials.
• After router compromise, attackers deploy EdgeStepper, a network implant that reroutes legitimate update traffic, pushes additional downloaders, and installs a custom backdoor on a victim’s system. Victims often discover compromise only after observing unusual system behavior.
• Several of the active China-aligned APT groups ESET is currently tracking are using this DNS hijacking to manipulate software update protocols. Defense has been challenging because the malicious updates often resemble normal errors, highlighting the need for heightened monitoring and awareness.
• ESET research: https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/

SEC Drops Remaining Claims Against SolarWinds Over 2020 Hack

Article link: https://www.crn.com/news/security/2025/sec-drops-remaining-claims-against-solarwinds-over-2020-hack  

• The SEC has dismissed its remaining claims against SolarWinds and its CISO, ending the high-profile case tied to the 2020 supply-chain hack. The company called the move a “vindication” of its long-standing position.
• The original charges alleged fraud and internal control failures related to SolarWinds’ public disclosures. A July 2024 ruling had already thrown out most of the accusations, weakening the SEC’s case.
• The dismissal follows months of paused litigation as both sides appeared to move toward a settlement. Judge Engelmayer previously ruled that many of the SEC’s claims lacked grounding in the company’s pre-incident disclosures.
• SolarWinds said it hopes the decision eases concerns among CISOs who feared the case might set a precedent that penalized transparent security leadership. The company emphasized that the outcome affirms its belief that its team acted appropriately throughout the incident.