Curly COMrades Use Hyper-V for Malware Deployment; AI Chat Vulnerabilities Exposed
Tuesday, November 11, 2025
Top 5 Cybersecurity Stories You Should Know
-
Curly COMrades Use Hyper-V for Malware Deployment; AI Chat Vulnerabilities Exposed — tl;dr: The week saw significant cybersecurity threats, including Curly COMrades exploiting Microsoft's Hyper-V to deploy malware in hidden virtual machines, bypassing endpoint security. A novel side-channel attack, dubbed Whisper Leak, allows adversaries to infer AI chat topics from encrypted traffic. Additionally, a zero-day vulnerability in Samsung devices was exploited to deliver LANDFALL spyware, targeting sensitive data. Microsoft Teams vulnerabilities were also patched to prevent impersonation attacks. Organizations should enhance monitoring for unusual VM activity and ensure timely updates to mitigate these evolving threats.
↪ https://thehackernews.com/2025/11/weekly-recap-hyper-v-malware-malicious.html -
Clorox Sues Cognizant Over Cyberattack Negligence Amid Multiple Data Breaches — tl;dr: Clorox has filed a $380 million lawsuit against IT company Cognizant, alleging negligence in handling a cyberattack by the group Scattered Spider, which disrupted its operations in August 2023. Meanwhile, several other organizations, including AMEOS Group and CoinDCX, have reported significant data breaches affecting personal information and financial assets. Affected individuals are advised to monitor their accounts for suspicious activity and consider enrolling in credit monitoring services. As cyber threats continue to rise, organizations must enhance their cybersecurity measures to prevent similar incidents.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-30-2025 -
Palo Alto Networks Identifies Exploited Firewall Vulnerabilities CVE-2025-0111, 0108 — tl;dr: Palo Alto Networks has confirmed that a file read vulnerability (CVE-2025-0111) is being actively exploited in conjunction with two other vulnerabilities (CVE-2025-0108 and CVE-2024-9474) to compromise PAN-OS firewalls. While patches for these vulnerabilities were released on February 12, 2025, many devices remain unpatched, leaving them vulnerable to attacks. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2025-0108 to its 'Known Exploited Vulnerabilities' catalog, urging immediate action for federal agencies. Organizations are advised to secure their management interfaces and apply the necessary updates to mitigate risks.
↪ https://www.bleepingcomputer.com/news/security/palo-alto-networks-tags-new-firewall-bug-as-exploited-in-attacks/ -
2025 Data Breaches: Major Incidents Affecting Global Corporations — tl;dr: In 2025, numerous companies, including Hyundai, Qantas, and The Washington Post, experienced significant data breaches, impacting millions of individuals. The breaches resulted from various cyberattacks, including phishing, ransomware, and unauthorized access to third-party platforms. For instance, Hyundai's breach compromised data for 2.7 million owners, while Qantas faced a leak of personal information for over five million customers. Businesses are urged to enhance cybersecurity measures, such as implementing two-factor authentication and conducting regular staff training, to mitigate the risks of falling victim to similar attacks.
↪ https://tech.co/news/data-breaches-updated-list -
Exploit Code Released for IngressNightmare Vulnerabilities in NGINX (CVE-2025-1097, CVE-2025-1098) — tl;dr: A proof-of-concept (PoC) exploit has been released for critical unauthenticated Remote Code Execution vulnerabilities in the Ingress NGINX Controller for Kubernetes, identified as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These vulnerabilities can lead to unauthorized access to secrets across namespaces and potentially a full cluster takeover. Affected users are urged to upgrade to patched versions (1.12.1 or 1.11.5) immediately, restrict admission webhook access, and consider disabling the admission controller if necessary. The exploit code is available on GitHub for educational purposes only.
↪ https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/
Featured LufSec Resource
Intro to IoT Hacking (Free) — Kickstart device hacking safely with hands-on basics.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
