Daily Security Digest – 2025-11-13
🛡️ Security Feed Digest – 2025-11-13
Total Articles: 21 SMB Tagged: 21
Key Takeaways
- Sophisticated phishing threats continue to evolve - The "Lighthouse" phishing platform has compromised over 1 million users worldwide, using trusted brands to steal financial information on an industrial scale (Category: High-Risk). Small/medium business leaders must be aware of these advanced phishing tactics and implement robust security measures to protect their employees and customers.
- Artificial intelligence (AI) poses a significant cybersecurity risk - Unsanctioned use of AI within your company can lead to unintended data leakage and other security vulnerabilities that are difficult to detect (Category: Emerging). Small/medium business leaders must ensure that any AI-powered solutions or tools used in their organization are properly sanctioned, monitored, and managed.
- Small businesses may be at risk if they take matters into their own hands - Launching "hackbacks" against cyber attackers without proper authority can lead to further complications and potential liabilities (Category: Other). Small/medium business leaders should prioritize working with law enforcement and cybersecurity experts rather than attempting to retaliate against hackers.
High-Risk
- [SMB] Google Sues China-Based Hackers Behind $1 Billion Lighthouse Phishing Platform
https://thehackernews.com/2025/11/google-sues-china-based-hackers-behind.html
Wed, 12 Nov 2025 21:18:00 +0530
Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit is used t... - [SMB] Smashing Security podcast #443: Tinder’s camera roll and the Buffett deepfake
https://grahamcluley.com/smashing-security-podcast-443
Thu, 13 Nov 2025 00:25:57 +0000
Stories from the world of hacking, ransomware, cybersecurity, and rogue AI. Tinder has got a plan to rummage through your camera roll, and Warren Buffett keeps popping up in convincing deepfakes dishing “number one investment tips.” Meanwhile, will agentic AI replace your co-hosts before you can s... - [SMB] Russian hacker admits helping Yanluowang ransomware infect companies
https://bitdefender.com/en-us/blog/hotforsecurity/russian-hacker-admits-helping-yanluowang-ransomware-infect-companies
Wed, 12 Nov 2025 10:15:18 +0000
Protect all your devices, without slowing them down. A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents. 25-year-old Aleksey Olegovich Volkov worked as an "initial access br... - [SMB] November Patch Tuesday does its chores
https://news.sophos.com/en-us/2025/11/12/november-patch-tuesday-does-its-chores
Wed, 12 Nov 2025 23:51:37 +0000
Microsoft on Tuesday announced 63 patches affecting 13 product families. Four of the addressed issues are considered by Microsoft to be of Critical severity, and nine have a CVSS base score of 8.0 or higher. One is known to be under active exploit in the wild, though neither it nor any other issue a... - [SMB] Attackers accelerate, adapt, and automate: Rapid7’s Q3 2025 Threat Landscape Report
https://rapid7.com/blog/post/tr-rapid7-q3-2025-threat-landscape-report
Wed, 12 Nov 2025 13:55:11 GMT
The Q3 2025 Threat Landscape Report, authored by the Rapid7 Labs team, paints a clear picture of an environment where attackers are moving faster, working smarter, and using artificial intelligence to stay ahead of defenders. The findings reveal a threat landscape defined by speed, coordination, and... - [SMB] Smarter Scams, Sharper Awareness: How to Recognize and Prevent Financial Fraud in the Digital Age
https://cysecurity.news/2025/11/smarter-scams-sharper-awareness-how-to.html
2025-11-12T12:03:00.002-05:00
Technology gives fraudsters global reach, but it also equips users with tools to fight back. Fraud has evolved into a calculated industry powered by technology, psychology, and precision targeting. Gone are the days when scams could be spotted through broken English or unrealistic offers al... - [SMB] Bluetooth Security Risks: Why Leaving It On Could Endanger Your Data
https://cysecurity.news/2025/11/bluetooth-security-risks-why-leaving-it.html
2025-11-12T09:55:00.000-05:00
Bluetooth technology, widely used for wireless connections across smartphones, computers, health monitors, and peripherals, offers convenience but carries notable security risks—especially when left enabled at all times. While Bluetooth security and encryption have advanced over decades, the protoco... - [SMB] User Privacy:Is WhatsApp Not Safe to Use?
https://cysecurity.news/2025/11/user-privacyis-whatsapp-not-safe-to-use.html
2025-11-12T09:54:00.001-05:00
The message content itself is shielded by end-to-end encryption, which is the default setting for all 3 billion WhatsApp users. WhatsApp allegedly collects data The mega-messenger from Meta is allegedly collecting user data to generate ad money, according to recent attacks on WhatsApp. WhatsApp ... - [SMB] Hacker Claims Responsibility for University of Pennsylvania Breach Exposing 1.2 Million Donor Records
https://cysecurity.news/2025/11/hacker-claims-responsibility-for.html
2025-11-12T09:54:00.000-05:00
A hacker has taken responsibility for the University of Pennsylvania’s recent “We got hacked” email incident, claiming the breach was far more extensive than initially reported. The attacker alleges that data on approximately 1.2 million donors, students, and alumni was exposed, along with internal ... - [SMB] Why It’s Time to Stop Saving Passwords in the Browser
https://cysecurity.news/2025/11/why-its-time-to-stop-saving-passwords.html
2025-11-12T08:23:00.000-05:00
Relying on browsers to store passwords may seem convenient, but experts warn it exposes users to serious cybersecurity vulnerabilities. As convenience often takes precedence over caution in the digital age, the humble "Save Password" prompt has quietly become one of the most overlooked security tra...
Awareness
- [SMB] Google Looks to Dim 'Lighthouse' Phishing-as-a-Service Op
https://darkreading.com/threat-intelligence/google-dim-lighthouse-phishing-as-a-service
Wed, 12 Nov 2025 21:49:46 GMT
The phishing kit, run by a group known as the "Smishing Triad," has powered massive amounts of unpaid tolls and package tracking texts.... - [SMB] Phishing Tool Uses Smart Redirects to Bypass Detection
https://darkreading.com/endpoint-security/phishing-tool-smart-redirects-bypass-email-security
Wed, 12 Nov 2025 15:48:14 GMT
A campaign against Microsoft 365 users leverages Quantum Route Redirection, which simplifies previously technical attack steps and has affected victims across 90 countries.... - [SMB] Google sues to dismantle Chinese phishing platform behind US toll scams
https://bleepingcomputer.com/news/security/google-sues-to-dismantle-chinese-phishing-platform-behind-us-toll-scams
Wed, 12 Nov 2025 15:59:44 -0500
Google has filed a lawsuit to dismantle "Lighthouse", a phishing-as-a-service (PhaaS) platform used by cybercriminals worldwide to steal credit card information through SMS phishing ("smishing") attacks that impersonate the U.S. Postal Service (USPS) and E-ZPass toll systems. The lawsuit aims to sh... - [SMB] New Google Study Reveals Threat Protection Against Text Scams
https://cysecurity.news/2025/11/new-google-study-reveals-threat.html
2025-11-11T11:29:00.001-05:00
As Cybersecurity Awareness Month comes to an end, we're concentrating on mobile scams, one of the most prevalent digital threats of our day. Over $400 billion in funds have been stolen globally in the past 12 months as a result of fraudsters using sophisticated AI tools to create more convincing sch...
Emerging
- [SMB] Why shadow AI could be your biggest security blind spot
https://welivesecurity.com/en/business-security/shadow-ai-security-blind-spot
Tue, 11 Nov 2025 10:00:00 +0000
From unintentional data leakage to buggy code, here’s why you should care about unsanctioned AI use in your company Shadow IT has long been a thorn in the side of corporate security teams. After all, you can’t manage or protect what you can’t see. But things could be about to get a lot worse. The s... - [SMB] Defending the future: Our commitment to responsible AI in cybersecurity
https://news.sophos.com/en-us/2025/11/12/defending-the-future-our-commitment-to-responsible-ai-in-cybersecurity
Wed, 12 Nov 2025 14:45:58 +0000
In the rapidly evolving landscape of cyber threats, artificial intelligence is no longer a luxury: it’s a necessity. At Sophos, we recognized this reality early: we’ve been integrating sophisticated AI capabilities across our product portfolio since 2017. This deep, practical expertise has allowed ...
Other
- [SMB] [Webinar] Learn How Leading Security Teams Reduce Attack Surface Exposure with DASR
https://thehackernews.com/2025/11/webinar-learn-how-leading-security.html
Wed, 12 Nov 2025 17:25:00 +0530
Every day, security teams face the same problem—too many risks, too many alerts, and not enough time. You fix one issue, and three more show up. It feels like you're always one step behind. But what if there was a smarter way to stay ahead—without adding more work or stress? Join The Hacker News a... - [SMB] On Hacking Back
https://schneier.com/blog/archives/2025/11/on-hacking-back.html
2025-11-12T12:01:53Z
Former DoJ attorney John Carlin writes about hackback, which he defines thus: “A hack back is a type of cyber response that incorporates a counterattack designed to proactively engage with, disable, or collect evidence about an attacker. Although hack backs can take on various forms, they are—by de... - [SMB] Sophos Firewall v22: Your top-requested features
https://news.sophos.com/en-us/2025/11/12/sophos-firewall-v22-your-top-requested-features
Wed, 12 Nov 2025 14:00:47 +0000
In the last few articles on the topic of our latest Sophos Firewall release, we’ve discussed many of the important enhancements to Secure by Design in Sophos Firewall v22. You will be delighted to know that this release also includes many of your top-requested features, such as… Instant web notific...