CyberNews: 11/11/2025 Edition

Published by Dunateo on 2025-11-11

Today’s roundup

  • North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors
  • Quantum Route Redirect PhaaS targets Microsoft 365 users worldwide
  • Popular JavaScript library expr-eval vulnerable to RCE flaw
  • Android Trojan 'Fantasy Hub' Malware Service Turns Telegram Into a Hub for Hackers
  • 65% of Leading AI Companies Found With Verified Secrets Leaks
  • China-Aligned UTA0388 Uses AI Tools in Global Phishing Campaigns
  • Denmark and Norway investigate Yutong bus security flaw amid rising tech fears
  • Former Trump official named NSO Group executive chairman
  • Russian missile barrage disrupts internet, customs databases in Ukraine

    • Summary

    North Korea's Konni APT is exploiting Google's Find Hub for data wiping and GPS tracking on Android devices in South Korea. Impersonating counselors, they used KakaoTalk to distribute malware, gaining access for remote factory resets and deploying multiple RATs. This marks a novel TTP for state-sponsored data destruction.

    A new Phishing-as-a-Service, "Quantum Route Redirect," is utilizing 1,000 domains for global credential theft targeting Microsoft 365 users. This platform significantly scales phishing operations, posing a significant threat to M365 environments.

    A critical remote code execution (RCE) flaw affects "expr-eval," a JavaScript library with over 800,000 weekly NPM downloads. Malicious input can execute arbitrary code, creating a high software supply chain risk.

    "Fantasy Hub," a new Android Remote Access Trojan (RAT), is sold as MaaS on Russian Telegram channels. It offers extensive mobile espionage, including data collection and communication interception from compromised devices.

    A study indicates 65% of leading AI companies have leaked sensitive data and secrets on GitHub, risking $400 billion. This highlights pervasive security issues in the AI development supply chain.

    China-aligned APT group UTA0388 is employing AI tools, including Large Language Models, in global spear-phishing campaigns. This integration enhances their social engineering and attack effectiveness.

    Denmark and Norway are investigating a security flaw in Chinese-made Yutong electric buses. Concerns arise over critical infrastructure reliance on Chinese technology, with fears of remote tampering or disablement.

    David Friedman, a former U.S. ambassador, is the new executive chairman of NSO Group. This leadership change occurs as the controversial Israeli spyware firm's founders reportedly no longer hold a stake.

    Russian missile strikes caused widespread internet and customs database disruptions in Ukraine, including Kyiv. Emergency blackouts led to significant communication outages, impacting digital infrastructure.

    Want to dig deeper?

    Malware Families

    Global GLOBAL GROUP
    Konni