CyberNews: 13/11/2025 Edition

Published by Dunateo on 2025-11-13

Today’s roundup

  • Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
  • U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog
  • DanaBot malware is back to infecting Windows after 6-month break
  • Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack
  • When Attacks Come Faster Than Patches: Why 2026 Will be the Year of Machine-Speed Security
  • US announces ‘strike force’ to counter Southeast Asian cyber scams, sanctions Myanmar armed group
  • DHS Kept Chicago Police Records for Months in Violation of Domestic Espionage Rules
  • Russia imposes 24-hour mobile internet blackout for travelers returning home
  • Windows 11 now supports 3rd-party apps for native passkey management
  • Extending Zero Trust to AI Agents: “Never Trust, Always Verify” Goes Autonomous

    • Summary

    Amazon's threat intelligence reported an advanced threat actor actively exploited Cisco ISE (CVE-2025-20337) and Citrix NetScaler ADC (CVE-2025-5777) zero-days for pre-authentication remote code execution. Attackers deployed custom, in-memory webshells, demonstrating sophisticated "patch-gap" exploitation targeting critical identity infrastructure.

    CISA added the Gladinet Triofox Improper Access Control vulnerability (CVE-2025-12480) to its Known Exploited Vulnerabilities catalog. Mandiant observed threat actors, specifically UNC6485, exploiting this flaw to bypass authentication and deploy remote access tools via the platform's antivirus feature.

    The DanaBot malware has resurfaced, actively infecting Windows systems. This resurgence follows a six-month disruption of its operations by law enforcement during Operation Endgame, indicating a renewed threat.

    Researchers identified a large-scale spam campaign that has flooded the npm registry with over 67,000 fake, financially motivated packages since early 2024. These junk packages persisted for nearly two years, highlighting a novel supply chain concern.

    Industry reports for 2025 reveal that 50-61% of new vulnerabilities are weaponized within 48 hours of disclosure, accelerating faster than patch deployment. This trend signifies a critical challenge for effective cybersecurity defense.

    The U.S. launched a "strike force" to combat Southeast Asian cyber scam compounds, which have stolen billions from Americans. The initiative also sanctioned a Myanmar armed group for its involvement in these financially motivated cybercrimes.

    The Department of Homeland Security retained Chicago police records on residents with alleged gang ties for months, violating domestic espionage rules. The data, intended for an FBI watchlist test, was not deleted as required, raising privacy concerns.

    Russia imposed a 24-hour mobile internet blackout for travelers returning home, citing concerns over domestic SIM card use in Ukrainian drones. This action reflects a state-level measure for national security and information control.

    Microsoft now provides native support for third-party passkey managers on Windows 11, with 1Password and Bitwarden being among the first integrated. This aims to simplify and enhance passwordless authentication and user security.

    As AI agents gain autonomy, cybersecurity professionals are working to extend Zero Trust principles—scoped access, continuous monitoring, and human accountability—to secure these systems. Traditional models are insufficient for autonomously acting AI.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-20337 Critical
    CVE-2025-5777 High
    CVE-2025-12480 Critical