CyberNews: 20/11/2025 Edition

Published by Dunateo on 2025-11-20

Today’s roundup

  • U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
  • Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks
  • New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices
  • Crypto mixer founders sent to prison for laundering over $237 million
  • CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat
  • TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign
  • Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
  • The AI Attack Surface: How Agents Raise the Cyber Stakes
  • International operation traces $55 million crypto trail of digital piracy sites
  • Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

    • Summary

    The U.S. CISA has added Google Chromium V8 flaw CVE-2025-13223 to its KEV catalog, citing active exploitation for potential code execution. Federal agencies are mandated to patch by December 10, 2025.

    Iran-linked actors are increasingly employing "cyber-enabled kinetic targeting," integrating cyber reconnaissance with real-world physical attacks to support military objectives.

    Sturnus, a new Android banking trojan, bypasses end-to-end encrypted messaging by capturing content directly from device screens after decryption.

    Samourai Wallet founders were imprisoned for laundering over $237 million in criminal funds via their cryptocurrency mixing service.

    CTM360 exposed "HackOnChat," a global WhatsApp hijacking campaign leveraging deceptive authentication portals and social engineering.

    The TamperedChef malvertising campaign uses fake software installers to deliver JavaScript malware for persistence and remote access.

    Sneaky2FA, a Phishing-as-a-Service kit, now integrates the Browser-in-the-Browser attack for more deceptive phishing campaigns.

    Agentic AI systems present a new attack surface, vulnerable to hijacking that could subvert goals and compromise entire networks.

    An international Europol-led operation disrupted $55 million in cryptocurrency services tied to 69 digital piracy sites across 15 countries.

    A Python-based WhatsApp worm is spreading the Eternidade Stealer banking trojan in Brazil through social engineering and IMAP C2.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-13223 High

    Cyber Groups

    Earth Lusca TAG-22, Charcoal Typhoon, CHROMIUM, ControlX

    Malware Families

    TamperedChef
    Global GLOBAL GROUP