Cybersecurity Update 1-14 November 2025

United States of America

Anthropic’s Claude Used for Chinese Espionage Campaign. On 13 November 2025, Anthropic published a report about how Chinese malicious actors abused the Claude AI tool to automate espionage operations. The malicious actors “used AI's 'agentic' capabilities to an unprecedented degree – using AI not just as an advisor, but to execute the cyber attacks themselves.” The campaign targeted around thirty organizations—including large tech companies, financial institutions, chemical manufacturing companies, and government agencies —and succeeded in "a small number of cases." The malicious actors managed to jailbreak Claude by telling it that they were employees of a cybersecurity company and were using the tool for defensive purposes. Anthropic calls this "the first documented case of a large-scale cyberattack executed without substantial human intervention.” Anthropic explains, "The architecture incorporated Claude’s technical capabilities as an execution engine within a larger automated system, where the AI performed specific technical actions based on the human operators’ instructions while the orchestration logic maintained attack state, managed phase transitions, and aggregated results across multiple sessions. This approach allowed the threat actor to achieve operational scale typically associated with nation-state campaigns while maintaining minimal direct involvement, as the framework autonomously progressed through reconnaissance, initial access, persistence, and data exfiltration phases by sequencing Claude’s responses and adapting subsequent requests based on discovered information.” Between 80% and 90% of the attack was conducted using AI, with human intervention required at between four to six key decision points. Anthropic said it banned a number of accounts linked to the attack, notified affected organizations and reported the attacks to authorities. (Anthropic Report, ArsTechnica, CybersecurityDive, WSJ, Hacker News)

Claude AI APIs can be Abused for Data Exfiltration. On 28 October 2025, a researcher published a finding that shows how Anthropic’s added the capability for Claude’s Code Interpreter can be abused by an adversary (either the model or third-party attacker via indirect prompt injection) to exfiltrate data the user has access to. This abuse is only possible if the AI model has network access (a feature enabled by default on certain plans and meant to allow Claude to access certain resources, such as code repositories and Anthropic APIs. The attack is relatively straightforward: an indirect prompt injection payload can be used to read user data and store it in a file in Claude Code Interpreter’s sandbox, and then to trick the model into interacting with the Anthropic API using a key provided by the attacker. (Embrace the Red Blog, Security Week)

GitHub is Launching a Hub for Multiple AI Coding Agents. On 28 October 2025, GitHub’s introduced a single, unified workflow for developers to be able to orchestrate any agent, any time, anywhere, dubbed “Agent HQ.” Instead of using Github’s Co-Pilot, developers will be able to access/use OpenAI’s Codex, Anthropic’s Claude, Google’s Jules, xAI, and Cognition’s Devin within GitHub in the coming months. Additionally, GitHub is launching a few other tools, including a new Plan Mode in VS Code that uses Copilot to create a step-by-step plan for a task that its AI coding agent will later execute. GitHub is also adding a code review step to Copilot, allowing the agent to access tools, such as CodeQL, that it can use to evaluate code before passing it along to a developer. (The Verge, Github Blog)

FCC Intends to Reverse Cybersecurity Mandates Enacted in the Wake of Chinese (Salt Typhoon) Intrusions. On 30 October 2025, the US Federal Communications Commission (FCC) posted an order that would reverse several cybersecurity regulations that were enacted in response to China's Salt Typhoon intrusions against US telecommunications companies. The FCC will vote to "reverse an eleventh-hour Communications Assistance for Law Enforcement Act (CALEA) declaratory ruling reached by the prior FCC—a decision that both exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.” The FCC "should instead continue to pursue an agile and collaborative approach to cybersecurity through federal-private partnerships that protect and secure communications networks and more targeted, legally sound rule-making and enforcement." (The Record, FCC Blog, FCC Fact Sheet, NextGov)

Malicious Actors Target Unpatched Cisco Products. On 31 October 2025, Australia’s Signals Directorate (ASD) warned that malicious actors are installing an implant named “BADCANDY” on unpatched Cisco IOS XE devices and can detect deletion of their wares and reinstall their malware. This critical vulnerability (CVE-2023-20198) affects the web user interface (UI) feature of Cisco IOS XE Software. Exploitation of this vulnerability could allow a remote, unauthenticated user to create a highly privileged account on the vulnerable system, allowing them to take control of the system. "Rebooting an infected device removes BADCANDY, but “rebooting will not reverse additional actions taken by the threat actor and will not remedy the initial vulnerability exploited to gain access.” Organizations must patch to avoid re-exploitation. (Cisco Advice to Harden, The Register, ASD Advisory, AWS Report)

CBO Confirms It Was Breached. On 6 November 2025, the U.S. Congressional Budget Office (CBO), the nonpartisan federal agency responsible for providing economic and budgetary analysis to Congress, confirmed it was the target of a cybersecurity breach. It is suspected that the unpatched Cisco ASA firewall — visible through public internet scans — was vulnerable to known Cisco exploits used by suspected Chinese government-backed malicious actors. The CBO continues to coordinate with federal cybersecurity authorities to assess the scope of the incident and restore full system integrity. (E-SecurityPlanet, TechCrunch, Reuters, GovInfoSec, Politico)

Intel Employee Steals Trade Secrets. On 7 November 2025, Intel filed a law suit against former software engineer who allegedly stole tens of thousands of files, including data labeled as “Intel Top Secret”. On 7 July 2025, Jinfeng Luo was informed that he was being terminated and his last day would be 31 July. Eight days before his employment was to end, Luo allegedly hooked up an external hard drive to his Intel laptop, but when he tried to download a file, the company’s internal controls blocked the transfer. A few days later, Luo deployed a different technology, a more sophisticated gadget that resembles a small computer server, called a network storage device. Over the next three days, Luo downloaded nearly 18,000 files, including some labeled “Intel Top Secret”. Intel is seeking at least $250,000 in compensation from Luo. Intel also wants a court order forcing Luo to hand over his personal electronic devices for inspection, and requiring him to give the company its allegedly misappropriated confidential information. (TomsHardware, The Mercury News)

Critical Flaw in MS Teams Allowed Manipulation. On 4 November 2025, CheckPoint released a report highlighting four critical vulnerabilities in Microsoft Teams, that allows malicious actors to impersonate executives, manipulate messages, alter notifications, and forge identities in video and audio calls. Both external guest users and malicious insiders could exploit these flaws, fundamentally breaking trust in a platform used by 320M+ people worldwide. Check Point Research responsibly disclosed the vulnerabilities to Microsoft on 23 March 2024. Microsoft acknowledged the report, investigated, and subsequently issued fixes for the reported issues — all of which were resolved by the end of October 2025. (HRDive, CheckPoint Report)

Oracle’s E-Business Software Suite Breach. On 12 November 2025, Oracle began notifying at least 9700 victims — current and former employees and contractors — that their personal data and bank account numbers were compromised during the September 2025 incident. On 29 September 2025, the Cl0p ransomware syndicate claimed to have breached Oracle’s E-Business Suite, which runs core operations including financial, supply chain, and customer relationship management. Oracle released emergency fixes in late October, acknowledging the vulnerability but not disclosing the full extent of the impact on its customers. Oracle has said little publicly about the wave of mass exploitation that followed the discovery of the EBS flaw. (Maine AG, CloudSek, The Register)

Department of Justice Announces Creation of Scam Center Strike Force. On 12 November 2025, U.S. Attorney Jeanine Ferris Pirro, together with major federal law enforcement and interagency partners, announced the creation of the first District of Columbia Scam Center Strike Force to secure America against Southeast Asian cryptocurrency-related fraud and scams. The US Justice Department says the strike force will focus on investigating, disrupting, and prosecuting the most egregious Southeast Asian scam centers and their leaders, with a focus on Burma, Cambodia, and Laos. The Scam Center Strike Force seeks to use all government tools available, partnering with the State Department, the Department of Treasury’s Office of Foreign Assets Control (OFAC), and the Department of Commerce. (DOJ Announcement, The Record)

Critical Dell Data Lakehouse Flaw Allows Remote Attackers to Escalate Privileges. On 13 November 2025, Dell Technologies disclosed a critical vulnerability affecting its Data Lakehouse platform that could allow malicious actors with high-level privileges to escalate their access and compromise system integrity. The vulnerability (CVE-2025-46608 — CVSS score of 9.1) stems from an Improper Access Control issue in Dell Data Lakehouse versions before 1.6.0.0. Dell has issued a security advisory, DSA-2025-375, outlining the scope of affected deployments and providing mitigation guidance. (Dell Guidance, GB Hackers)

International Items of Interest

Theft at the Louvre: The surveillance system’s password ‘LOUVRE’ has put the museum in crisis. On 20 October 2025, the “heist of the century” took place at the Louvre. It turns out that the museum’s digital management was insufficient and the passwords for the video surveillance systems were extremely simple: ” LOUVRE ” and ” THALES,” the names of the museum and the security software responsible for protecting it, respectively. The cameras, which were supposed to document the entire robbery, returned unclear and incomplete footage. Yet, back in December 2014, three experts from the National Agency for Information Systems Security (ANSSI) conducted an inspection of the Louvre’s IT network, analyzing cameras, alarms, and access controls. “Certain workstations have obsolete operating systems (Windows 2000 and Windows XP) which no longer guarantee effective security (no antivirus updates, no passwords or session lock…).” The report highlighted a significant risk: anyone who gained control of the network could facilitate art thefts. The Inspectorate General of Cultural Affaires (IGAC) submitted its first conclusions last week, prompting the Minster of Culture to recommend new governance rules and security policies, the installation of additional security cameras around the building perimeter, and an urgent update of all security protocols and procedures by year-end. (RedHotCyber, Liberation, CSOOnline, IGAC)

Tata Motors Leaks AWS Keys. On 28 October 2025, a security researcher, Eaton Zveare, discovered (and published) that two sets of Amazon Web Services (AWS) keys were left exposed across Tata Motors' online platforms, revealing 70+ TB of sensitive information and infrastructure across hundreds of S3 buckets. The exposed information included customer invoices, financial documents, internal dashboards, and dealer performance reports. Moreover, the researcher found a backdoor within Tata Motors’ Tableau analytics platform that would allow anyone to log in without a password by spoofing a trusted user token. The researcher also discovered an exposed Azuga API key in JavaScript code used by Tata’s test-drive website, granting access to fleet management systems that track company vehicles in real time (TechRepublic, EatonWorks)

Critical Infrastructures Breached in Canada. On 29 October 2025, Canada issued a critical infrastructure alert. Malicious actors successfully breached multiple internet-connected industrial control systems (ICS) used to manage critical infrastructure, including water treatment, energy, and agricultural facilities. The malicious actors manipulated internet-connected programmable logic controllers (PLCs) and automated systems within Canadian municipal water facilities, causing changes to water pressure that temporarily degraded community services. In another case, a major Canadian oil and gas company suffered false alarms when its Automated Tank Gauge (ATG) system was tampered with. A third incident targeted a grain drying silo, where hackers altered temperature and humidity readings, potentially endangering stored agricultural goods. The compromised systems shared a common weakness: direct internet accessibility without sufficient segmentation or access control. (Canada Alert, ESecurityPlanet, Cybersecurity Dive)

Chinese Cyber Company Breached — Tools Exposed. On 2 November 2025, Knownsec, a prominent Chinese cybersecurity firm with established ties to the Chinese government, suffered a catastrophic data breach that exposed over 12,000 classified documents. The leaked materials include sophisticated software and hardware tools, internal operational procedures, and comprehensive global surveillance target lists. The documents indicate that China has advanced Remote Access Trojans that can crack Linux, Windows, macOS, iOS, and Android. The Android code can reportedly extract information from popular Chinese messaging apps, and from Telegram. Some of the data shows a comprehensive intelligence collection of government databases, critical infrastructures, and telecommunications data including: 95GB of immigration records from India; 3TB of call records from South Korean telecommunications operator LG U Plus; and 459GB of road planning data from Taiwan. (CyberPress, Tech Radar, The Register)

Cybersecurity Professionals Collaborate with Ransomware Syndicate Against Key Customers. On 2 October 2025, three co-conspirators (unnamed, Ryan Goldberg, and Kevin Martin) — cybersecurity professionals — were indicted in the US Southern District of Florida on federal charges including interfering in interstate commerce through extortion and intentionally damaging a protected computer. Martin was a ransomware negotiator at DigitalMint and Goldberg was an incident response manager at Israeli based Sygnia Cybersecurity Services. They conducted at least five ransomware attacks using the notorious ALPHV/BlackCat ransomware. From May 2023 to April 2025, the men deployed BlackCat ransomware to encrypt systems, steal sensitive data, and demand millions in cryptocurrency for decryption keys and the safe return of data from: (1) a medical device firm in Florida, (2) a pharmaceutical firm in Maryland and (3) a drone maker in Virginia, among others. The indictment does not allege that either company had any knowledge of or involvement in the criminal activity. But these professionals became an insider threat and companies should consider expanding the scope of how they vet third parties who have intimate knowledge of critical situations. This incident shows that third parties may exploit their access to conduct attacks for personal profit at the expense of their employer and customers. (Indictment, Cyberscoop, The Register, Chicago Sun Times, CNN)

UK Cybersecurity Legislation for Minimum Standards for Critical Infrastructures. On 12 November 2025, the UK introduced a proposed law Cyber Security and Resilience Bill to Parliament, intended to set minimum standards for critical infrastructures. These proposed laws would cover certain digital and essential services including healthcare, transport, energy and water. The previous version of those standards, under the Network & Information Systems (NIS) Regulations 2018, were seen as insufficient to tackle what intelligence officials described as the growing threat posed by financially-motivated hackers and hostile foreign states. Under the proposals:

• Medium and large companies providing services like IT management, IT help desk support and cyber security to private and public sector organizations like the NHS, will also be regulated for the first time. Because they hold trusted access across government, critical national infrastructure and business networks, they will need to meet clear security duties. This includes reporting significant or potentially significant cyber incidents promptly to government and their customers as well as having robust plans in place to deal with the consequences regulators will be given new powers to designate critical suppliers to the UK’s essential services such as those providing healthcare diagnostics to the NHS or chemicals to a water firm, where they meet the criteria. This would mean they’d have to meet minimum security requirements – shutting down gaps in supply chains criminals could exploit which could cause wider disruption.

• Enforcement will be modernized, including tougher turnover-based penalties for serious breaches so cutting corners is no longer cheaper than doing the right thing. That’s because companies providing taxpayer services should make sure they have tough protections in place to keep their systems up and running.

• The Technology Secretary gets new powers to instruct regulators and the organizations they oversee, like NHS trusts and Thames Water, to take specific, proportionate steps to prevent cyber attacks where there is a threat to UK national security. This includes requiring that they beef up their monitoring or isolate high-risk systems to protect and secure essential services. (Cybersecurity Dive, Proposed Law, The Record, Impact Assessment)

Russia’s Sandworm Deploys Wiper Against Ukraine’s Grain Sector. On 6 November 2025, ESET published a new report summarizing malicious activity against Ukraine from April through September 2025. The report highlights that Russian state-backed malicious actor known as Sandworm deployed data-wiping malware (sabotage) against Ukraine’s education, government, and grain sectors. The grain sector is Ukraine’s main revenue source, and these attacks aim to weaken the country’s war economy. The grain sector is a new focus, indicating a shift in Russia’s attack strategy. (BleepingComputer, WeLiveSecurity, ESET, The Record, Industrial Cyber, ESET Report)

Malicious Actor Steals over $120M from Balancer DeFi Crypto Protocol. On 3 November 2025, Balancer reported that malicious actors had targeted its vaults and liquidity pools, exploiting a vulnerability in smart contract interactions. Preliminary analysis from on-chain investigators points to a maliciously deployed contract that manipulated Vault calls during pool initialization. Improper authorization and callback handling allowed the malicious actor to bypass safeguards. This enabled unauthorized swaps or balance manipulations across interconnected pools, draining assets in rapid succession (within minutes). It is estimated that Balancer has lost at least $128 million. Balancer is a decentralized finance (DeFi) protocol built on the Ethereum blockchain as an automated market maker and liquidity infrastructure layer. It provides flexible pools with custom token mixes, allowing users to deposit assets, earn fees, and let traders swap assets, and it is governed by the BAL token, which had a market cap of $65 million right before the incident. Balancer noted that the malicious actors are now sending “fraudulent messages claiming to be from the Balancer Security Team. These are not from us. Do not interact with unsolicited communications or click unknown links.” (Balancer Post, Bleeping Computer, GoPlusSecurity, Bajaj Post)