Daily Security Briefing #062

November 6, 2025 | Read Online

Rigged poker indictments, Iranian espionage targeting academics, ransomware via VS Code extensions…

Executive Summary

Today’s cybersecurity landscape reveals a blend of sophisticated espionage campaigns, supply chain compromises, and critical infrastructure threats. Iranian threat actors continue to intensify phishing assaults on global academics and policy experts using advanced remote management tools. Meanwhile, software supply chains face increasing risks as ransomware operators exploit trusted development environments like VS Code extensions. Vulnerabilities in prominent protocols and firewall products highlight the ongoing challenge of patch management. Finally, law enforcement cracks down on innovative high-tech fraud in unexpected sectors, illustrating the broad scope of cybercrime.

Top Articles

Rigged Poker Games: DOJ Indicts 31 for High-Tech Card Rigging The U.S. Department of Justice charged thirty-one individuals for manipulating high-stakes poker games using altered shuffling machines embedded with concealed technology. These tampered devices enabled the perpetrators to read and influence the card order covertly, undermining the fairness of the games. This case underscores emerging criminal tactics combining physical devices with cyber capabilities to commit fraud. Schneier

Iranian Hackers Exploit Remote Management Tools to Target Academics and Foreign-Policy Experts Proofpoint researchers revealed a previously unknown Iranian threat group, UNK_SmudgedSerpent, conducting targeted phishing campaigns from June to August 2025. Using credential harvesting, social engineering, and legitimate remote monitoring tools, the group penetrated the networks of academics and policy professionals to gather intelligence on geopolitical matters. This development indicates escalated cyber espionage activities with sophisticated tactics leveraging trusted software. GBHackers | Cyberpress

VS Code Extensions Hijacked to Deliver Ransomware via GitHub Command-and-Control A recently uncovered campaign uses malicious Visual Studio Code extensions to deploy ransomware, utilizing GitHub repositories as command-and-control infrastructure. This attack illustrates evolving adversary tactics that blend supply chain compromise with persistent data exfiltration and control techniques within popular development tools, raising concerns about security in software ecosystems. Cyberpress

Critical HTTP/2 ‘MadeYouReset’ Vulnerability Enables Denial-of-Service and DDoS Attacks Security researchers identified CVE-2025-8671, nicknamed “MadeYouReset,” a critical flaw in many HTTP/2 implementations. The vulnerability stems from a specification and implementation mismatch that attackers can exploit to trigger denial-of-service or distributed denial-of-service conditions, threatening widespread service disruptions across networks relying on HTTP/2. GBHackers

Cisco Warns of New Firewall Exploits Affecting Secure Firewall ASA and FTD Software Cisco disclosed attacks targeting vulnerabilities CVE-2025-20333 and CVE-2025-20362 in Cisco Secure Firewall products. These exploits may cause vulnerable devices to reload unexpectedly, resulting in denial-of-service impacts. Organizations using affected firewall versions are advised to patch promptly to prevent disruption. TheHackerNews

Cloudflare Removes Aisuru Botnet Domains from Top Requested Sites List Cloudflare responded to manipulations by the Aisuru botnet, which had repeatedly overtaken top spots on its most-requested domains ranking, displacing prominent brands like Amazon and Google. The company redacted these malicious domains and highlighted how the botnet operators use boosted domain rankings alongside DNS service attacks to enhance their infrastructure’s reach. KrebsOnSecurity

Trojanized ESET Installers Distribute Kalambur Backdoor in Ukrainian Phishing Campaigns Security experts identified a Russia-aligned threat cluster named InedibleOchotense distributing backdoored ESET installers to target Ukrainian organizations. The campaign relies on spear-phishing emails and messages containing malicious links to deploy the Kalambur backdoor, underscoring ongoing cyber aggression targeting Ukraine through supply chain compromise. TheHackerNews

Nevada State Government Recovers Following Extensive Ransomware Attack The State of Nevada completed its recovery from an August ransomware incident that impacted 60 agencies, severely disrupting health and public safety services. The recovery highlights increasing ransomware threats to government entities and the importance of coordinated response efforts to restore critical infrastructure. BleepingComputer

Malicious AI-Created Ransomware Extension Found on Official VS Code Marketplace Researchers discovered a rudimentary ransomware extension possibly created with AI assistance hosted on Microsoft’s official VS Code marketplace. The incident raises concerns about automated generation of malicious software and the challenges of detecting threats in official software distribution channels. BleepingComputer

We See Threats Before They Hit: AI and Human Intelligence Redefining Cyber Defense Check Point experts highlighted in a Reddit AMA webinar how integrating AI-driven analytics with human insight enhances threat prediction and preemptive defenses. This hybrid approach accelerates detection, tracks attacker tactics in real time, and better prepares organizations for emerging cyber threats. Checkpoint

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.