Daily Security Briefing #064
- DjediTech
- Security , Newsletter
- November 8, 2025
Table of Contents
November 8, 2025 | Read Online
Samsung zero-day Android spyware, AI-driven manufacturing cyber threats, Microsoft Teams phishing risks…
Executive Summary
Today’s cybersecurity landscape is marked by the discovery of a sophisticated Android spyware campaign exploiting a new Samsung zero-day vulnerability via WhatsApp images. Meanwhile, the manufacturing sector faces increasing risks as attackers leverage AI platforms to launch advanced threats, highlighting a growing interplay between innovation and cyber risk. Microsoft revealed a novel side-channel attack impacting AI chat privacy, adding to evolving threats against encrypted communications. Additionally, concerns rise about Microsoft Teams’ new “chat with anyone” feature potentially exposing users to phishing and malware. Users still on Windows 10 are urged to enroll in security updates ahead of support expiry.
Top Articles
New “LANDFALL” Android Malware Uses Samsung 0-Day Vulnerability Hidden in WhatsApp Images Unit 42 researchers uncovered LANDFALL, a new Android spyware campaign exploiting a previously unknown zero-day vulnerability (CVE-2025-21042) in Samsung’s image processing library. This malware delivers advanced surveillance capabilities by embedding malicious images in WhatsApp messages, targeting Galaxy devices. This critical flaw enables attackers to conduct stealthy espionage using commercial-grade spyware. GBHackers | CyberPress
AI-Powered Cyber Threats Rise: Attackers Target Manufacturing Sector New reports highlight manufacturing organizations as prime targets for cyberattacks leveraging generative AI technologies. While 94% of companies now use AI to drive innovation, sophisticated threat actors exploit the same platforms and trusted cloud environments to carry out attacks. This dual-use of AI underscores an urgent need for enhanced governance and security practices across the sector. GBHackers | CyberPress
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic Microsoft disclosed a novel side-channel attack dubbed “Whisper Leak,” which allows passive observers to glean information about AI model conversation topics despite encryption. This vulnerability affects remote language models operating in streaming mode, posing privacy risks in AI-assisted communications and highlighting emerging challenges in securing encrypted AI traffic. TheHackerNews
New Microsoft Teams Feature Exposes Users to Phishing and Malware Risks Microsoft’s upcoming Teams update enables users to initiate chats using only email addresses, even for non-Teams users. While aimed at enhancing connectivity, cybersecurity experts warn this “chat with anyone” feature could increase phishing and malware risks due to the expanded attack surface. Rollout starts November 2025 with a global release in early 2026. GBHackers | CyberPress
GlassWorm Malware Returns on OpenVSX with 3 New VSCode Extensions The dangerous GlassWorm malware campaign has resurfaced on the OpenVSX marketplace, distributing three new malicious Visual Studio Code extensions that have been downloaded over 10,000 times. This resurgence highlights ongoing risks to software supply chains through trusted developer ecosystems. BleepingComputer
Still on Windows 10? Enroll in free ESU before next week’s Patch Tuesday With Windows 10 support ending soon, Microsoft urges remaining users to enroll in the Extended Security Updates (ESU) program to continue receiving crucial security patches. This migration is critical ahead of the upcoming Patch Tuesday, ensuring systems remain protected from new vulnerabilities despite official support cessation. BleepingComputer
OpenAI Plans to Release GPT-5.1, GPT-5.1 Reasoning, and GPT-5.1 Pro OpenAI announced upcoming launches of the GPT-5.1 family, including base, reasoning-enhanced, and Pro subscription models. The Pro tier will require a $200 monthly fee, targeting advanced users and enterprises seeking superior AI capabilities, underscoring rapid advancements in commercial AI offerings. BleepingComputer
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.