Daily Security Briefing #070

November 11, 2025 | Read Online

CometJacking exploits AI browsers, global ransomware surge continues, Ivanti endpoint manager flaws patched…

Executive Summary

Cybersecurity continues to face evolving threats with increasing sophistication, particularly targeting AI platforms and critical enterprise software. New attack methods like CometJacking highlight vulnerabilities in AI browsers that can expose sensitive user data without interaction or credentials. Meanwhile, ransomware attacks worldwide are escalating, fueled by rising use of generative AI techniques. Major software vendors like Microsoft and Ivanti have released important patches addressing active zero-days and high-severity vulnerabilities. Additionally, targeted campaigns by state-linked groups and threat actors are leveraging novel exploits to infiltrate government and financial sectors. Organizations must remain vigilant, prioritize timely patching, and adapt defenses for emerging AI-driven attack landscapes.

Top Articles

Prompt Injection in AI Browsers: CometJacking Threatens Privacy and Security
A newly identified attack called ‘CometJacking’ abuses URL parameters in Perplexity’s Comet AI browser to covertly execute commands and extract sensitive information from connected services like email and calendars. Remarkably, this attack requires no user credentials or interaction, only that a user open a maliciously crafted URL, presenting serious privacy risks for AI browser users.
Schneier

Global Cyber Attacks Surge in October 2025 Amid Explosive Ransomware Growth and Rising GenAI Threats
Cyber attacks rose by 2% from September and 5% year-over-year in October 2025, averaging nearly 2,000 weekly incidents worldwide. This surge correlates with the increasing sophistication of ransomware attacks and expanded utilization of generative AI by threat actors, signaling an intensifying, complex cyber threat environment.
Checkpoint

Ivanti Endpoint Manager Vulnerabilities Allow Arbitrary File Writes Across Systems
Critical Ivanti Endpoint Manager security flaws permit authenticated attackers to write files anywhere on targeted machines, potentially leading to remote code execution and system compromise. Ivanti has issued urgent patches as of November 10 to mitigate three high-severity vulnerabilities. All affected users should apply updates immediately.
GBHackers

Microsoft Patch Tuesday November 2025 Includes Zero-Day Fix and 62 Other Vulnerabilities
Microsoft’s November 2025 security update addresses 63 vulnerabilities, including a zero-day actively exploited in the wild impacting the Windows Kernel. This critical fix (CVE-2025-62215) and other elevation of privilege patches emphasize the need for prompt updates to protect enterprise environments from ongoing attacks.
GBHackers

Sophisticated Phishing Campaign Employs HTML Attachments to Evade Detection
Researchers uncovered a large-scale phishing operation using embedded JavaScript within HTML attachments rather than malicious URLs, thereby bypassing traditional email security. The campaign impersonates trusted brands such as Adobe and Microsoft to steal credentials directly from victims.
CyberPress

APT-C-08 Exploits WinRAR Directory Traversal Vulnerability in Espionage Attacks
State-linked South Asian threat actor APT-C-08 is actively exploiting a recently disclosed WinRAR flaw (CVE-2025-6218) in targeted attacks against government, defense, and academic institutions. The vulnerability enables distribution of malicious payloads concealed in crafted archive files.
CyberPress

WhatsApp Malware ‘Maverick’ Hijacks Browsers to Target Brazil’s Largest Banks
The Maverick banking malware, related to the Coyote family, hijacks browser sessions on infected systems targeting Brazilian banking applications. Delivered via WhatsApp, both malware strains utilize .NET frameworks and possess capabilities to decrypt and monitor banking URLs and apps.
TheHackerNews

GootLoader Malware Resurfaces on WordPress Using New Font-Based Evasion Technique
After a brief quiet period, GootLoader malware has been detected delivering attacks on WordPress sites via a novel font trick. Recent infections rapidly led to domain controller compromises within 17 hours, demonstrating the malware’s ongoing operational threat.
TheHackerNews

BigBear.ai to Acquire Ask Sage, Enhancing AI Security for Federal Agencies
BigBear.ai announced its acquisition of AI platform Ask Sage in a $250 million deal, aiming to bolster secure AI model deployment and agentic AI capabilities within defense and regulated sectors. This move underscores increased emphasis on safety and security in emerging AI systems.
CyberScoop

Synology Fixes Critical BeeStation Zero-Days Demonstrated at Pwn2Own Ireland
Synology patched a critical remote code execution vulnerability in its BeeStation products that was publicly exploited during the Pwn2Own Ireland hacking contest, preempting potential widespread exploitation risks.
BleepingComputer

CPU Spike Helps Detect Ongoing RansomHub Ransomware Attack Before Encryption
Varonis analysts identified a RansomHub ransomware operation in progress by investigating an unusual CPU spike. This led to discovery of fake browser update lures and domain administrator takeover attempts, ultimately allowing responders to stop encryption before data loss.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.