Daily Security Briefing #076
- DjediTech
- Security , Newsletter
- November 17, 2025
Table of Contents
November 17, 2025 | Read Online
Iran-linked UNC1549 targets aerospace, Yurei ransomware surge, DoorDash mail spoofing dispute…
Executive Summary
Today’s cybersecurity landscape reveals increasing sophistication in nation-state espionage, ransomware operations, and supply chain risks. Mandiant highlights evolving UNC1549 activity focused on aerospace and defense sectors linked to Iran, while the newly emergent Yurei ransomware group escalates attacks targeting critical industries worldwide. Organizations are also contending with vulnerabilities in trusted platforms, exemplified by DoorDash’s email spoofing flaw and payroll system hijackings by organized crime. Meanwhile, AI’s dual role shapes the threat environment—while enabling innovation, it also fuels new malicious code generation and attack vectors. Vigilance across cloud, container, and AI workloads remains essential as zero trust expands globally.
Top Articles
Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem
Mandiant provides an in-depth analysis of UNC1549, an Iran-associated threat group targeting aerospace and defense sectors, expanding on tactics and tools observed since mid-2024. The report details ongoing espionage campaigns and custom malware deployments affecting aviation and defense industries primarily in the Middle East. These insights underscore persistent risks to critical infrastructure from state-backed cyber adversaries.
CloudGoogle
Yurei Ransomware: Encryption Mechanics, Operational Model, and Data Exfiltration Methods
Yurei, a ransomware group first detected in early September 2025, is rapidly emerging as a global threat with attacks in Sri Lanka and Nigeria among other locations. It operates a classic ransomware-as-extortion scheme involving data encryption, backup destruction, and data leak threats. This detailed report sheds light on its malware techniques and operational workflow, highlighting the increasing ransomware risks faced by critical sectors.
GBHackers
DoorDash Email Spoofing Vulnerability Sparks Messy Disclosure Dispute
A security flaw in DoorDash’s email infrastructure allowed attackers to send seemingly legitimate emails from official servers, facilitating near-perfect phishing attempts. Although DoorDash has patched the vulnerability, the post-disclosure period has been marred by accusations between the company and researchers over the handling of the flaw. This incident emphasizes the challenges inherent in vulnerability disclosure processes.
BleepingComputer
Best-in-Class GenAI Security: When CloudGuard WAF Meets Lakera
As generative AI integrates deeply into enterprise workflows, traditional security solutions face limitations against novel risks like prompt injection and sensitive data leaks. This article explores how Check Point’s CloudGuard Web Application Firewall (WAF) and Lakera combine to address these AI-specific security challenges, offering a proactive defense against emerging threats in GenAI environments.
Checkpoint
Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea
AccuKnox has partnered with South Korean provider Frentree to enhance Zero Trust Cloud-Native Application Protection Platform (CNAPP) adoption. This collaboration targets improved security for cloud, containers, and AI workloads across enterprises in the region, reflecting ongoing efforts to scale zero trust principles worldwide amid rising cyber threats in cloud-native ecosystems.
GBHackers
Payroll Pirates Uncover Organized Crime Groups Secretly Hijacking Payroll Systems
Since mid-2023, the financially motivated “Payroll Pirates” campaign has advanced from credential theft to orchestrated payroll system hijackings across industries, credit unions, and trading platforms. Utilizing a sophisticated malvertising network, this threat group drains salaries and highlights the growing targeting of payment infrastructures by organized cybercriminals.
CyberPress
Threat Actors Exploit Xanthorox AI to Create Multiple Types of Malicious Code
Xanthorox, promoted as an ethical hacking AI, is being exploited by cybercriminals to generate various malicious software components. Originally surfaced on Telegram and darknet forums, this AI-powered platform shows how threat actors misuse advanced language models to automate malware creation, complicating detection and defense strategies.
CyberPress
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Researchers warn of a fresh social engineering campaign using “ClickFix” tactics to distribute Amatera Stealer and NetSupport RAT malware. First seen in June 2025, Amatera evolves from the earlier AcridRain Stealer, emphasizing the persistent evolution of credential theft and remote access tools in cybercriminal arsenals.
TheHackerNews
Eurofiber France Warns of Breach After Hacker Tries to Sell Customer Data
Eurofiber France revealed a breach resulting from exploitation of a vulnerability in its ticket management system. Hackers accessed and exfiltrated customer data, which was then offered for sale. This incident spotlights ongoing risks to data handled by service providers and the importance of vigilant vulnerability management.
BleepingComputer
⚡ Weekly Recap: Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More
This weekly overview highlights a range of cyber incidents including exploitation of Fortinet VPNs, AI-enabled attacks originating from China, and the takedown of major Phishing-as-a-Service (PhaaS) operations. The report illustrates attackers’ ingenuity in combining traditional and novel techniques for espionage, disruption, and financial gain.
TheHackerNews
17th November – Threat Intelligence Report
Checkpoint’s latest bulletin details the expansion of Cl0p’s Oracle E-Business Suite zero-day exploitation, with confirmed breaches impacting high-profile organizations like The Washington Post and Allianz UK. Additional new breaches and attack vectors are outlined, emphasizing the ongoing escalation in sophisticated, wide-reaching campaigns targeting enterprise environments this week.
Checkpoint
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.