Daily Security Briefing #077
- DjediTech
- Security , Newsletter
- November 18, 2025
Table of Contents
November 18, 2025 | Read Online
AI cryptojacking exploits open-source frameworks, Everest ransomware leaks Under Armour data, Sneaky 2FA phishing kit mimics browser address bars…
Executive Summary
Today’s cybersecurity landscape highlights persistent and emerging threats amplified by advancing technology. AI systems face manipulation with new attacks on popular language models and exploitation of open-source AI frameworks for cryptojacking operations. Phishing tactics continue to evolve, with sophisticated 2FA bypass methods threatening multi-factor authentication systems at scale. Meanwhile, ransomware groups remain active, leaking substantial corporate data that shakes key industries. On the defensive front, tech giants announce enhanced recovery and security research tools to bolster defenses against an increasingly complex threat environment.
Top Articles
Hackers turn open-source AI framework into global cryptojacking operation
Threat actors have exploited a vulnerability in the API of Ray, an open-source AI framework used for automating compute resources, to build a widespread cryptojacking botnet. Security researchers from Oligo revealed how the hack leverages Kubernetes clusters to covertly mine cryptocurrency, exemplifying risks facing distributed AI development tools.
BleepingComputer
Everest Ransomware Group Allegedly Exposes 343 GB of Sensitive Data in Under Armour Breach
The Everest ransomware collective claims to have stolen 343 GB of sensitive internal files from Under Armour, posting samples on their dark web leak site. This breach has heightened concerns over ransomware impacts within the sportswear sector and the resilience of corporate data security.
CyberPress
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
Malware developers behind the Sneaky 2FA phishing-as-a-service kit incorporated Browser-in-the-Browser (BitB) techniques to simulate legitimate browser address bars. This tactic deceives users and allows even less skilled attackers to bypass two-factor authentication protections on a large scale.
TheHackerNews
SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026
SpyCloud’s latest forecast highlights a significant rise in identity-based attacks, evolving tactics among threat actors, and new risks posed by AI and insider threats. These trends signal major changes in identity security throughout the coming year.
GBHackers
EchoGram Attack Tricks GPT-4, Claude, Gemini, and Others into Seeing Malicious Inputs as Safe
Researchers at HiddenLayer discovered the EchoGram attack, which systematically bypasses AI safety guardrails designed to prevent harmful prompts. This vulnerability affects models including GPT-4 and Gemini by manipulating them into accepting or ignoring malicious content, complicating AI security efforts.
CyberPress
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
SecurityMetrics’ Shopping Cart Inspect (SCI) solution earned recognition for its advanced capabilities in detecting data leaks, reflecting growing industry emphasis on protecting sensitive information amid increasing compliance demands.
GBHackers
Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools
Microsoft introduced Cloud Rebuild and Point-in-Time Restore features for Windows 11 at Ignite 2025, designed to minimize downtime and simplify recovery from failures or faulty updates, thereby enhancing system resilience.
BleepingComputer
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
Meta released WhatsApp Research Proxy tools to trusted bug bounty researchers to improve the platform’s security analysis capabilities, alongside committing $4 million in bounties to incentivize vulnerability discovery amid state-sponsored threats.
TheHackerNews
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
The Tycoon platform enables the real-time relay of multi-factor authentication codes, driving over 64,000 attacks in 2025 and demonstrating how traditional MFA methods collapse under targeted phishing. The report advocates biometric and hardware-based FIDO2 as stronger defenses against such attacks.
BleepingComputer
Cloud Break: IoT Devices Open to Silent Takeover Via Firewalls
Security gaps in cloud-managed firewall and router interfaces expose IoT devices to covert takeover risks, even when devices are offline or covered by security software, highlighting the need for improved cloud management security practices.
DarkReading
AI and Voter Engagement
A retrospective on the evolution of social media’s role in political campaigns since 2008, highlighting its early transformative use and raising considerations for how AI could shape voter engagement going forward.
Schneier
AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.