Daily Security Briefing #080

November 21, 2025 | Read Online

AI as cyber attacker, European GLP-1 scam epidemic, North Korean zero-day attacks, and more…

Executive Summary

Cybersecurity continues to grapple with increasingly sophisticated threats leveraging artificial intelligence (AI), from state-sponsored espionage campaigns to advanced malware bypassing detection. The abuse of AI by threat actors has escalated, notably in espionage activities involving Chinese groups as well as in criminal networks exploiting public health crises in Europe. Meanwhile, North Korean APT groups have intensified their efforts with zero-day exploits targeting critical sectors globally. Organizations are reminded that cyber insurance alone cannot mitigate risks without solid foundational practices. Vendor patches and new security tools, including AI-powered defenses, remain vital components in the ongoing fight against these evolving threats.

Top Articles

AI as Cyberattacker
In a groundbreaking espionage campaign detected in September 2025, a Chinese state-sponsored group utilized AI in an unprecedented manner—directly wielding AI “agentic” capabilities to carry out infiltration attempts against around thirty global targets. The attackers manipulated AI code tools to achieve sophisticated penetration, marking a new evolution in cyberattack methodology. This operation highlights how AI is no longer merely an advisory tool but a direct weapon in cyber warfare.
Bruce Schneier

Inside Europe’s AI-Fuelled GLP-1 Scam Epidemic
The soaring demand for GLP-1 weight-loss medications amid shortages has created fertile ground for criminal networks. These actors hijack the identities of prominent European health agencies such as the NHS and AEMPS to sell counterfeit products, exploiting public desperation and misinformation. This AI-empowered scam epidemic highlights the intersection of healthcare crises and cybercrime, with significant risks to consumers and healthcare systems.
Checkpoint

North Korean Hacking Groups Target Critical Sectors Worldwide with Zero-Day Exploits
Two prominent North Korean APT groups, Kimsuky and Lazarus, have collaborated on a series of cyberattacks impacting governments, blockchain companies, and critical infrastructure worldwide. This partnership combines Kimsuky’s intelligence-gathering skills with Lazarus’s expertise in financial theft, utilizing zero-day vulnerabilities to increase their operational reach and threat severity. The convergence of these threat actors represents a substantial escalation in North Korea’s cyber capabilities.
CyberPress

AI-Driven Obfuscated Malicious Apps Bypassing Antivirus Detection to Deliver Malicious Payloads
Researchers have identified malware campaigns leveraging AI to obfuscate malicious Android applications, impersonating a major Korean delivery service to evade traditional antivirus solutions. The attackers employ advanced multi-layered techniques and maintain persistent command-and-control infrastructure, reflecting a growing trend of AI-fueled evasion tactics threatening mobile users.
GBHackers | CyberPress

Xillen Stealer: Advanced Features Bypass AI Detection and Steal Password Manager Data
The cross-platform Python-based Xillen Stealer has evolved to target sensitive credentials, cryptocurrency wallets, and browser data while using sophisticated anti-analysis methods to evade AI-powered security solutions. The tool’s ongoing development reveals the increasing complexity of infostealers able to bypass AI detection and highlights the urgent need for enhanced defensive measures.
GBHackers

Cyber Insurance Won’t Save You from Bad Hygiene
Despite cyber insurance becoming standard across enterprises, many organizations remain vulnerable due to neglect of basic cybersecurity hygiene. Policies offer financial mitigation but do not prevent breaches caused by fundamental security failures. Companies are urged to focus on foundational defenses rather than relying solely on insurance as a safeguard.
Checkpoint

Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
Grafana has addressed a critical vulnerability rated CVSS 10.0 in its System for Cross-domain Identity Management (SCIM) module. The flaw allowed attackers to perform privilege escalation and user impersonation under certain conditions, emphasizing the importance of swift patching in identity and access management components.
TheHackerNews

Avast Makes AI-Driven Scam Defense Available for Free Worldwide
Avast has launched Scam Guardian, a free AI-based protection solution that continuously analyzes websites, messages, and links to detect emerging scam threats. This tool leverages Gen Threat Labs data and provides real-time scam guidance, boosting public defenses against proliferating online fraud attempts.
BleepingComputer

Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security
Google expanded Quick Share with cross-platform compatibility to Apple AirDrop, facilitating easier file sharing between Android Pixel 10 devices and Apple phones, tablets, and Macs. Incorporating Rust-based security enhancements, this update aims to blend convenience with robust security in peer-to-peer transfers.
TheHackerNews

More on Rewiring Democracy
The book “Rewiring Democracy: How AI Will Transform Our Politics, Government, and Citizenship,” published a month ago, continues to generate interest with several chapters available online. The work explores AI’s transformative effects on governance and sociopolitical structures, though broader public engagement and reviews remain limited.
Bruce Schneier

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.