Daily Security Briefing #085

November 26, 2025 | Read Online

Chinese surveillance history, Gemini 3 AI reshaping enterprises, Qilin ransomware hits South Korean MSPs

Executive Summary

Today’s cybersecurity highlights reveal escalating geopolitical tensions around Chinese tech companies underscored by historical surveillance implications. The launch of Google’s Gemini 3 highlights a significant shift in AI becoming the new enterprise security perimeter, changing how organizations approach risk and productivity tools. Meanwhile, ransomware groups like Qilin and Akira exploit software vulnerabilities and supply chain weaknesses, emphasizing persistent risks in managed service providers and VPN infrastructures. Increasingly visible cybercriminals such as ByteToBreach underscore a growing data-leak economy targeting airlines, banks, and government sectors worldwide. Workforce readiness is being addressed through expanded training programs to close the growing skill gap.

Top Articles

Huawei and Chinese Surveillance
An excerpt from House of Huawei sheds light on the early role of Chinese tech pioneers and their political involvements. Wan Runnan, an influential entrepreneur before Huawei’s rise, supported pro-democracy movements, highlighting complex ties between technology, surveillance, and politics in China. This historical perspective enriches understanding of Huawei’s evolving global role.
Schneier

AI Has Become the New Enterprise Perimeter — and Gemini 3 Pro Just Proved It
Google’s Gemini 3 model introduces not only advanced AI capabilities but signals a structural shift: AI assistants are now integral to enterprise workflows. This trend accelerates digital transformation with deeply embedded models like Microsoft Copilot redefining how organizations safeguard and optimize their infrastructure. Executives must reassess security boundaries in this AI-driven landscape.
Checkpoint

Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
Rey, the technical lead of the notorious hacker group “Scattered LAPSUS$ Hunters,” has publicly confirmed his identity in a detailed interview. This group has been responsible for multiple high-profile data thefts and extortion campaigns against major corporations. Insights into Rey’s motivations and methods offer a rare look inside modern cybercriminal leadership.
KrebsOnSecurity

INE Expands Cross-Skilling Innovations
INE, a leading IT and cybersecurity education provider, announced an expanded portfolio of courses and certifications aimed at equipping tech professionals with versatile, in-demand skills. This initiative addresses the critical workforce skill gaps by offering hands-on training that prepares individuals for evolving cybersecurity challenges.
GBHackers

Massive Data Leak: ByteToBreach Offers Stolen Global Airline, Banking, and Government Records / Cybercriminal ‘ByteToBreach’ Exposed for Selling Highly Sensitive Data
A prolific threat actor known as ByteToBreach has been uncovered orchestrating extensive global data leaks from airlines, banks, universities, and government organizations. Utilizing cloud misconfigurations and credential compromises, this individual has built a widespread underground data trade affecting critical sectors worldwide. The exposure highlights ongoing vulnerabilities in cloud security and credential management.
GBHackers | CyberPress

Employee Spotlight: Getting to Know Angel Salazar
Angel Salazar shares his tech journey from Guatemala, recounting how early curiosity in electronics evolved into a passion for cybersecurity. His story emphasizes the importance of hands-on learning and awareness of technology’s dual potential for harm and good, inspiring others entering the field.
Checkpoint

Akira Ransomware Exploits SonicWall SSL VPN Vulnerability to Exfiltrate Data and Deploy Ransomware
The Akira ransomware group is exploiting vulnerabilities in SonicWall SSL VPN devices to perform data exfiltration and launch ransomware attacks. This threat targets merger and acquisition processes, where inherited SonicWall devices can create unchecked entry points, underscoring the need for rigorous security assessments during integrations.
CyberPress

NordVPN Black Friday Deal: Unlock 77% off VPN plans in 2025
NordVPN is offering a significant Black Friday discount of 77% off its VPN plans, presenting an opportunity for users to enhance online privacy, security, and bypass geo-restrictions. This deal is recommended for those seeking affordable protection against escalating cyber threats.
BleepingComputer

Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The Shai-Hulud supply chain attack has escalated into Maven’s package ecosystem after compromising over 830 npm packages. Malicious payloads such as “setup_bun.js” and “bun_environment.js” embedded in packages threaten developers and users by exposing secrets and compromising code integrity, demonstrating the risks of increasingly complex software supply chains.
TheHackerNews

Qilin Ransomware Turns South Korean MSP Breach Into 28-Victim ‘Korean Leaks’ Data Heist
A sophisticated supply chain ransomware campaign targeting South Korean financial MSPs has led to a 28-victim data breach known as “Korean Leaks.” Qilin ransomware actors, allegedly linked to North Korean state affiliates, exploited MSP trust relationships to deploy ransomware and exfiltrate sensitive information, emphasizing persistent geopolitical cybercrime risks.
TheHackerNews

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.