Daily Security Briefing #086

November 27, 2025 | Read Online

Evidence-as-Code API, Lapsus$ Zendesk impersonation, CodeRED outage and breaches…

Executive Summary

Cybersecurity incidents today highlight a broader shift towards automating compliance and fighting sophisticated phishing campaigns. Quttera’s new API automation tool promises to ease audit burdens for SOC 2 and PCI DSS, reflecting growing demand for real-time security evidence. Meanwhile, attackers continue leveraging domain spoofing tactics, as seen in the rising number of Zendesk-imitating domains linked to Lapsus$ actors. Ransomware and data breaches persist with major impacts, including a nationwide emergency alert system outage and the exposure of millions of customer records. Additionally, privacy concerns grow as OpenAI reveals a data breach linked to a third-party vendor. Defenders also anticipate Microsoft’s upcoming enforcement of stricter script controls in authentication to curb account takeover risks in 2026.

Top Articles

Quttera Launches “Evidence-as-Code” API to Automate Security Compliance for SOC 2 and PCI DSS v4.0
Quttera has enhanced its Web Malware Scanner API to provide real-time compliance evidence and AI-driven threat intelligence, automating previously manual audit preparation stages. This new evidence streaming and compliance mapping capability is designed to help organizations meet increasingly rigorous SOC 2 and PCI DSS v4.0 standards more efficiently.
BleepingComputer

One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
In Gartner’s 2025 Magic Quadrant for Privileged Access Management (PAM), One Identity has been recognized as a Visionary, reflecting its innovative capabilities and evolving customer ecosystem. This recognition highlights the importance of robust PAM solutions amid an evolving threat landscape where privileged account misuse remains a key risk vector.
GBHackers

Scattered Lapsus$ Actors Register Over 40 Zendesk-Impersonating Domains
Security researchers at ReliaQuest have identified over 40 typosquatted domains impersonating Zendesk, registered within the last six months. These domains host phishing pages designed to steal credentials by mimicking legitimate Zendesk services, linked to the criminal group known as “Scattered Lapsus$ Hunters.” Users should remain vigilant against these evolving phishing tactics.
CyberPress

Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan
The cyber espionage group Bloody Wolf has been conducting targeted attacks since mid-2025 deploying NetSupport Remote Access Trojan (RAT) in Kyrgyzstan, now expanding operations into Uzbekistan. This campaign highlights continuing geopolitical cyber threats in Central Asia with a focus on remote access capabilities to infiltrate critical systems.
TheHackerNews

Handala Group Intensifies Attacks on Israeli High-Tech and Aerospace Personnel
The Handala hacking group has escalated harassment by publishing personal data of Israeli aerospace and tech professionals, paired with false accusations, through dark web channels. This campaign reflects a growing trend of cyber intimidation tactics aimed at undermining individual privacy and spreading misinformation among targeted communities.
CyberPress

Microsoft to Block Unauthorized Scripts in Entra ID Logins with 2026 CSP Update
Microsoft will strengthen security in its Entra ID sign-in process by updating the Content Security Policy in 2026 to disallow unauthorized scripts. This change aims to prevent script injection attacks on login.microsoftonline.com, reinforcing defenses against credential theft and account takeovers.
TheHackerNews

OpenAI Discloses API Customer Data Breach via Mixpanel Vendor Hack
OpenAI reported that some ChatGPT API customers had limited identifying information exposed due to a cyberattack on Mixpanel, a third-party analytics vendor. The breach underscores ongoing risks related to supply chain and vendor security in the AI ecosystem.
BleepingComputer | SecurityWeek

Asahi Data Breach Impacts 2 Million Individuals
A major data breach at Japan’s Asahi involved theft of personal and employee information prior to a ransomware attack that severely disrupted operations. The incident highlights persistent ransomware risks to corporate and personal data confidentiality.
SecurityWeek

Holiday Shoppers Targeted as Amazon and FBI Warn of Surge in Account Takeover Attacks
With the holiday season underway, there is a growing wave of account takeover attacks exploiting brand impersonation to steal credentials from online shoppers. Authorities warn increased vigilance is needed to thwart scammers using fake messages and offers.
Malwarebytes

Millions at Risk after Nationwide CodeRED Alert System Outage and Data Breach
A ransomware incident disrupting the CodeRED emergency alert platform triggered widespread alerts and revealed sensitive data exposure, raising concerns over national critical infrastructure security. Recovery efforts are underway, but the attack underscores vulnerabilities in public safety communications.
Malwarebytes

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.