Daily Security Briefing #087

November 28, 2025 | Read Online

Holiday scam domains surge, LLM prompt injection via poetry, Metasploit adds critical new modules…

Executive Summary

A pronounced spike in holiday-themed cyber scams is raising alarms this season, with attackers deploying tens of thousands of fraudulent domains targeting shoppers and retailers. Meanwhile, researchers expose a novel jailbreak technique for large language models using adversarial poetry, highlighting emerging threats in AI security. Metasploit’s latest update boosts penetration testing capabilities with critical modules expanding attack simulation options. Supply chain and software repository security remain vulnerable, exemplified by domain takeover risks in Python packages and massive malware distribution via npm. Law enforcement actions and regulatory fines underline ongoing efforts to combat cybercrime and enforce accountability.

Top Articles

Metasploit Wrap-Up 11/28/2025
This week’s Metasploit Framework update introduces 10 new modules, including an SMB to MSSQL relay that enables executing arbitrary queries on targets, a remote code execution exploit targeting Fortinet products, and enhanced payloads for 32-bit and 64-bit RISC-V architectures. These additions provide penetration testers with expanded tools to simulate complex attack scenarios and assess network defenses.
RAPID7

Prompt Injection Through Poetry
A recently published study reveals a universal single-turn jailbreak method for large language models by transforming prompts into adversarial poetry. Testing across 25 leading LLMs showed success rates exceeding 90% in some cases, exposing a new vector for prompt injection attacks that can bypass existing safeguards. This finding calls for urgent improvements in AI system robustness against creative adversarial inputs.
SCHNEIER

Cybercriminals Register 18,000 Holiday-Themed Domains to Launch Seasonal Scams
FortiGuard Labs reports an unprecedented 18,000 holiday-themed domains created by cybercriminals to perpetrate scams during peak shopping periods. These domains facilitate a surge in fraud targeting e-commerce platforms and consumers, leveraging automation and AI-powered operations to enhance attack sophistication. The rise signals elevated risks for online shoppers throughout the holiday season.
GBHACKERS

Hackers Create 18,000 Christmas, Black Friday, and Flash Sale Domains in New Holiday Scam Surge
Echoing similar findings, cybersecurity researchers highlight a dramatic expansion in malicious infrastructure tied to seasonal shopping scams. The proliferation of fraudulent domains supports increased exploitation of stolen accounts and retail systems, creating a more perilous environment for shoppers and online businesses.
CYBERPRESS

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Security analysts uncovered vulnerabilities in legacy Python bootstrap scripts used by the “zc.buildout” tool, exposing numerous PyPI packages to potential supply chain attacks through domain takeover. This flaw underscores ongoing challenges in securing software distribution ecosystems and necessitates prompt remediation efforts by package maintainers.
THEHACKERNEWS

North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
North Korean threat actors associated with the Contagious Interview campaign have recently pushed 197 malicious npm packages designed to spread a new variant of the OtterCookie malware. These packages were downloaded over 31,000 times, indicating significant exposure. The malware consolidates features from previous variants, posing a notable threat to the JavaScript development community.
THEHACKERNEWS

Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison
An Australian man was sentenced to seven years and four months in prison after operating an “evil twin” WiFi network at airports to steal personal data from travelers. The conviction marks a significant law enforcement success against sophisticated wireless attack methods targeting unsuspecting victims in transit hubs.
BLEEPINGCOMPUTER

Microsoft: Windows updates make password login option invisible
Microsoft cautions that certain Windows 11 updates released since August may remove the visible password sign-in option on the lock screen, despite remaining functional behind the scenes. This change could confuse users and complicate login procedures, prompting calls for clarity and remediation from Microsoft.
BLEEPINGCOMPUTER

Comcast to Pay $1.5 Million Fine to Settle FCC Investigation Linked to Vendor Data Breach
Comcast agreed to a $1.5 million settlement with the FCC after a breach at a third-party debt collection vendor exposed sensitive customer data. The incident highlights the risks posed by vendor relationships and the growing regulatory focus on data security and breach accountability.
CYBERPRESS

Poland Arrests Suspected Russian Hacker Targeting Local Organizations’ Networks
Polish authorities apprehended a Russian national suspected of attacking local organizations’ networks, reinforcing international efforts to combat state-affiliated cyber threats. The arrest reflects increasing vigilance and cross-border cooperation to protect critical infrastructure against unauthorized digital intrusions.
GBHACKERS

Friday Squid Blogging: Flying Neon Squid Found on Israeli Beach
A rare meter-long flying neon squid was discovered deceased on an Israeli beach, an uncommon sighting for the Mediterranean region. While unrelated to cybersecurity, this unusual marine finding offers a momentary scientific curiosity amidst the week’s security developments.
SCHNEIER

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.