Chinese APT 'Airstalk' Malware Targets BPO Supply Chains; Insider Threats and Cl0p Zero-Day Exploits Escalate

Publication Date: November 3, 2025

Summary

This cybersecurity brief for November 3rd, 2025, covers a surge in sophisticated threats. Key developments include the discovery of 'Airstalk,' a new Chinese APT malware using MDM APIs for C2 in supply chain attacks against the BPO sector. In a shocking insider threat case, cybersecurity professionals were indicted for using ALPHV/BlackCat ransomware. The Cl0p ransomware group is actively exploiting an Oracle zero-day (CVE-2025-61882), while an unpatched Windows LNK flaw (CVE-2025-9491) continues to be leveraged by APTs. Additionally, new reports highlight advanced phishing on LinkedIn, the massive financial fallout from the SK Telecom breach, and escalating ransomware attacks across Europe.

Today New Articles

Insider Threat Shocker: Cybersecurity Pros Indicted for Wielding ALPHV/BlackCat Ransomware

In a severe breach of trust, two cybersecurity professionals, Ryan Clifford Goldberg and Kevin Tyler Martin, have been indicted for allegedly conducting ALPHV/BlackCat ransomware attacks against at least five U.S. companies. The individuals, who held roles in...

SK Telecom Profit Plummets 90% Following Massive Data Breach Affecting 27 Million Customers

South Korean telecom giant SK Telecom has reported a catastrophic 90% drop in its Q3 operating profit, directly attributing the loss to the massive costs of a data breach that exposed the personal data of 27 million customers. The breach, which went undetected...

China Amends Cybersecurity Law, Massively Increasing Fines and Adding AI Governance Clause

China has passed major amendments to its 2016 Cybersecurity Law, set to take effect on January 1, 2026. The changes dramatically increase financial penalties for non-compliance, raising the maximum fine for Critical Information Infrastructure Operators (CIIOs)...

Microsoft Discovers 'SesameOp' Backdoor Using OpenAI API for Covert C2

Microsoft's Detection and Response Team (DART) has discovered a novel backdoor named 'SesameOp' that uniquely uses the OpenAI Assistants API for its command-and-control (C2) communications. Found during an espionage investigation, the malware hides its malicio...

Europe Now #2 Global Ransomware Target, Attacks Accelerating to 24-Hour Deployments

Europe is now the second-largest global target for ransomware, accounting for 22% of all victims, according to CrowdStrike's 2025 European Threat Landscape Report. The report highlights a dramatic increase in attack speed, with groups like SCATTERED SPIDER now...

Article Updates

Cl0p Ransomware Exploits Oracle EBS Zero-Day in Active Attacks

Update:The Cl0p ransomware group's exploitation of CVE-2025-61882 in Oracle E-Business Suite has expanded, now impacting major corporations such as Schneider Electric, Cox Enterprises, and Pan American Silver Corp. Data stolen from Schneider Electric and Cox Enterpri...

Everest Ransomware Hits Swedish Power Grid Operator, Steals 280GB of Data

Update:The Everest ransomware group has expanded its claimed victim list, now including AT&T (576,000 applicant records), Dublin Airport (1.5 million passenger files), and Air Arabia (18,000 employee records). This places the previously reported Svenska kraftnät data...