Daily Digest

Chinese APT 'Airstalk' Malware Targets BPO Supply Chains; Insider Threats and Cl0p Zero-Day Exploits Escalate

Chinese APT 'Airstalk' Malware Targets BPO Supply Chains; Insider Threats and Cl0p Zero-Day Exploits Escalate

November 3, 2025
7 articles (5 new, 2 updated)
21 min read

Summary

This cybersecurity brief for November 3rd, 2025, covers a surge in sophisticated threats. Key developments include the discovery of 'Airstalk,' a new Chinese APT malware using MDM APIs for C2 in supply chain attacks against the BPO sector. In a shocking insider threat case, cybersecurity professionals were indicted for using ALPHV/BlackCat ransomware. The Cl0p ransomware group is actively exploiting an Oracle zero-day (CVE-2025-61882), while an unpatched Windows LNK flaw (CVE-2025-9491) continues to be leveraged by APTs. Additionally, new reports highlight advanced phishing on LinkedIn, the massive financial fallout from the SK Telecom breach, and escalating ransomware attacks across Europe.

Filter by Category

New Articles (5)

Insider Threat Shocker: Cybersecurity Pros Indicted for Wielding ALPHV/BlackCat Ransomware

HIGH

Federal Grand Jury Indicts Incident Response Manager and Ransomware Negotiator for Extorting U.S. Companies with ALPHV/BlackCat Ransomware

In a severe breach of trust, two cybersecurity professionals, Ryan Clifford Goldberg and Kevin Tyler Martin, have been indicted for allegedly conducting ALPHV/BlackCat ransomware attacks against at least five U.S. companies. The individuals, who held roles in incident response and ransomware negotiation, are accused of conspiring to extort nearly $1.3 million from a Florida medical company. This case highlights a critical insider threat risk within the cybersecurity industry itself, where trusted professionals abuse their knowledge and access for criminal gain.

November 3, 2025
4 min read
Insider ThreatALPHVBlackCatRansomwareIndictment +2 more
Insider Threat Shocker: Cybersecurity Pros Indicted for Wielding ALPHV/BlackCat Ransomware

SK Telecom Profit Plummets 90% Following Massive Data Breach Affecting 27 Million Customers

HIGH

Data Breach Costs Cripple SK Telecom, Causing 90% Drop in Q3 Operating Profit and Suspension of Dividend

South Korean telecom giant SK Telecom has reported a catastrophic 90% drop in its Q3 operating profit, directly attributing the loss to the massive costs of a data breach that exposed the personal data of 27 million customers. The breach, which went undetected for nearly three years, involved 25 different malware types and led to a record $96.5 million (134 billion won) fine from regulators. This incident serves as a stark illustration of the severe and tangible financial consequences of long-term cybersecurity failures and inadequate threat detection.

November 3, 2025
4 min read
Data BreachFinancial ImpactSK TelecomTelecommunicationsSouth Korea +1 more
SK Telecom Profit Plummets 90% Following Massive Data Breach Affecting 27 Million Customers

China Amends Cybersecurity Law, Massively Increasing Fines and Adding AI Governance Clause

MEDIUM

China Passes Amendments to 2016 Cybersecurity Law, Raising Penalties Tenfold for Critical Infrastructure Operators

China has passed major amendments to its 2016 Cybersecurity Law, set to take effect on January 1, 2026. The changes dramatically increase financial penalties for non-compliance, raising the maximum fine for Critical Information Infrastructure Operators (CIIOs) tenfold to RMB 10 million (approx. $1.41M) and for non-CIIOs to RMB 2 million. The amendments also introduce a new, general clause on Artificial Intelligence governance, signaling tighter regulatory control over technology and data security within the country.

November 3, 2025
4 min read
ChinaCybersecurity LawRegulationComplianceAI +2 more
China Amends Cybersecurity Law, Massively Increasing Fines and Adding AI Governance Clause

Microsoft Discovers 'SesameOp' Backdoor Using OpenAI API for Covert C2

HIGH

Microsoft DART Uncovers Novel 'SesameOp' Backdoor Leveraging OpenAI Assistants API for Command and Control in Espionage Campaign

Microsoft's Detection and Response Team (DART) has discovered a novel backdoor named 'SesameOp' that uniquely uses the OpenAI Assistants API for its command-and-control (C2) communications. Found during an espionage investigation, the malware hides its malicious traffic within legitimate API calls to the OpenAI platform, making it extremely difficult to detect. The attackers also used .NET AppDomainManager injection by compromising Microsoft Visual Studio utilities to achieve persistence.

November 3, 2025
5 min read
SesameOpMalwareBackdoorOpenAIAPI +4 more
Microsoft Discovers 'SesameOp' Backdoor Using OpenAI API for Covert C2

Europe Now #2 Global Ransomware Target, Attacks Accelerating to 24-Hour Deployments

INFORMATIONAL

CrowdStrike Report: Europe Accounts for 22% of Global Ransomware Victims, Attacked by Faster, Geopolitically Motivated Adversaries

Europe is now the second-largest global target for ransomware, accounting for 22% of all victims, according to CrowdStrike's 2025 European Threat Landscape Report. The report highlights a dramatic increase in attack speed, with groups like SCATTERED SPIDER now able to deploy ransomware in just 24 hours from initial access. The threat is fueled by a thriving initial access broker (IAB) market and escalating geopolitical tensions involving Russian, Chinese, and North Korean state-sponsored actors targeting critical sectors.

November 3, 2025
5 min read
Threat ReportCrowdStrikeRansomwareEuropeThreat Intelligence +2 more
Europe Now #2 Global Ransomware Target, Attacks Accelerating to 24-Hour Deployments

Updated Articles (2)

Cl0p Ransomware Exploits Oracle EBS Zero-Day in Active Attacks

CRITICAL

Cl0p Ransomware Gang Actively Exploiting Oracle E-Business Suite Zero-Day (CVE-2025-61882)

Update:

The Cl0p ransomware group's exploitation of CVE-2025-61882 in Oracle E-Business Suite has expanded, now impacting major corporations such as Schneider Electric, Cox Enterprises, and Pan American Silver Corp. Data stolen from Schneider Electric and Cox Enterprises has been published on Cl0p's extortion site, confirming successful breaches and escalating the severity of this ongoing campaign. The vulnerability specifically targets the Oracle Concurrent Processing component, allowing for remote code execution. Organizations are urged to continue restricting access and deploying WAF/IPS as no official patch is yet available.

October 20, 2025
Updated: November 3, 2025
8 min read
Zero-dayCl0pRansomwareOracleE-Business Suite +2 more
Cl0p Ransomware Exploits Oracle EBS Zero-Day in Active Attacks

Everest Ransomware Hits Swedish Power Grid Operator, Steals 280GB of Data

HIGH

Everest Ransomware Group Claims Data Breach at Swedish Power Grid Operator Svenska kraftnät

Update:

The Everest ransomware group has expanded its claimed victim list, now including AT&T (576,000 applicant records), Dublin Airport (1.5 million passenger files), and Air Arabia (18,000 employee records). This places the previously reported Svenska kraftnät data breach (280 GB) within a broader, multi-sector campaign by Everest, highlighting the group's ambitious targeting and focus on large-scale data theft for extortion. The incident at Svenska kraftnät is now viewed in the context of a widespread threat to critical infrastructure and major corporations, underscoring potential national security risks from the stolen data.

October 28, 2025
Updated: November 3, 2025
5 min read
EverestRansomwareData BreachSwedenCritical Infrastructure +2 more
Everest Ransomware Hits Swedish Power Grid Operator, Steals 280GB of Data

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.