Daily Digest

Samsung Zero-Day Exploited by LANDFALL Spyware; Sandworm Escalates Destructive Attacks on Ukraine

Samsung Zero-Day Exploited by LANDFALL Spyware; Sandworm Escalates Destructive Attacks on Ukraine

November 8, 2025
7 articles (3 new, 4 updated)
21 min read

Summary

This cybersecurity publication for November 8, 2025, covers a critical period marked by sophisticated mobile espionage, escalating nation-state attacks, and a record surge in supply chain compromises. Key stories include the discovery of the LANDFALL spyware using a Samsung zero-day for zero-click attacks in the Middle East, a new report detailing Russia's Sandworm group intensifying destructive wiper attacks against Ukraine's critical infrastructure, and data showing software supply chain attacks hit an all-time high in October, driven by ransomware gangs like Qilin.

Filter by Category

New Articles (3)

Malicious VS Code Extension with Ransomware Capabilities Discovered on Official Marketplace

MEDIUM

AI-Generated Malicious VS Code Extension 'susvsex' Found to Contain Ransomware Functionality

A malicious Visual Studio (VS) Code extension named "susvsex" was discovered on the official VS Code Extension Marketplace. The extension, which appears to have been created with AI assistance, contained overt ransomware capabilities. Upon activation, it was designed to archive a target directory, exfiltrate the ZIP file to a remote server, and then encrypt the original files. The extension also used a private GitHub repository as a command-and-control channel. Although its default target was a test folder, it could easily be modified to target sensitive user data. Microsoft has since removed the extension, which was published on November 5, 2025.

November 8, 2025
5 min read
VS CodeRansomwareMalicious ExtensionSupply Chain AttackDeveloper Security +1 more
Malicious VS Code Extension with Ransomware Capabilities Discovered on Official Marketplace
Malware
Supply Chain Attack
Ransomware

Data of Nearly 200,000 Supporters of Hungarian Party TISZA Leaked Online

HIGH

Major Data Breach at Hungarian Political Party TISZA Exposes PII of 198,500 Supporters

The personal data of nearly 200,000 supporters of the Hungarian political party TISZA has been leaked and is being widely distributed online. The breach, which occurred in October 2025, originated from the party's "TISZA Világ" service. The compromised dataset, containing 198,500 records, has been added to the Have I Been Pwned service. Exposed information includes supporters' full names, email addresses, phone numbers, physical addresses, and usernames. This incident places affected individuals at significant risk of phishing, fraud, and other malicious targeting.

November 8, 2025
4 min read
Data BreachPIIHungaryPoliticsGDPR +1 more
Data of Nearly 200,000 Supporters of Hungarian Party TISZA Leaked Online
Data Breach

Bahrain Fosters Digital Talent with AI and Cybersecurity Partnership

INFORMATIONAL

Bahrain Polytechnic and Beyon Cyber Sign MoU to Advance AI and Cybersecurity Innovation

Bahrain is strengthening its national digital capabilities through a new partnership between Beyon Cyber, a cybersecurity firm, and Bahrain Polytechnic. The two organizations signed a Memorandum of Understanding (MoU) to foster innovation in Artificial Intelligence and cybersecurity. The collaboration aims to develop advanced, AI-driven security solutions and cultivate a skilled local workforce. This strategic initiative is aligned with Bahrain's goal of becoming a regional leader in technology and equipping its next generation of professionals with the skills to tackle modern cybersecurity challenges.

November 8, 2025
3 min read
BahrainAICybersecurityPartnershipTalent Development +1 more
Bahrain Fosters Digital Talent with AI and Cybersecurity Partnership
Security Operations
Other

Updated Articles (4)

Qilin Ransomware Strikes Again, Claiming Victims Across US, France, and Africa

HIGH

Qilin Ransomware-as-a-Service Operation Claims Flurry of New Attacks on Leak Site, Targeting Diverse Sectors

Update:

Qilin ransomware continues its high operational tempo, claiming 7 new victims on November 8, 2025, primarily in the professional services and manufacturing sectors across the US, Canada, and UK. This surge highlights Qilin's ongoing dominance in the RaaS landscape. New technical details include specific MITRE ATT&CK techniques like spearphishing (T1566.001) and exfiltration to cloud storage (T1567.002), alongside D3FEND techniques for detection and mitigation. The group maintains its double-extortion strategy, reinforcing the persistent threat.

October 16, 2025
Updated: November 8, 2025
5 min read
QilinRansomwareRaaSData LeakCyberattack +1 more
Qilin Ransomware Strikes Again, Claiming Victims Across US, France, and Africa
Ransomware
Threat Actor

Cl0p Gang Exploits Oracle EBS Zero-Day in Massive Data Theft Spree

CRITICAL

Cl0p Ransomware Linked to Widespread Data Theft via Critical Oracle E-Business Suite Zero-Day (CVE-2025-61882)

Update:

The CL0P ransomware group has significantly escalated its Oracle EBS zero-day campaign, now claiming over 100 organizations compromised, including high-profile victim The Washington Post. The group is demanding ransoms reaching up to $50 million and has adopted a public shaming tactic, listing non-compliant victims on its dark web leak site to pressure payments. This development underscores the widespread impact and severe financial implications of the ongoing exploitation of the Oracle E-Business Suite vulnerability, highlighting critical supply chain risks from widely used enterprise software.

October 9, 2025
Updated: November 8, 2025
5 min read
Zero-DayRCEData TheftExtortionOracle +2 more
Cl0p Gang Exploits Oracle EBS Zero-Day in Massive Data Theft Spree
Vulnerability
Ransomware
Data Breach

SonicWall Breach Far Worse Than Feared: All Cloud Backup Users' Firewall Configs Stolen

HIGH

SonicWall Confirms Data Breach Compromised Firewall Configuration Backups for All MySonicWall Cloud Backup Customers

Update:

SonicWall has concluded its investigation into the September 2025 cloud backup breach, attributing the attack to a sophisticated state-sponsored threat actor. The attackers exploited a compromised API call within the MySonicWall cloud backup service to exfiltrate customer firewall configuration files. The company emphasizes the breach was isolated to this specific cloud environment and did not affect core products or internal networks. Remedial actions and tools have been released to assist customers in securing their services and resetting credentials, highlighting the advanced nature of the adversary and the targeted supply chain attack.

October 10, 2025
Updated: November 8, 2025
5 min read
data breachSonicWallfirewallcloud securityAPI security +1 more
SonicWall Breach Far Worse Than Feared: All Cloud Backup Users' Firewall Configs Stolen
Data Breach
Supply Chain Attack
Cloud Security

AI-Powered Social Engineering to Become Top Cyber Threat, ISACA Warns

INFORMATIONAL

ISACA Report: IT Professionals Rank AI-Driven Social Engineering as #1 Future Threat

Update:

The UAE Cybersecurity Council has issued a formal public warning regarding the escalating threat of AI-generated deepfake content. This advisory emphasizes the potential for deepfakes to spread misinformation, facilitate fraud, and damage reputations. It highlights public awareness as a primary defense and references Federal Decree-Law No. (34) of 2021, which criminalizes the creation and distribution of such content. This development underscores the growing real-world impact and governmental response to the AI-powered social engineering threats previously identified.

October 20, 2025
Updated: November 8, 2025
6 min read
Artificial IntelligenceGenerative AISocial EngineeringPhishingDeepfake +2 more
AI-Powered Social Engineering to Become Top Cyber Threat, ISACA Warns
Threat Intelligence
Phishing
Policy and Compliance

📢 Share This Publication

Help others stay informed about cybersecurity threats