Samsung Zero-Day Exploited by LANDFALL Spyware; Sandworm Escalates Destructive Attacks on Ukraine

Publication Date: November 8, 2025

Summary

This cybersecurity publication for November 8, 2025, covers a critical period marked by sophisticated mobile espionage, escalating nation-state attacks, and a record surge in supply chain compromises. Key stories include the discovery of the LANDFALL spyware using a Samsung zero-day for zero-click attacks in the Middle East, a new report detailing Russia's Sandworm group intensifying destructive wiper attacks against Ukraine's critical infrastructure, and data showing software supply chain attacks hit an all-time high in October, driven by ransomware gangs like Qilin.

Today New Articles

Malicious VS Code Extension with Ransomware Capabilities Discovered on Official Marketplace

A malicious Visual Studio (VS) Code extension named "susvsex" was discovered on the official VS Code Extension Marketplace. The extension, which appears to have been created with AI assistance, contained overt ransomware capabilities. Upon activation, it was d...

Data of Nearly 200,000 Supporters of Hungarian Party TISZA Leaked Online

The personal data of nearly 200,000 supporters of the Hungarian political party TISZA has been leaked and is being widely distributed online. The breach, which occurred in October 2025, originated from the party's "TISZA Világ" service. The compromised dataset...

Bahrain Fosters Digital Talent with AI and Cybersecurity Partnership

Bahrain is strengthening its national digital capabilities through a new partnership between Beyon Cyber, a cybersecurity firm, and Bahrain Polytechnic. The two organizations signed a Memorandum of Understanding (MoU) to foster innovation in Artificial Intelli...

Article Updates

Cl0p Gang Exploits Oracle EBS Zero-Day in Massive Data Theft Spree

Update:The CL0P ransomware group has significantly escalated its Oracle EBS zero-day campaign, now claiming over 100 organizations compromised, including high-profile victim The Washington Post. The group is demanding ransoms reaching up to $50 million and has adopte...

SonicWall Breach Far Worse Than Feared: All Cloud Backup Users' Firewall Configs Stolen

Update:SonicWall has concluded its investigation into the September 2025 cloud backup breach, attributing the attack to a sophisticated state-sponsored threat actor. The attackers exploited a compromised API call within the MySonicWall cloud backup service to exfiltr...

Qilin Ransomware Strikes Again, Claiming Victims Across US, France, and Africa

Update:Qilin ransomware continues its high operational tempo, claiming 7 new victims on November 8, 2025, primarily in the professional services and manufacturing sectors across the US, Canada, and UK. This surge highlights Qilin's ongoing dominance in the RaaS lands...

AI-Powered Social Engineering to Become Top Cyber Threat, ISACA Warns

Update:The UAE Cybersecurity Council has issued a formal public warning regarding the escalating threat of AI-generated deepfake content. This advisory emphasizes the potential for deepfakes to spread misinformation, facilitate fraud, and damage reputations. It highl...