Google filed a federal lawsuit against Chinese cybercriminals running "Lighthouse," a massive text-message phishing network that compromised 15-100 million credit cards and affected over one million victims in the U.S.

The scammers sent fake texts about "stuck packages" or "unpaid tolls" to steal passwords and credit card information. Google's general counsel Halimah DeLaine Prado said they're using the RICO Act—typically reserved for organized crime—to target 25 unknown operators who built a "phishing-as-a-service" platform.

The lawsuit aims to deter future criminals rather than recover victim losses. While prosecuting overseas scammers is challenging, experts say it could disrupt similar operations and prevent these individuals from traveling to the U.S.

Source: CBS News

Google filed a lawsuit against Smishing Triad, a Chinese cybercrime group operating since 2023. The group uses their "Lighthouse" phishing kit to send fake SMS messages impersonating delivery services like USPS, banks, and healthcare organizations.

The scam has reached over one million users across 120+ countries, with an estimated 12-115 million stolen credit cards in the US alone. Google discovered more than 100 phishing templates copying its own brand.

The lawsuit targets the group under federal racketeering and fraud laws, allowing Google to seize malicious domains and unmask the criminals' identities. Google also supports new congressional bills aimed at protecting retirees and blocking foreign robocalls.

Source: Security Week

Microsoft released its November 2025 Patch Tuesday updates on November 11, fixing 63 security flaws across Windows, Office, Azure, and Visual Studio. The most urgent concern is CVE-2025-62215, a zero-day Windows Kernel vulnerability already being exploited by attackers to escalate privileges on compromised systems.

Five critical vulnerabilities lead the pack, including CVE-2025-62199 in Microsoft Office that allows remote code execution through malicious documents, and CVE-2025-60724 in GDI+ enabling network-based attacks on graphics applications.

The remaining 57 "Important" rated flaws primarily target privilege escalation, affecting everything from Smart Card services to Kerberos authentication. Security teams should prioritize patching internet-facing systems immediately, as no workarounds exist for the exploited zero-day.

Source: Cyber Security News

The Qilin ransomware group has ramped up attacks on small and medium businesses, particularly in construction, healthcare, and finance sectors. Security firm S-RM reports that 88% of 2025 cases involved both data theft and file encryption, with stolen information posted on dark web sites when ransoms aren't paid.

Qilin exploits basic vulnerabilities like unpatched VPNs, missing multi-factor authentication, and exposed management interfaces. The group operates like a tech business, renting tools to affiliates including members of Scattered Spider.

While major attacks like the 2024 UK healthcare breach grab headlines, most victims are smaller organizations. S-RM urges companies to patch VPNs regularly, enable multi-factor authentication, and monitor networks for intrusion signs.

Source: Infosecurity Magazine

UK transport and cyber-security officials are investigating whether hundreds of Chinese-made Yutong buses operating across Britain could be remotely controlled by their manufacturer. The probe follows Norwegian findings that Yutong buses could theoretically be "stopped or rendered inoperable" through over-the-air software updates via mobile networks.

Yutong buses run in Bristol, Essex, Leicester, Nottingham, and other UK locations. The company has exported nearly 110,000 buses to over 100 countries, capturing 10% of the global market. Denmark also launched an investigation after Norway's discovery.

While there's no evidence of actual interference, the case highlights growing concerns about Chinese involvement in British infrastructure and the security risks of connected vehicles.

Source: The Guardian

The Cl0p ransomware group has publicly named 29 organizations allegedly hit in a cyberattack targeting Oracle's E-Business Suite customers. The campaign, linked to threat actor FIN11, involved extortion emails sent to executives in late September.

Confirmed victims include Harvard University, South Africa's Wits University, American Airlines subsidiary Envoy Air, and The Washington Post. Major corporations like Schneider Electric, Emerson, Logitech, and Cox Enterprises appear on the list but haven't confirmed breaches.

The hackers leaked data from 18 victims, sometimes releasing terabytes of files. The attacks likely exploited Oracle EBS vulnerabilities CVE-2025-61882 and CVE-2025-61884, which allow remote access without authentication. Most targeted organizations remain silent while conducting investigations.

Source: SecurityWeek

Elastic disclosed a high-severity vulnerability (CVE-2025-37735) in its Defend security software for Windows that could let attackers escalate privileges to gain admin control. The flaw affects versions up to 8.19.5 and 9.0.0 through 9.1.5, scoring 7.0 on the CVSS scale.

The bug stems from improper file permission handling in the Defend service, which runs with SYSTEM-level privileges. Attackers with local access could exploit this to delete arbitrary files and potentially gain full system control.

Elastic urges immediate upgrades to fixed versions 8.19.6, 9.1.6, or 9.2.0. Organizations unable to patch immediately should consider upgrading to Windows 11 24H2, which makes exploitation much harder.

Source: Cybersecurity News

Google released November 2025 Android security updates addressing two critical vulnerabilities in the System component. The most serious flaw, CVE-2025-48593, affects Android versions 13-16 and allows remote code execution without user interaction or additional privileges. It stems from insufficient input validation.

A second vulnerability, CVE-2025-48581, affects Android 16 devices and could block security updates through a logic error in apexd.cpp code.

This marks another departure from Google's traditional monthly update pattern. After skipping July and October entirely, the company resolved over 100 vulnerabilities in August and September. Devices with security patch level 2025-11-01 are protected against these threats.

Source: SecurityWeek

The Biden administration is weighing a ban on TP-Link routers, which control about 65% of the US router market, citing national security risks tied to China. Multiple federal agencies including Commerce, Defense, and Justice have investigated the company since December 2023.

TP-Link Systems, headquartered in California but with 11,000 employees in China, denies being controlled by the Chinese government. The company was founded in Shenzhen in 1996 and split into two entities in 2024 amid congressional pressure.

Lawmakers worry about router vulnerabilities and potential cyberattacks, while the Justice Department separately probes possible predatory pricing. Over 300 internet providers currently distribute TP-Link routers to customers nationwide.

Source: CNET

The Congressional Budget Office confirmed Thursday it was hacked, potentially exposing sensitive government data to malicious actors. The 275-employee agency provides cost estimates for nearly every congressional bill and handles massive datasets on policy issues ranging from deportation plans to tariffs and tax cuts.

According to The Washington Post, four sources identified the attackers as suspected foreign actors, though the CBO hasn't confirmed this detail. Spokeswoman Caitlin Emma said the agency contained the breach and implemented new security controls while investigations continue.

The timing is particularly concerning given the CBO's access to data on major policy initiatives including the Trump administration's mass deportation plans and sweeping tariff implementations.

Source: Security Week