DJBSEC's CyberNews 2025-11-08

1. Texas Launches Cyber Command and Cybersecurity Education Programs

Texas has launched a new Cyber Command and expanded cybersecurity education programs aimed at strengthening the state’s digital defenses. Governor Abbott emphasized the initiative as a response to rising cyber threats against critical infrastructure, schools, and local governments. The effort includes public-private partnerships and a focus on developing a skilled cybersecurity workforce. High school and college students will benefit from expanded training and certification opportunities.

2. Ransomware Gangs Use Google Maps “Suggest an Edit” to Demand Ransom

Ransomware groups are abusing the Google Maps “Suggest an Edit” feature to post ransom notes on victim company listings. Attackers modify business profiles with threatening messages demanding payment, leveraging the visibility of Google Maps to increase pressure on targeted organizations. This tactic allows criminals to bypass traditional communication methods and directly impact a victim’s public reputation. Google is investigating and working to prevent misuse of the platform.

3. Chinese Buses in UK Equipped with Remote “Kill Switch”

UK authorities have raised concerns over Chinese-manufactured electric buses that include undocumented remote “kill switch” capabilities. Security officials warn that these features could be exploited to disrupt transportation services or conduct surveillance. The issue has sparked renewed debates over the national security implications of using foreign-made technology in critical infrastructure. Investigations are ongoing, and some MPs are calling for restrictions or removals.

4. ClickFix Attacks Now Use Weaponized Videos to Bypass Defenses

ClickFix attacks—previously known for abusing customer support workflows—have evolved to include weaponized video content. Threat actors are embedding malicious payloads within fake tech support video links, luring victims into clicking and unknowingly executing code. These attacks bypass email security filters and target corporate help desks and employees. Security teams are urged to update awareness training and block risky video content in workflows.

5. Malicious Visual Studio Extensions Spreading RansomVibing Malware

A new malware campaign dubbed RansomVibing is spreading through malicious Visual Studio extensions available in the official marketplace. Developers installing compromised extensions unknowingly enable ransomware execution, which encrypts files and displays intimidating audio-visual ransom messages. The campaign highlights the risk of supply chain attacks targeting development environments. Microsoft is actively removing malicious extensions and urging users to verify publisher authenticity.

6. Landfall Spyware Exploits Samsung Zero-Day in Middle East Espionage

Advanced spyware known as Landfall has exploited a previously unknown Samsung vulnerability (CVE-2025-21042) in targeted espionage campaigns across the Middle East. The zero-day allowed attackers to silently monitor communications and extract sensitive data from Samsung devices. Researchers attribute the campaign to a well-resourced nation-state threat actor. Samsung has since released a patch, and users are urged to update immediately.

7. Microsoft Uncovers “WhisperLeak” Data Theft Operation

Microsoft has identified a new data theft campaign named WhisperLeak, targeting corporate environments to exfiltrate sensitive files and leak them online. The operation blends credential theft, lateral movement, and cloud misconfigurations to steal data across Microsoft 365 environments. Leaked data is used for extortion or reputational damage. Microsoft has released indicators of compromise and mitigation guidance for affected customers.

8. Hackers Exploit Google News RSS Feed for Malicious Campaign

Threat actors are exploiting Google News RSS feeds to inject malicious links into seemingly legitimate news stories. By abusing the news aggregation and syndication process, attackers redirect users to phishing or malware-laden pages while impersonating major media outlets. The campaign poses a risk to users who trust RSS-based summaries and clickthroughs. Security experts recommend verifying links and sources before engaging with embedded content.