Morning Cybersecurity Brief - 11/08/2025 AUTHOR:CYBERDUDEBIVASH

 

1. Ongoing Cyber Warfare: Israel–Iran

Even with a paused physical conflict since June 2025, cyberhostilities persist. Iran reports over 20,000 cyberattacks targeting critical infrastructure and finance. Israel, in turn, faces malware and spoof-based manipulation of civilian networks. Cyber warfare remains an anonymous but potent battleground. Wikipedia+1Financial Times

2. U.S. Federal Judiciary Breach

The PACER and CM/ECF systems, used for electronic case filing, have suffered escalated cyberattacks that may have exposed sealed indictments and confidential judicial documents. The judiciary is coordinating with federal agencies to contain the breach. IT Pro+1

3. Columbia University Massive Data Breach

Around 870,000 individuals—including students, alumni, and staff—have had sensitive personal, financial, and health-related data compromised due to unauthorized third-party network access. The university is offering credit monitoring and identity protection services. Tom's Guide

4. Air France & KLM Data Exposure

A third-party service provider for the airlines' contact centers was breached, exposing customer names, contact details, loyalty program info, and email subject lines. No financial, passport, or credential data was accessed. TechRadar

5. “No-Touch” Android Exploit

Google has patched critical vulnerabilities (CVE‑2025‑48530, 22441, 48533) in Android that allowed full control of devices remotely without user actions. While there's no evidence of exploits in the wild, the urgency of patching emphasizes its severity. The Scottish Sun

6. SonicWall Firewall Attacks

Since mid‑July, attackers using the Akira ransomware strain—possibly leveraging a zero-day exploit—have targeted SonicWall firewalls, prompting immediate attention and defense from organizations. Help Net Security+1

7. New “Win-DoS” Zero-Click Vulnerabilities

At DEF CON 33, researchers revealed a novel class of DoS attacks (“Win‑DoS Epidemic”) where Windows domain controllers and servers can be weaponized into botnets—all with no user interaction required. Cyber Security News+1

8. “Tea” App Breach: A Privacy Wake-Up Call

The social app “Tea” suffered a data breach that exposed 72,000 images (including driver’s licenses) and over 1.1 million private messages—some leaked to platforms like 4chan. Security experts warn about the risks of AI-era “vibe coding” and rapid app launches without robust safeguards. Business Insider

9. Ransomware Gang “Blacksuit/Royal” Disrupted

International law enforcement agencies dismantled the infrastructure of the dangerous Blacksuit (formerly Royal) ransomware gang at the end of July 2025, delivering a significant blow to their operations. The Hacker News+3B2B Cyber Security+3reuters.com+3

10. OT Cyber Risks Grow with 5G, IoT

As operational technology (OT) systems increasingly adopt 5G, edge computing, and IoT, cyber-physical security is becoming more urgent. Legacy systems designed without modern threats now face new risks in real-time environments. industrialcyber.co