EPISODE · Nov 28, 2025 · 12 MIN
RadioCSIRT – Your Cybersecurity Update for Friday, 28 November 2025 (Ep.34)
from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ
Welcome to your daily cybersecurity briefing.CISA & Commercial Spyware Targeting Messaging AppsFollowing a joint alert by CISA, a technical breakdown reveals how multiple threat actors use QR-based session hijacking, zero-click exploits, and fake apps to compromise end-to-end encrypted messaging platforms such as Signal and WhatsApp. Victims include senior officials and civil society actors across the U.S., Europe, and the Middle East.ORCA Initiative from Linux FoundationThe Linux Foundation has announced the creation of ORCA, a new Open Robust Compartmentalization Alliance aiming to promote memory safety and software isolation primitives. Key members include Microsoft, Google, Arm, and defense actors such as RTX and DARPA, focusing on securing toolchains for C, C++, and Rust.Dell ControlVault2 & GL.iNet FlawsCisco Talos has disclosed vulnerabilities in Dell ControlVault2 and GL.iNet firmware affecting hardware security and OpenWRT-based VPN routers respectively. Exploits include heap overflows and race conditions. Patches are pending for multiple devices.Poland Arrests Russian HackerPolish authorities have detained a Russian citizen linked to several intrusions against defense and public institutions. The individual is suspected of operating within a pro-Russian cybercriminal network supporting disinformation campaigns in Eastern Europe.TOR Network Introduces Counter-Galois EncryptionThe Tor Project is migrating from AES to a new encryption primitive called Counter-Galois (cgMul), developed specifically for onion-routing contexts. The move is intended to harden Tor nodes against speculative execution attacks and improve cryptographic agility.Rey, Administrator of Scattered LAPSUS$ Hunters, UnmaskedKrebsOnSecurity has confirmed the identity of “Rey,” administrator of the Scattered LAPSUS$ Hunters Telegram channel and operator behind the ShinySp1d3r ransomware-as-a-service. Rey is a 15-year-old linked to past defacements and BreachForums activity. Despite claiming cooperation with law enforcement, he remains active within SLSH.Don’t Think – Patch Now.Sources:CISA – Spyware & Messaging Appshttps://blog.marcfredericgomez.com/spyware-targeting-secure-mobile-messaging-applications/ Linux Foundation – ORCAhttps://www.linuxfoundation.org/press/linux-foundation-launches-the-open-robust-compartmentalization-alliance-orca-to-advance-software-security Cisco Talos – Dell / GL.iNethttps://blog.talosintelligence.com/dell-controlvault-lasso-gl-inet-vulnerabilities/The Record – Arrest in Polandhttps://therecord.media/poland-detains-russian-citizen-accused-of-hacks BleepingComputer – Tor Encryption Updatehttps://www.bleepingcomputer.com/news/security/tor-switches-to-new-counter-galois-onion-relay-encryption-algorithm/ KrebsOnSecurity – SLSH / Reyhttps://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/Your feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com
NOW PLAYING
RadioCSIRT – Your Cybersecurity Update for Friday, 28 November 2025 (Ep.34)
No transcript for this episode yet
Similar Episodes
Mar 31, 2026 ·143m
Mar 24, 2026 ·88m
Feb 27, 2025 ·73m