RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 9) episode artwork

EPISODE · Nov 6, 2025 · 13 MIN

RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 9)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥💬 Microsoft Teams — Impersonation and Spoofing VulnerabilitiesCheck Point Research disclosed four critical flaws in Microsoft Teams allowing attackers to impersonate users, manipulate messages, and spoof notifications. The issues, now patched, could be exploited by both external guests and malicious insiders.🌐 Google Chrome — Storing ID Data in AutofillChrome’s new Enhanced Autofill feature can now store driver’s license and passport details. Convenient, but risky — storing such highly sensitive information in the world’s most targeted browser significantly increases exposure if compromised.⚖️ China — Death Sentences for Myanmar Scam KingpinsA Chinese court sentenced five members of a Myanmar-based scamming syndicate to death. The criminal network operated large-scale fraud and human trafficking rings, generating over $4 billion and causing the deaths of at least six Chinese citizens.💼 Japan — Nikkei Reports Slack Data BreachMedia giant Nikkei confirmed that malware on an employee’s computer led to a compromise of its internal Slack workspace. Names, email addresses, and chat histories of more than 17,000 employees and partners were potentially exposed.🧩 Palo Alto Networks — Asset Management: The Unsung Hero of Cyber DefenseBradley Duncan highlights that threat intelligence is only effective when built upon solid asset management. Without proper inventory and monitoring, even advanced defenses fall short against malware like Qakbot or Emotet.🕵️ Gootloader — The JavaScript Loader ReturnsAfter a seven-month hiatus, Gootloader is back with new evasion tactics: SEO poisoning, custom web fonts that obfuscate code, and malformed ZIP archives. The campaign deploys the Supper SOCKS5 backdoor, linked to the Vanilla Tempest ransomware affiliate.⚙️ Django — High-Severity SQL Injection (CVE-2025-64459)The Django Software Foundation patched a critical SQL injection flaw affecting the QuerySet methods, along with a Windows DoS bug. Updated versions 4.2.26, 5.1.14, and 5.2.8 are available and should be applied immediately.📤 NCSC UK — Mail Check and Web Check to End in 2026The UK’s National Cyber Security Centre will retire its Mail Check and Web Check services by March 31, 2026, recommending commercial External Attack Surface Management (EASM) solutions. A new buyer’s guide helps organizations plan the transition.⚡️ Don’t think, just patch! 🚀📚 Sources:https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/https://www.malwarebytes.com/blog/news/2025/11/should-you-let-chrome-store-your-drivers-license-and-passporthttps://therecord.media/china-sentences-5-myanmar-scam-kingpins-to-deathhttps://therecord.media/japan-nikkei-slack-breachhttps://unit42.paloaltonetworks.com/asset-management/https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/https://securityonline.info/django-team-patches-high-severity-sql-injection-flaw-cve-2025-64459-and-dos-bug-cve-2025-64458-in-latest-security-update/https://www.ncsc.gov.uk/blog-post/retiring-mail-check-web-check📞 Share your feedback:📧 [email protected]🌐 www.radiocsirt.com📰 radiocsirtintl.substack.com #CyberSecurity #MicrosoftTeams #Chrome #Nikkei #China #Django #Gootloader #PaloAlto #NCSC #CERT #SOC #CTI #RadioCSIRT 🎧🔥

NOW PLAYING

RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 9)

0:00 13:14

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 13 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on November 6, 2025.

What is this episode about?

Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥💬 Microsoft Teams — Impersonation and Spoofing VulnerabilitiesCheck Point Research disclosed four critical flaws in Microsoft Teams allowing attackers to impersonate users, manipulate messages,...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!