Issue #175 - November 10, 2025
- Weekly INK
- Nov 10
- 2 min read
Updated: Nov 13
OWASP Highlights Supply Chain Risks in New Top 10 List
Source: Dark Reading
A major OWASP refresh spotlights software supply chain failures and misconfiguration as top risks. For SMBs, this means looking beyond code bugs to vendor components, CI/CD pipelines, and cloud settings. The takeaway: add supply-chain checks to patching, and tighten configuration governance to reduce real-world breach paths.
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Source: The Hacker News
Researchers showed eavesdroppers can infer the topic of your AI chatbot conversations by analyzing encrypted traffic patterns. For businesses piloting GenAI, treat prompts as sensitive data, avoid untrusted networks, and consider non-streaming modes or providers with mitigations to blunt this side-channel risk. Security needs to extend to AI usage.
Landfall Android Spyware Targeted Samsung Phones via Zero-Day
Source: SecurityWeek
A zero-day in a Samsung image library was exploited to drop “Landfall” spyware via malicious images, enabling microphone, location and data theft. BYOD shops should enforce mobile OS updates, restrict sideloading, and require EDR/MAM on corporate-connected phones to stop surveillanceware from becoming a quiet foothold into company systems.
Russian Hacking Group Sandworm Deploys New Wiper Malware in Ukraine
Source: Infosecurity Magazine
Sandworm’s renewed destructive campaigns are a reminder that geopolitics can spill into business networks. Even outside conflict zones, U.S. organizations should harden backups, monitor for anomalous file operations, and rehearse restoration. Wipers don’t seek ransom—they seek impact—so resilience and response speed matter more than ever.
Nearly 30 Alleged Victims of Oracle EBS Hack Named on Cl0p Ransomware Site
Source: SecurityWeek
Cybercriminals have named nearly 30 organizations allegedly impacted by the recent campaign targeting customers of Oracle’s E-Business Suite (EBS) enterprise resource planning solutions. The campaign, which involved extortion emails being sent to executives at dozens of organizations in late September, is believed to have been conducted by a cluster of a profit-driven threat actor tracked as FIN11.