Nov 14, 2025

1. Email 1: Reuters Investigates Meta’s Fraud Profits
2. Reuters revealed that Meta’s 2024 advertisements for scams and banned goods were projected to generate about $16 billion, roughly 10% of Meta’s total revenue.
3. Internal documents cited that Meta platforms were involved in one-third of all successful US scams.
4. Meta bans advertisers only if automated systems are 95% certain of fraud; otherwise, they charge higher ad rates as a penalty, potentially incentivizing scam ads for profit.
5. Meta management possibly weighed regulatory risks against the financial gains from scam ads, with documented willingness to forgo only 0.15% of revenue to clamp down on suspicious advertisers.
6. Former employees and observers suggest forcing Meta to relinquish scam ad earnings to anti-scam efforts.

7. Related: supply chain attacks by state-backed hackers targeting SonicWall and F5; UK suspends intelligence sharing on suspected drug smuggling vessels due to US strikes; Russian wiper attacks against Ukraine’s grain sector; UK’s new measures against spoofed phone numbers; demolition of Myanmar scam compound; US cyber threat sharing bill extension.

8. Email 2: Operation Endgame – Cybercrime Malware Infrastructure Dismantled

9. Europol-led Operation Endgame took down infrastructure for Rhadamanthys infostealer, VenomRAT Trojan, and Elysium botnet.
10. More than 1,025 servers were disrupted worldwide; 20 domains seized; administrator of VenomRAT arrested in Greece.
11. The infostealer operator had access to 100,000+ crypto wallets worth millions of euros.
12. US DC Attorney launched first investigative task force targeting cryptocurrency scams linked to overseas crime organizations in Southeast Asia, especially in Burmese, Cambodian, and Laotian scam compounds.
13. Amazon threat intelligence uncovered exploitation of zero-day vulnerabilities in Citrix Bleed2 and Cisco ISE by APT actors deploying custom malware.
14. CISA issued emergency directives for patching Cisco ASA and Firepower vulnerabilities used in active attacks.
15. Extremist group member facing child exploitation charges; Musk’s X platform users locked out due to botched security key switchover; calls from US senators to block ICE access to state data.

16. Other: US military officer nominated to lead US Cyber Command despite no digital warfare experience; layoffs at Deepwatch cybersecurity firm linked partly to AI investments; Google developing an advanced flow for installing unverified Android apps; Lotte Card CEO resignation post-data breach; medical center cyberattack exposing Washington state resident data; Beijing accuses Australia’s spy chief of disinformation; healthcare data breach threatens reporting under HIPAA.

17. Email 3: Zero Trust Everywhere and AI-Powered Security

18. From Zscaler: advocating full Zero Trust security to cover users, branches, and cloud workloads.
19. Unified security reduces reliance on traditional firewalls and network appliances, lowering costs and complexity.
20. Zero Trust Everywhere secures employees, contractors, suppliers (users), physical locations and IoT/OT devices (branches), and inter-cloud workloads.
21. Advantages include modern workforce enablement, business acceleration, and defense against ransomware and AI-enhanced cyberattacks.

22. Related materials include eBooks and brochures on securing data in remote work environments and with AI models.

23. Email 4: The CyberWire Daily Briefing Highlights

24. Europol operation dismantled malware infrastructure tied to Rhadamanthys, VenomRAT, and Elysium; administrator arrested in Greece.
25. Amazon described exploitation of Cisco and Citrix zero-day vulnerabilities used in advanced persistent threat (APT) attacks before public patches.
26. US announces Scam Center Strike Force targeting Southeast Asian scam compounds run by Chinese organized crime groups and allied militias.
27. Lumma Stealer malware rebounding with enhanced browser fingerprinting techniques.
28. Various sponsored content including AI-enabled SOC workflows and agentic access control webinars.

29. Additional notable news: increased Lumma Stealer activity, CISA warnings on Cisco flaws, Microsoft’s screen capture prevention in Teams, UK cybersecurity legislation progress.

30. Email 5: SecurityWeek Cybersecurity News and Analysis

31. ChatGPT vulnerability that exposes underlying cloud infrastructure highlighted.
32. Over 1,000 servers affected by law enforcement takedown of Rhadamanthys, VenomRAT, and Elysium networks.
33. CISA updates patching guidance for Cisco devices targeted in China-linked cyberattacks.
34. Amazon reports on zero-day exploitation in Cisco ISE and Citrix systems.
35. Various industry expert insights on leveraging behavioral detection, leadership in cybersecurity, and safe deployment of AI tools.
36. Other topics: growing ransomware threats, recently patched high-severity vulnerabilities, ongoing investigations into Oracle EBS hack, critical Firebox vulnerabilities exploited, and rising malware activity.
37. Promotions for Zero Trust security implementations and upcoming virtual cybersecurity events.

Stay Well!