Nov 23, 2025

Email 1:

Subject: Best infosec-related long reads for the week of 11/15/25

Sender: info@metacurity.com

Summary:

– This edition from Metacurity highlights several in-depth infosec stories.

– Features a sophisticated Bitcoin scam involving elaborate social engineering, luxury meetings, and seed phrase theft leading to a $220,000 loss.

– Profiles former FBI agents uncovering a North Korean hacker, Hades, posing as an IT worker offering ransomware expertise.

– Coverage of New Zealand’s Kawaiicon hacker conference deploying a real-time, room-level CO2 monitoring system to reduce viral transmission risks.

– An analysis of how AI has supercharged foreign disinformation warfare, noting the weakening of U.S. government countermeasures.

– Explains EU and U.S. differing responses to the Collins Aerospace ransomware attack, emphasizing EU NIS2 regulations expanding cybersecurity obligations to critical infrastructure, including cross-border impacts even on U.S.-based companies providing essential services.

Call to Action:

– Encourages readers to support Metacurity via paid subscriptions or sponsorships to keep providing timely infosec insights.

– Contact Cynthia at cynthia@metacurity.com for more info on sponsorship or subscriptions.

Email 2:

Subject: 🚨WK 45: Anthropic AI Espionage, Cloudflare’s Outage, EU Delays AI Act Rules, US Cyber Investments…

Sender: thecybersecurityclub@mail.beehiiv.com

Summary:

– Reports on Cloudflare’s major internal outage caused by an erroneous database configuration doubling a critical file size, triggering global 5xx errors and widespread service disruption.

– Highlights emerging malware and vulnerability news, including Microsoft Teams’ new feature raising phishing risks, WhatsApp metadata exposure affecting 3.5 billion users, and critical RCE vulnerabilities patched by SolarWinds.

– Covers multiple cybersecurity incidents:

• Mass exploitation of 50,000+ ASUS routers.

• Gainsight-Salesforce breach via OAuth token misuse.

• Ransomware attack on LG Energy Solution.

• Data breach in Somalia’s e-visa system leading to a senior official’s firing.

• Kenyan government websites defaced.

• Cyberattack on fiber infrastructure provider Eurofiber France.

• EU designates critical ICT providers under new regulations.

• Surveillance tech firm Protei hacked and website defaced.

– Threat Intelligence:

• Anthropic warns of AI-driven espionage operations.

• Google actions against scam networks.

• Reports on state-aligned China-linked cyber-espionage groups.

• U.S. Pentagon investment in AI-driven offensive cyber units.

• Updates on DPRK cyber operations and recruitment.

– Regulations & Policy:

• EU postpones enforcement of AI Act provisions; proposes GDPR updates.

• U.S. DOJ launches strike force targeting Southeast Asian crypto fraud.

• Actions disrupting North Korean cybercrime infrastructure.

• Europol dismantled a 1,025-server cybercrime network.

• UK courts order convicted Twitter hacker to repay £41 million.

• Germany advancing NIS2 implementation.

• EU considers restricting Chinese access to critical infrastructure.

– Reports on emerging attack trends, including sophisticated 2FA phishing kits and increasing cyberattacks targeting civilian systems.

– Announces an exclusive executive cybersecurity dinner during Black Hat Middle East & Africa 2025.

Call to Action:

– Invitation to register interest for the cybersecurity dinner.

– Sponsorship and advertising opportunities with The Cybersecurity Club via team@thecybersecurity.club.

– Join their LinkedIn Group for community engagement.

Stay Well!