This week’s cybersecurity landscape saw a range of notable incidents, from AI browser attacks to ransomware leaks and corporate legal battles. Security experts continue to track emerging threats and high-profile investigations that may have flown under the radar.
Scattered Spider Suspects Plead Not Guilty
Thalha Jubair and Owen Flowers, alleged members of the Scattered Spider cybercrime group, have pleaded not guilty in the UK for a disruptive cyberattack against Transport for London (TfL). Jubair also faces charges in the U.S., including hacking networks, stealing and encrypting data, and extortion.
HashJack Targets AI Browsers
Cato Networks researchers revealed a new attack called HashJack, exploiting AI browser assistants in Comet, Edge, and Chrome. The method involves hiding malicious prompts after the ‘#’ symbol in legitimate URLs. When AI browsers process these URLs, attackers can potentially execute phishing campaigns, steal data, deliver malware, or spread misinformation. Vendors have issued patches, though Google has classified the issue as low severity.
Charming Kitten Leak Reveals Operations
Internal documents from Iranian APT group Charming Kitten (APT35) were leaked on GitHub last month, shedding light on the organization’s structure. Analysis by DomainTools shows the group operates like a regimented, quota-driven cyber unit with tasks assigned systematically and performance tracked monthly, including phishing success rates and exploitation metrics.
Scattered Lapsus$ Hacker Identified
Cybersecurity journalist Brian Krebs reports that ‘Rey,’ a prominent member of the Scattered Lapsus$ Hunters group, is 16-year-old Saif Al-Din Khader from Amman, Jordan. Rey reportedly intends to retire from the group and collaborate with European authorities, though these claims have not been independently verified.
Corporate Cyber Developments
- TP-Link vs. Netgear: TP-Link filed a lawsuit in Delaware against Netgear, alleging false claims linking TP-Link to the Chinese government. TP-Link asserts that Netgear’s statements are defamatory and harm competition.
- Comcast Fined $1.5 Million: The telecom giant agreed to a $1.5 million FCC fine following a 2024 data breach at its vendor, Financial Business and Consumer Solutions (FBCS), affecting 238,000 customers.
- Gainsight-Salesforce Breach: Gainsight maintains that only a handful of customers were affected by last week’s breach impacting Salesforce integrations, contrasting Google’s report suggesting up to 200 instances may have been compromised.
Vulnerabilities and Threats
- Firefox WebAssembly Flaw: CVE-2025-13016, a high-severity vulnerability in Firefox’s WebAssembly engine, could allow remote code execution. The flaw was patched in Firefox 145 after remaining undetected since April 2025.
- ShadowV2 IoT Botnet: This Mirai-based botnet targeted vulnerable IoT devices during a late-October AWS outage, likely as a test run for future attacks.
- Bloody Wolf APT Expansion: The Bloody Wolf APT has expanded operations across Central Asia, impersonating government ministries and deploying STRRAT malware along with the legitimate remote administration tool NetSupport.
These developments highlight the growing complexity of cyber threats, from sophisticated AI exploits to international ransomware operations and corporate data breaches. Organizations and individuals alike are advised to stay vigilant, patch systems promptly, and monitor for suspicious activity.
