CISA's election day monitoring room was not stood up yesterday for the first time in years According to Bloomberg, remaining CISA election security staff, who have not been fired, have been "prohibited" from contacting state election officials.

Bloomberg.com

US Elections Face Security Test as DHS Cuts Local Cyber Support

As voters across the US from New York City to New Jersey and Virginia prepare to cast ballots Tuesday, election officials are operating with sharpl...

-US indicts two rogue cybersecurity employees for ransomware attacks -Hackers extort massage parlor visitors -Balancer hacked for $128 million -Cargo thieves use hackers to go after trucking and freight companies -UPenn hack gets feisty -Major breach in Poland, at SuperGrosz -Australia expands kids social media ban to Reddit and Kick -SMS blaster detained in Cambodia -Scammers arrested in Europe Podcast:

Risky Bulletin: US indicts two rogue cybersecurity employees for ransomware attacks - Risky Business Media

The US indicts two cybersecurity employees over ransomware attacks, hackers extort customers of South Korean massage parlors, another cryp [Read More]

Newsletter:

Risky.Biz

US indicts two rogue cybersecurity employees for deploying ransomware

In other news: Hackers extort massage parlor visitors; Balancer hacked for $128 million; cargo thieves use hackers to go after trucking and freight...

iOS security updates:

Apple Support

Apple security releases - Apple Support

This document lists security updates and Rapid Security Responses for Apple software.

Android security updates:

Android Open Source Project

Android Security Bulletin—November 2025 | Android Open Source Project

Start patching!

Chipmaker AMD has confirmed a major security bug in the RDSEED entropy generator impacting Zen 5 processors. The RDSEED process has been failing to produce random numbers on Linux systems. AMD is planning to release patches through November for all affected CPU models. https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7055.html

Cybersecurity engineer Aditya Tiwari has released SlopGuard, a tool to detect AI-hallucinated package dependencies and supply chain attacks

SlopGuard - AI Hallucination Detection for Package Dependencies

KELA has published a profile on a hacker who goes online under multiple names, but is referenced in this report as 303, their username on the old BreachForums. KELA believes the suspect, a prolific leaker, is a Spanish-speaking user based in Uruguay.

The Many Identities of Threat Actor 303 | KELA Cyber

Open Measures looks at a VK spam campaign promoting EditaPapers, an essay-writing service that likely uses generative AI. The campaign has posted a whopping 200,000 times since June by abusing the VK API.

Network of VK Pages Blitzes Platform with Posts Promoting AI Essay-Writing Services

The pages appear linked to a Cyprus company and posted more than 200,000 times last year

Talks from the USENIX Security 2025 security conference, which took place in August, are now available on YouTube