Top 5 Cybersecurity News Stories November 28, 2025

Cybersecurity threats are constantly evolving as threat actors seek access to your data and money. To help you stay secure, we have searched the internet for the top five cybersecurity news stories of the week that we think you should be aware of.  No story is too big or small as we look at threats from espionage to security flaws in everyday devices:

1. FBI Reports $262M in ATO Fraud as Researchers Cite Growing AI Phishing and Holiday Scams

The Federal Bureau of Investigation (FBI) warns that cybercriminals impersonating banks and financial institutions have caused over $262 million in account-takeover (ATO) fraud this year, based on more than 5,100 complaints. Attackers commonly use social-engineering, texts, calls, phishing sites, to trick victims into revealing login credentials and one-time codes, then seize control of accounts to drain funds or convert them to cryptocurrency.

Fraudsters also exploit SEO poisoning and fake ads to lure victims, especially via holiday-themed campaigns. Users are urged to use strong, unique passwords, check banking URLs carefully, and remain vigilant against phishing attempts.
Read more on The Hacker News

2. New ShadowV2 Botnet Malware Used AWS Outage as a Test Opportunity

A newly identified botnet, ShadowV2, based on the Mirai lineage, was observed infecting IoT devices from vendors such as D-Link and TP-Link. Security researchers at Fortinet detected its activity during a major Amazon Web Services (AWS) outage in October 2025, likely a test run rather than a coincidence.

At least eight known vulnerabilities were used to compromise routers, NAS boxes, and DVRs globally across sectors including government, telecom, manufacturing, and education. ShadowV2 supports DDoS attacks and uses a downloader script to infect devices; its operators remain unknown. The report emphasizes the urgency of updating IoT firmware to mitigate such threats.
Read more on Bleeping Computer

3. EU Agrees New Rules for Online Fraud Protection

The European Union and the European Parliament have agreed on legislation that will force banks and payment providers to be liable for customer losses resulting from online fraud if they fail to implement adequate protections. Under the new rules, these services must freeze suspicious transactions and take stronger measures to prevent fraud, hidden fees, and data leaks.

Online platforms showing fraudulent ads will also bear liability for reimbursements if they fail to remove them. The legislation further mandates access to human customer support (not just chatbots), clearer payment terms, improved cash access in rural areas, and streamlined data-sharing among providers. Final adoption is pending formal ratification by member states.
Read more on Reuters

4. Multiple London Councils’ IT Systems Disrupted by Cyberattack

Three London local authorities, the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and London Borough of Hammersmith and Fulham (LBHF) experienced significant disruptions after a cyberattack impacted their shared IT infrastructure. Services including phone lines were disabled, prompting emergency plans to ensure residents continued to receive critical services.

Affected systems were shut down preventively; investigations are ongoing. While no group has claimed responsibility, security researcher Kevin Beaumont suggests the incident involved a ransomware attack on a shared service provider. The councils have informed the UK’s data regulator and promise updates as they work to restore systems and protect data.
Read more on Bleeping Computer

5. Shai-Hulud v2 Spreads From npm to Maven, as Campaign Exposes Thousands of Secrets

The second wave of the supply-chain attack known as Shai-Hulud v2 has expanded beyond the npm ecosystem into Java’s Maven Central, compromising more than 830 npm packages and at least one Maven package (org.mvnpm:posthog-node:4.18.1). The compromised Maven artifact reused the same malicious loaders and payload used in npm attacks, demonstrating how the malware can bridge ecosystems via automated package conversion tools.

The campaign has exposed hundreds of cloud credentials and GitHub tokens, with over 11,800 unique secrets found, and many still valid as of November 24, 2025. Attackers exploited CI/CD misconfigurations to backdoor developer machines and exfiltrate secrets, affecting more than 28,000 repositories. Cybersecurity experts warn that this underscores the fragile trust in software supply chains and recommend immediate rotation of keys, removal of compromised packages, and strengthening CI/CD security practices.
Read more on The Hacker News

At DIESEC, our experts are ready to assist with all your cybersecurity needs. We ensure your system is safe and secure and provide training for your employees to avoid falling victim to social engineering tactics.

For more information, please contact us now!