RedNovember’s Global Cyber-Espionage Blitz

The Chinese state-sponsored group RedNovember, previously tagged as TAG-100 and overlapping with Storm-2077, is unleashing a sophisticated cyber-espionage campaign targeting government, defense, and tech sectors worldwide. Between June 2024 and July 2025, they’ve exploited vulnerabilities in edge devices like SonicWall, Cisco ASA, F5 BIG-IP, and Ivanti Connect Secure VPNs using open-source tools such as Pantegana and Cobalt Strike. Their targets include a Central Asian foreign ministry, an African state security organization, European space and aerospace entities, and U.S. defense contractors. By leveraging spearphishing and proof-of-concept (PoC) exploits, RedNovember achieves low-cost, high-scale attacks, capitalizing on the persistent vulnerabilities of internet-facing infrastructure to obfuscate attribution and maximize impact.

RedNovember’s operations align closely with China’s strategic priorities, with reconnaissance in Taiwan coinciding with military exercises in December 2024 and Panama scans following U.S. diplomatic moves in April 2025. Their targeting has expanded beyond Southeast Asian governments to include U.S. defense firms, European engine manufacturers, law firms, and media outlets like a major U.S. newspaper and a Korean nuclear research institute. Using tools like LESLIELOADER and SparkRAT, they’ve compromised devices from Fortinet firewalls to Outlook Web Access portals. Insikt Group, backed by Recorded Future’s intelligence, recommends urgent mitigation: patch high-risk vulnerabilities, monitor command-and-control (C2) traffic, and secure edge devices to blunt this escalating, geopolitically driven threat.

More via Recorded Future 

Canada Revives Controversial Bill C-36 With New Powers to Police Online Content, Hate Speech, and Deepfakes

Canada’s federal government, led by Heritage Minister Steven Guilbeault, is reviving the skeleton of Bill C-36—previously shelved after backlash—via a new bill targeting “harmful online content.” The legislation reintroduces a Digital Safety Commission empowered to compel platforms to delete flagged material, like non-consensual intimate images or child abuse content, within 24 hours. Complainants and posters may respond, but a state regulator decides.

Guilbeault insists the bill aligns with the Charter of Rights and Freedoms while expanding scope: amending the *Canadian Human Rights Act* to sanction online “detestation or vilification,” introducing peace bonds to preempt hate crimes, and updating the *Criminal Code* to add life sentences for promoting genocide. A related effort, Bill C-9, championed by Minister Fraser, tackles terrorist content and hate speech. The bill also criminalizes deepfake porn. In 2021, University of Toronto’s Citizen Lab had condemned similar efforts as “punitive” and “disturbing,” a rebuke that still haunts this rebranded legislative push.

More via Reclaim The Net 

Let’s not forget Bill C-8, the new cyber-security act: it empowers the Minister of Industry (currently Melanie Joly) to “designate” a person as ineligible to receive internet services from any IT provider – essentially kicking them off of the internet. It would not require a warrant. – markjr

Bill C-8 is currently in second-reading in Parliament.

Read: https://nationalpost.com/opinion/canadian-bill-would-strip-internet-access-from-specified-persons

Karnataka High Court Backs Sahyog Portal as X Corp Plans Appeal Over Censorship Fears

In September 2025, the Karnataka High Court upheld the Indian government’s Sahyog portal—a Ministry of Home Affairs initiative operated by the Indian Cyber Crime Coordination Centre—dismissing a constitutional challenge by Elon Musk’s X Corp (formerly Twitter). Launched in October 2024, Sahyog enables state police and other agencies to issue content takedown orders directly to platforms without judicial review, based merely on allegations of illegality. X argued this bypasses Section 69A of the IT Act, 2000, defies Supreme Court precedent, and threatens free speech. The court, led by Justice M Nagaprasanna, ruled regulation essential to curb online misuse, especially in cases involving crimes against women, rejecting X’s portrayal of Sahyog as unchecked censorship. X warned the system allows millions of officers to issue opaque demands, imposes criminal liability for noncompliance, and enables content removal absent due process. Asserting its relevance to Indian public discourse, X will appeal, insisting its foreign status doesn’t negate platform users’ rights.

More via India Times 

WestJet Breach Exposes 1.2 Million Passengers Amid Scattered Spider Aviation Attacks

WestJet, Canada’s second-largest airline, disclosed a June data breach affecting 1.2 million passengers, including 240 Maine residents, in a filing to that state’s attorney general. Exposed data includes names, dates of birth, postal addresses, passports, government-issued IDs, service requests, complaints, and frequent flyer rewards data like point balances. The breach, unelaborated on by spokesperson Jennifer Booth, was reportedly the work of Scattered Spider, a financially motivated group of English-speaking teenagers and young adults. Known for social engineering IT help desks, the group previously targeted the aviation sector, prompting FBI and cybersecurity firm warnings. The same group allegedly breached Australian airline Qantas, compromising data on 6 million customers. The WestJet breach is part of a broader, escalating pattern of cyberattacks exploiting internal vulnerabilities in transportation networks. While the company has not shared mitigation details, the scale, method, and nature of data stolen highlight a persistent threat facing the global aviation industry’s digital infrastructure.

More via Tech Crunch


easyDNS Sponsors The Canadian Bitcoin Conference

We’re thrilled to be a sponsor for this year’s Canadian Bitcoin Conference taking place at the venerable Rialto
Theatre in Montreal, October 16-18th.

CEO Mark Jeftovic will be there, moderating a panel on Bitcoin Treasury Companies and then co-hosting a fireside chat with Canadian Bitcoin Podcast’s Joey Temprile on Canada’s incoming surveillance bills (C-2, C-8, C-9 & C-26).

Tickets still available through the website: https://canadianbitcoinconf.com/

Cisco ASA Zero-Day Flaws Under Fire

Cisco is sounding the alarm on two zero-day vulnerabilities hammering its Secure Firewall Adaptive Security Appliance (ASA) and Threat Defense (FTD) software. CVE-2025-20333 (CVSS 9.9) lets authenticated attackers with VPN credentials run arbitrary code as root via crafted HTTP requests, while CVE-2025-20362 (CVSS 6.5) allows unauthenticated attackers to bypass authentication and hit restricted URLs. These flaws are being actively exploited in the wild, likely chained together to dodge defenses and execute malicious code. Cisco’s tight-lipped on the attackers’ identity and attack scale, but they’re urging immediate patches with support from global cyber agencies like Australia’s ACSC, Canada’s Cyber Security Centre, the U.K.’s NCSC, and the U.S.’s CISA.

CISA’s Emergency Directive: Act Fast or Fall Hard CISA’s not messing around, issuing Emergency Directive ED 25-03 to force federal agencies to patch these vulnerabilities within 24 hours, adding them to its Known Exploited Vulnerabilities catalog. The attacks, linked to a sophisticated threat actor dubbed UAT4356 (aka Storm-1849) and part of the ArcaneDoor campaign, involve remote code execution and ROM manipulation to persist through reboots and upgrades. This isn’t new—ArcaneDoor’s been targeting network devices since at least 2024, dropping malware like Line Runner and Line Dancer. While Cisco Firepower’s Secure Boot can detect some manipulations, the risk to networks is severe, and CISA’s demanding swift action to lock it down.

More via The Hacker News