Canada quietly advances digital identity plans in the 2025 federal budget

Canada’s 2025 federal budget quietly revives digital ID plans, aiming to modernize service delivery in Employment Insurance and Old Age Security. The system would streamline access for seniors, newcomers, people with disabilities, and rural residents by acting as a “master key” across benefit programs.

Consultants explored merging systems in 2024, but centralized data—including banking, biometric, and health information—raises privacy and security concerns. Participation is voluntary, with paper and in-person services retained, though digital literacy, connectivity, and language barriers remain.

The initiative mirrors global trends, including the UK, Australia, and the EU, and while framed as pragmatic modernization, it hints at a gradual redefinition of the citizen–state relationship.

More via: Reclaim The Net

OpenAI faces lawsuits claiming ChatGPT’s design led to user suicides

OpenAI and founder Sam Altman face seven lawsuits filed November 6 in San Francisco and Los Angeles by the Social Media Victims Law Center, led by Matthew Bergman, and the Tech Justice Law Project, directed by Meetali Jain. The suits allege ChatGPT’s GPT-4o was rushed to market, built for “maximum engagement” with humanlike empathy, and released without safeguards, contributing to emotional harm and suicides.

Claims include wrongful death, assisted suicide, negligence, and consumer protection violations. Plaintiffs say OpenAI skipped safety testing to beat Google’s Gemini. Four users—Zane Shamblin of Texas, Amaurie Lacey of Georgia, Joshua Enneking of Florida, and Joe Ceccanti of Oregon—died after extended ChatGPT interactions. Three others—Jacob Irwin of Wisconsin, Hannah Madden of North Carolina, and Allan Brooks of Ontario—report emotional harm, alleging the chatbot acted as a “suicide coach.”

Bergman says OpenAI blurred the line “between tool and companion,” prioritizing market share over safety, while Jain calls the model’s design “emotional abuse in code.” OpenAI told The Epoch Times it is reviewing the cases, calling them “heartbreaking,” and said ChatGPT is trained to recognize distress, de-escalate, and guide users to help. The company added it has expanded crisis hotlines, improved reliability, and formed a Council on Well-Being and AI.

More via: ZeroHedge

Washington Post and Other Major Organizations Fall Victim to Widespread Oracle E Business Suite Hack

The Washington Post confirmed it was hacked via Oracle’s E-Business Suite, used for business operations and sensitive data. Reuters reported the breach, while Oracle directed inquiries to previous security advisories.

Ransomware group Clop, flagged by Google, exploited Oracle vulnerabilities, stealing business and employee data from over 100 companies. The campaign began in late September with extortion emails demanding up to $50 million, according to anti-ransomware firm Halcyon. Clop claimed the Post hack publicly, citing ignored security.

Other confirmed victims include Harvard University and Envoy, a subsidiary of American Airlines, showing the breach’s wide institutional impact.

More via: TechCrunch 

Google Takes Legal Action Against Chinese Cybercriminals Running Global Smishing Operations

Chinese cybercriminals have run global smishing campaigns for years, generating over $1 billion through messages impersonating banks, delivery firms, and law enforcement. Google sued 25 Lighthouse members in New York, alleging the network defrauded people in 120+ countries and misused Google’s brand.

Lighthouse software, a phishing-as-a-service tool, provides hundreds of templates spoofing 400+ entities, including USPS, New York City government, E-ZPass, and Google products. It supports SMS, RCS, and iMessage, uses IP filtering, domain rotation, and time-limited URLs, and can integrate stolen card data into digital wallets.

Research links Lighthouse to 200,000+ scam websites and 12.7–115 million U.S. credit or banking records. Google seeks restraining orders and injunctions, while experts note the network’s modular, real-time tools enable adaptive, large-scale fraud exploiting public trust.

More via: Wired

Private Vendor Uses Spyware to Target Samsung Galaxy Devices in the Middle East

A private offensive security vendor deployed Landfall, a commercial-grade spyware, against Samsung Galaxy devices in the Middle East, primarily in Iraq, Iran, Turkey, and Morocco, from mid-2024 to April 2025. Exploiting CVE-2025-21042 in Samsung’s image processing library, attackers delivered the spyware via malicious DNG files over WhatsApp. Unit 42 discovered Landfall while investigating related iOS exploits (CVE-2025-43300, CVE-2025-55177) and Samsung bug CVE-2025-21043, revealing cross-platform exploitation.

Landfall, targeting Galaxy S22–S24, performs secret recording, geolocation tracking, photo capture, contacts and call log collection, device fingerprinting, data exfiltration, and payload downloads, evading detection through anti-analysis mechanisms, privilege escalation, and debugger detection. At least six C2 servers overlap with Stealth Falcon, hinting at—but not confirming—a UAE government link. Landfall mirrors campaigns like NSO Pegasus, Cytox/Intellexa Predator, and Gamma FinFisher, highlighting persistent risks from commercial spyware, zero-day chains, and state-associated actors exploiting mobile vulnerabilities.

More Via: Dark Reading

China’s Largest Cybersecurity Firm Breached

Rumors are flying that Knownsec, China’s largest cyber-security (read: private intelligence) firm has been breached, surfacing details of China’s the firm’s work undertaking state infowar and espionage operations.

As per @IntCyberDigest,

“The data includes cyberweapon documentation, internal hacking tool source code, and global target lists covering over 20 countries, including Japan, Vietnam, and India.

A spreadsheet lists 80 hacked foreign organizations, plus evidence of 95 GB of stolen Indian immigration data and 3 TB of call records from South Korean mobile operator LG U Plus.

One of the documents mention a malicious power bank, disguised as a charging device.

Knownsec is key to China’s cybersecurity, providing advanced defense and offensive capabilities, including espionage tools. “

More via: Substack 

Question from Mark: Do You Use n8n workflows?

Mark here – I’m wondering how many of you use n8n workflows and if so, how do you use them?

There’s a reason why I’m asking this, which I’ll talk about next week (or soon after).

Just hit “reply” or email me at markj@easydns.com

Elsewhere Online: 

Amazon Details Attacks Targeting Cisco ISE and Citrix NetScaler Flaws
Read: https://thehackernews.com/2025/11/amazon-uncovers-attacks-exploited-cisco.html

Triofox Users Urged to Patch Immediately Following Critical Vulnerability Exploitation
Read: https://www.securityweek.com/critical-triofox-vulnerability-exploited-in-the-wild/

New UK Bill Expands Cybersecurity Rules Regulating MSPs and Critical Suppliers
Read: https://www.infosecurity-magazine.com/news/government-cyber-security/

Monsta FTP Security Bug Allowed Hackers Full Web Server Control
Read: https://hackread.com/monsta-ftp-flaw-web-servers-open-server-takeover/

New ClickFix Attacks Use Single Command to Infect Macs and Windows PCs
Read: https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/