Cloudflare’s internal failure briefly turns the internet’s biggest platforms dark

Cloudflare, which carries about 20% of internet traffic and supports a third of the top 10,000 sites, said an internal failure—not the hyper-scale DDoS attack it first suspected—took down roughly 20% of webpages. A Bot Management System “feature file” outgrew its limits, breaking the software and briefly becoming the most consequential file online. The outage hit Coinbase, Blockchain.com, Ledger, BitMEX, Toncoin, Arbiscan, DefiLlama, X, and ChatGPT, piling onto frustration already sparked by last month’s Amazon Web Services outage.

EthStorage told Cointelegraph that centralized infrastructure like AWS and Cloudflare guarantees single points of failure and argued for a fully decentralized web stack. Their view aligned with Vitalik Buterin’s “Trustless Manifesto,” co-written with Ethereum Foundation researchers Yoav Weiss and Marissa Posner, which warns that hosted nodes and centralized relayers quietly turn neutrality into chokepoints—even before everything goes down at once.

More Via: Zerohedge

Protei is hacked and its surveillance data spills into public view

Protei, a telecom company founded in Russia and now based in Jordan, was hacked, its website defaced on November 8, and about 182 gigabytes of server data — including years of emails — stolen. The Internet Archive’s Wayback Machine captured the defacement message, “another DPI/SORM provider bites the dust,” referencing Protei’s deep-packet-inspection tools and their connection to SORM, the Russian lawful intercept system enabling government access to calls, texts, and browsing data. The hacked data was given to DDoSecrets, the nonprofit that indexes leaked datasets tied to surveillance actors.

TechCrunch reported the breach; Protei’s Jordan director, Mohammad Jalal, denied Russian ties and any awareness of data exfiltration. Protei sells telecom, connectivity, surveillance, and filtering systems across regions from Bahrain to central Africa. The Citizen Lab reported that Iranian telecom Ariantel consulted Protei on logging and blocking technologies enabling targeted or broad website restrictions.

More Via: TechCrunch

AI runs most of a state-backed cyberattack and forces OpenAI to sound the alarm

OpenAI says that in mid-September 2025 it uncovered a sophisticated espionage campaign run, with high confidence, by a Chinese state-sponsored group using Claude Code to autonomously infiltrate about thirty global targets, succeeding in a few. Exploiting advances in model intelligence, agency, and tools available through the Model Context Protocol—including password crackers and network scanners—the attackers jailbroke Claude, disguised tasks as benign, and posed as a legitimate cybersecurity firm. Human operators selected targets across tech, finance, chemical manufacturing, and government, then deployed an autonomous framework that handled reconnaissance, vulnerability analysis, exploit-code generation, credential harvesting, data extraction and classification, backdoor creation, and documentation.

OpenAI reports that 80–90% of the operation was AI-driven, with humans stepping in only a handful of times per target. The system acted at machine speed, though it hallucinated credentials and misread public data. Over ten days, OpenAI banned accounts, notified affected entities, coordinated with authorities, and used Claude internally to analyze the investigation’s massive dataset. The company calls this the first documented large-scale cyberattack with minimal human oversight and argues that lowered barriers now let far less-resourced actors mount comparable operations, urging stronger safeguards, industry threat-sharing, and defensive use of AI across SOC automation, threat detection, vulnerability assessment, and incident response.

More Via: Anthropic 


Google Faces Class Action Lawsuit Over Alleged Secret Activation of AI Across Its Platforms

In October 2025, Google reportedly flipped a “digital switch” unnoticed by Gmail, Chat, and Meet users. Plaintiffs Thomas Thele and Melo Porter allege in a class action lawsuit that Google silently activated its AI system, Gemini, across its platforms, allowing access to all private communications—emails, attachments, and messages—without consent. Previously opt-in, Gemini was allegedly turned on by default, with a misleading settings notice: “When you turn this setting on, you agree.”

The lawsuit highlights the scope of exposed data: financial, employment, religious and political affiliations, medical records, social habits, family identities, shopping and exercise routines, and children’s activities. Plaintiffs claim Gemini can cross-reference and monetize insights, calling the conduct “deceptive and unethical.” The case invokes the California Invasion of Privacy Act, the California Computer Data Access and Fraud Act, the Stored Communications Act, and California’s constitutional privacy rights. Google has not commented.

More Via: Reclaim The Net

Logitech Confirms Cybersecurity Breach After Being Named a Victim by Cl0p Ransomware Group

Logitech confirmed a cybersecurity breach in a Friday SEC filing, reporting that an unauthorized actor exploited a zero-day in a third-party software platform to copy data from its internal IT systems. The stolen information likely included limited employee, consumer, customer, and supplier data, but not sensitive details such as national ID numbers or credit card information. Products, operations, and manufacturing were unaffected, and the company does not expect a material financial impact. Logitech’s cybersecurity insurance is expected to cover costs for incident response, investigations, business interruptions, legal actions, and regulatory fines.

The disclosure follows Logitech being listed on the Cl0p ransomware leak site in early November 2025, linked to the Oracle EBS campaign. Cybercriminals leaked 1.8 TB of stolen files. Over 50 organizations, including The Washington Post, Harvard University, Envoy Air, and Hitachi subsidiary GlobalLogic, have been affected. Analysts link the campaign to a FIN11 cluster previously targeting Cleo, MOVEit, and Fortra file transfer products. CVE-2025-61884 and CVE-2025-618842 are the suspected vulnerabilities.

More via Security Week

Venezuelan doctor gets 30-years in prison for WhatsApp voice note

65-year old Dr. Marggie Orozco has been sentenced to 30 years in prison after being found guilty of “treason to the fatherland, incitement to hatred, and conspiracy” after she complained about the Maduro regime in a voice note via WhatsApp in 2024.

Absolutely no coverage in the wider press.

Maybe the mainstream media will pick these stories up when it happens in Canada after Bill C-9(“Combatting Online Hate”) passes.

Orozco will be 95 years old at the end of her sentence, however according to Venezuela’s JEP rights NGO, Orozco has alrady suffered two heart attacks while in police custody.

More Via: Zerohedge

Elsewhere Online: 

Azure Faces Largest Ever Cloud Based DDoS Attack and Successfully Mitigates It
Read: https://www.theregister.com/2025/11/17/biggest_cloud_ddos_attack_azure/

7-Zip Users Must Update Now Due to Symbolic Link RCE Vulnerability
Read: https://thehackernews.com/2025/11/hackers-actively-exploiting-7-zip.html

Local Facilitators Helped North Korea’s Fake IT Workers Infiltrate US Firms
Read: https://www.darkreading.com/remote-workforce/us-citizens-plead-guilty-north-korean-it-worker

DoorDash Data Breach After Employee Falls for Social Engineering Scam
Read: https://hackread.com/doordash-data-breach-employee-social-engineering-scam/

Financial Sector Highly Affected as Stolen FTSE 100 Credentials Surface Online
Read: https://www.infosecurity-magazine.com/news/half-million-stolen-ftse-100/