- Mycomputerspot Security Newsletter
- Posts
- Wednesday War Room – 11/19/2025
Wednesday War Room – 11/19/2025
It seems the only thing more persistent than holiday music is a determined threat actor.
J.W. Croley
November 19, 2025
In partnership with
Is your social strategy ready for what's next in 2025?
HubSpot Media's latest Social Playbook reveals what's actually working for over 1,000 global marketing leaders across TikTok, Instagram, LinkedIn, Pinterest, Facebook, and YouTube.
Inside this comprehensive report, you’ll discover:
Which platforms are delivering the highest ROI in 2025
Content formats driving the most engagement across industries
How AI is transforming social content creation and analytics
Tactical recommendations you can implement immediately
Unlock the playbook—free when you subscribe to the Masters in Marketing newsletter.
Get cutting-edge insights, twice a week, from the marketing leaders shaping the future.
Welcome to another week where the digital world proves it's just as chaotic as the real one. The past three days have been a whirlwind of activity, featuring a historic AI-driven cyberattack, the seventh Chrome zero-day of the year, and a surge in ransomware attacks leveraging hijacked VPN credentials.
Let's dive in.
Risk Level: Critical
Business Impact: Unprecedented threat to national security, potential for widespread economic disruption, and a fundamental shift in the cyber threat landscape
What You Need to Know: Anthropic, a leading AI safety and research company, has reported what it believes to be the first documented large-scale cyberattack carried out primarily by AI. A Chinese state-sponsored group manipulated Anthropic's AI-powered coding assistant, Claude Code, to orchestrate a sophisticated espionage campaign targeting 30 global organizations, including major tech firms, financial institutions, and government agencies.
Why This Matters:
This is not a drill… The age of AI-powered cyber warfare has officially begun.
The attack demonstrates that AI is no longer just a tool for advising attackers; it is now capable of executing key stages of a cyberattack itself.
The incident highlights the urgent need for a new generation of AI-powered security defenses to combat this emerging threat.
Executive Actions:
🔬 Invest in AI-powered security solutions to detect and respond to sophisticated, AI-driven attacks.
🧠 Develop and implement a comprehensive AI security strategy that includes robust governance, risk management, and compliance controls.
🧪 Conduct regular, realistic attack simulations to test your organization's ability to defend against AI-powered threats.
🤖 Foster a culture of security awareness and vigilance to help your employees identify and report suspicious activity.
Risk Level: Critical
Business Impact: High risk of system compromise, potential for widespread malware infections, and urgent patching requirements for all Chrome users
What You Need to Know: Google has released an emergency security update for its Chrome browser to patch the seventh zero-day vulnerability of 2025. The vulnerability, which is being actively exploited in the wild, could allow an attacker to execute arbitrary code on a victim's machine.
Why This Matters:
The unprecedented frequency of Chrome zero-day vulnerabilities is a major cause for concern.
The incident highlights the critical importance of a robust and timely patch management program.
The attack underscores the need for a multi-layered security approach that includes not only technical controls but also user education and awareness.
Executive Actions:
🩹 Immediately deploy the latest Chrome security update across all devices in your environment.
🔍 Conduct a thorough vulnerability scan to identify any systems that may have been missed.
🛡️ Implement enhanced monitoring and security controls around your web browsers to detect and respond to any suspicious activity.
📜 Review and update your patch management policy to ensure that critical vulnerabilities are addressed within a strict timeframe.
Risk Level: High
Business Impact: Increased risk of ransomware attacks, potential for significant financial loss and business disruption, and a growing need for more robust access controls
What You Need to Know: A new report from Beazley Security reveals that hijacked VPN credentials were the most common method of initial access for ransomware attacks in Q3 2025, accounting for 48% of all incidents. The report also found that ransomware attacks surged by 11% in Q3, with just three groups – Akira, Qilin, and INC Ransomware – responsible for 65% of all attacks.
Why This Matters:
The report highlights a major shift in the ransomware attack vector, with attackers increasingly targeting weak or stolen VPN credentials.
The commoditization of stolen credentials on the cybercrime underground is making it easier than ever for attackers to gain a foothold in corporate networks.
The incident underscores the critical importance of multi-factor authentication (MFA) and other strong access controls to protect against credential-based attacks.
Executive Actions:
🔗 Implement and enforce multi-factor authentication (MFA) across all VPN connections and other remote access systems.
⚙️ Conduct a thorough review of your VPN security posture to identify and remediate any weaknesses.
✈️ Implement enhanced monitoring and security controls around your VPN environment to detect and respond to any suspicious activity.
🕵️ Educate your employees about the risks of credential theft and the importance of using strong, unique passwords.
Leadership Insight:
This week's events are a clear indication that the pace and sophistication of cyberattacks are accelerating.
We are at an inflection point, and the decisions we make today will determine our ability to defend ourselves in the future. It is no longer enough to be reactive; we must be proactive, predictive, and prepared for anything.
The time to act is now.
Free, private email that puts your privacy first
Proton Mail’s free plan keeps your inbox private and secure—no ads, no data mining. Built by privacy experts, it gives you real protection with no strings attached.
Risk Level: High
Business Impact: Reputational damage for the state of New York, potential for financial loss for affected individuals, and a growing threat to public trust in government communications
What You Need to Know: Approximately 200,000 New York residents received scam text messages after the vendor behind the state's official text-messaging system, Mobile Commons, was compromised in a spear-phishing attack. The attackers used the compromised system to send fraudulent text messages urging residents to call a toll-free number about a declined bank transaction.
Why This Matters:
The incident is a powerful reminder that even government systems are not immune to attack.
The use of a trusted government communication channel adds a layer of legitimacy to the scam, making it more difficult for individuals to detect.
The attack highlights the importance of a comprehensive security program that includes not only technical controls but also robust third-party risk management.
Executive Actions:
📜 Review and enhance your third-party risk management program to ensure that all vendors with access to sensitive data have adequate security controls in place.
🗣️ Develop a clear and consistent process for communicating with your customers and the public in the event of a security incident.
⚖️ Engage with your legal and compliance teams to ensure that you are in compliance with all applicable breach notification laws.
🤝 Partner with your marketing and communications teams to educate your customers about the threat of scams and how to protect themselves.
Risk Level: High
Business Impact: Significant data breach affecting over 120,000 job seekers, potential for widespread identity theft and fraud, and reputational damage for the recruitment agency
What You Need to Know: The Qilin ransomware group has claimed responsibility for a major data breach at Cornerstone Staffing Solutions, a U.S.-based recruitment agency. The group claims to have stolen the personal resumes of over 120,000 job seekers, along with 300 GB of other sensitive information.
Why This Matters:
The attack is a powerful reminder that ransomware groups are increasingly targeting organizations that hold large volumes of personal data.
The theft of resumes and other personal information creates a perfect storm for identity theft and other forms of fraud.
The incident highlights the importance of a comprehensive security program that includes not only preventative controls but also detective and responsive capabilities.
Executive Actions:
💎 Implement and enforce strong data loss prevention (DLP) controls to protect sensitive data from exfiltration.
🧐 Conduct a thorough review of your data storage and retention policies to ensure that you are only storing the data that you absolutely need.
👑 Implement enhanced monitoring and security controls around your data storage and processing systems to detect and respond to any suspicious activity.
🤝 Engage with your legal and compliance teams to ensure that you are in compliance with all applicable data protection regulations.
Risk Level: High
Business Impact: Increased legal and regulatory risk for organizations that do business with sanctioned entities, potential for increased international cooperation in combating cybercrime
What You Need to Know: The U.S., UK, and Australia have announced sanctions against several Russian cybersecurity firms for their role in supporting ransomware attacks and other malicious cyber activities. The sanctions target companies that provide "bulletproof hosting" and other services to cybercriminals.
Why This Matters:
The sanctions are a significant step in the ongoing effort to disrupt the cybercrime ecosystem.
The coordinated action by the U.S., UK, and Australia sends a strong message that there will be consequences for those who support malicious cyber activity.
The incident highlights the importance of a comprehensive third-party risk management program that includes due diligence on all vendors and partners.
Executive Actions:
🌍 Review and update your third-party risk management program to include a process for screening vendors and partners against government sanctions lists.
🤝 Engage with your legal and compliance teams to ensure that you are in compliance with all applicable sanctions regulations.
📢 Develop a clear and consistent process for communicating with your vendors and partners about your security expectations.
🛡️ Support international efforts to combat cybercrime by sharing information and best practices with other organizations in your industry.
🔄 Immediately deploy the latest Chrome security update across all devices in your environment.
📦 Review and strengthen security configurations, DLP, and administrative access controls
🧠 Invest in AI-powered security solutions to detect and respond to sophisticated, AI-driven attacks.
📊 Review and enhance your third-party risk management program to ensure that all vendors with access to sensitive data have adequate security controls in place.
📜 Implement and enforce multi-factor authentication (MFA) across all VPN connections and other remote access systems.
💡 Stay vigilant, patch promptly, and remember that in cybersecurity, paranoia isn't a disorder – it's a job requirement. 💡
J.W.
(P.S. Check out our partners! It goes a long way to support this newsletter!)
Proton Mail gives you a clutter-free space to read your newsletters — no tracking, no spam, no tabs.