BMC Daily Cyber News

This is today’s cyber news for November 13th, 2025. You can also subscribe to the newsletter and view the archive of previous headlines at daily cyber dot news.

Microsoft’s latest patch batch carries one especially urgent fix. Attackers in incidents first land through phishing or browser bugs, then climb to full system control by abusing a kernel flaw. That privilege boost lets them disable security tools, install deeper backdoors, and move from a laptop into file servers and cloud consoles. Today, teams face a long list of patches, yet leaving this flaw open means almost any small breach can escalate fast. Quick, well planned rollouts on high value machines stop that chain and keep opportunistic intruders from clobbering entire Windows environments.

Researchers are watching a sly Microsoft 365 credential heist. In this campaign, emails route through services and chained redirects, then park victims on a fake sign in page that looks legitimate. Because portions of the path look routine, many people click without pausing, while the redirection chain piggybacks trusted domains and reputation. Once attackers have the credentials, they log in for real, set stealthy forwarding rules, and mine mailboxes for payment and access opportunities. The pattern matters because it shows how subtle redirects can clobber Microsoft 365 security when sign in policies and monitoring stay permissive.

Researchers report that the DanaBot banking trojan has returned with a new Windows focused variant and rebuilt command servers. This version hides better and steals more. It spreads through malicious email attachments and cracked software installers that lure small businesses and home users into running the loader. Once installed, the malware can intercept online banking sessions, siphon payment details, and pull down additional payloads whenever operators choose. The campaign matters because even a single infected workstation in finance or accounting can quietly redirect funds and expose wider corporate systems.

Security teams are tracking an advanced persistent group that is abusing a WinRAR vulnerability to compromise government agencies across South Asia. The trick hides inside booby trapped archives. Officials receive files that appear routine, yet when opened they exploit a directory traversal bug and plant malicious tools in sensitive folders. Because many ministries still rely on outdated WinRAR versions, the attackers can pry into diplomatic documents and sensitive policy discussions at scale. The story matters because the same tradecraft could target enterprises that keep old compression utilities on desktops far from patch cycles.

GitHub Copilot and Visual Studio are under scrutiny after researchers uncovered flaws that weaken defenses on developer workstations. Small gaps here can ripple outward. In the scenarios described, a malicious extension or poisoned suggestion can slip unsafe code into projects that later ship to customers. Meanwhile, compromised developer machines hold access to source repositories and build systems, letting intruders quietly tamper with the software supply chain. The risk matters because one careless click on a helpful looking tool can hand attackers the keys to your products and infrastructure.

Windows 11 is deepening its embrace of passkeys by working directly with one password and Bitwarden password managers. The aim is smoother, stronger logins. Users can create passkeys inside those tools and sign in to websites and services without typing passwords that attackers phish or reuse. Over time, this change could choke off account takeover attempts by replacing password habits with cryptographic checks tied to devices and biometrics. It matters because many organizations want phishing resistant authentication but need a path that fits current desktops and familiar password management workflows.

Researchers are warning about a travel themed phishing wave that has spun up more than four thousand fake domains. The lures mimic real booking communications. Victims receive emails that spoof airlines or hotel brands, then follow links to cloned pages that skim card numbers and security codes. Because the domains resemble legitimate sites and rotate often, takedown efforts lag while criminals siphon money and personal data from rushed travelers. This campaign matters for companies because staff booking trips on corporate cards or personal accounts may expose finances and itinerary details.

That’s the BareMetalCyber Daily Brief for November 13th, 2025. For more, visit BareMetalCyber dot com. You can also subscribe to the newsletter and view the archive of previous headlines at daily cyber dot news. We’re back tomorrow.