November 11, 2025

Security Briefing: Stay Alert - November 11, 2025

Welcome to your twice-weekly update on the latest cyber threats and simple steps you can take to protect yourself and our company.

🚨 Today's Top Threat: Urgent Patching and Mobile Malware

Threat actors are actively exploiting software flaws and launching new, sophisticated mobile scams. Your immediate attention to software updates is critical.

1. Zero-Day Vulnerability Found in Samsung Devices

• What Happened: A severe "zero-day" vulnerability (a flaw exploited before a fix is available) was recently used by attackers to deploy spyware on Samsung Galaxy phones. The attack was triggered simply by receiving a maliciously crafted image file through an app like WhatsApp, often requiring no user interaction.

• Action for You: If you use a Samsung Galaxy device, check for and install the latest security updates immediately. Even if you don't use a Samsung phone, this incident serves as a reminder to always keep your mobile apps and operating system (iOS or Android) up to date.

2. Beware of New Sophisticated Android Spyware

• What Happened: A new type of Android Remote Access Trojan (RAT) called "Fantasy Hub" is being sold on the dark web. This malware enables attackers to fully take control of a compromised phone, collecting contacts, call logs, images, and, most importantly, intercepting your SMS (text) messages, including two-factor authentication (2FA) codes.

• Action for You:

  • Only Download from Trusted Stores: Avoid downloading any apps from third-party sites or links in text messages. Use only the official Google Play Store or Apple App Store.

  • Review App Permissions: Be suspicious of new apps asking for excessive permissions, especially those related to SMS/messaging or banking.

📧 Phishing Alert: Fake HR & Company Procedure Emails

Phishing remains the #1 threat to our security. Criminals are currently exploiting remote and hybrid work policies, as well as the holiday season, to launch targeted attacks.

Type of Scam:  "Return-to-Office"

What it Looks Like:  Emails that look like they are from HR or IT, urgently asking you to click a link to "confirm work location" or "sign a new WFH policy."

Your Action:  VERIFY! If you receive an urgent email about a policy change, do not click the link. Instead, please open a new browser tab and navigate directly to our company intranet or contact HR/IT via a known internal channel.

Type of Scam:  "Invoice/Payment Change"

What it Looks Like:  Emails that seem to come from a vendor asking to change bank details for an upcoming payment.

Your Action: VERIFY! Always confirm payment changes over the phone or on a known, secure website using a pre-existing, verified number, not the one listed in the suspicious email.  If a phone number for the vendor is not available, open a new browser window and type the vendor's website address (URL), or use a known good bookmark to access the vendor's website and verify the payment information.  Do not use phone numbers or links in the suspicious email.

✅ Quick Security Checklist for Today

1. Check for Updates: Install all available operating system and app updates on your work and personal devices.

2. Verify All Urgency: If an email or message creates a sense of panic or urgency (e.g., "Immediate action required" or "Account disabled"), slow down and verify the sender before clicking anything.

3. Use MFA: Ensure Multi-Factor Authentication (MFA) is active on all your critical accounts (email, VPN, banking). This is the single most effective defense against credential theft.

Need to report a suspicious email or incident? Please report it to the FBI at https://www.ic3.gov/ and delete it from your inbox.