This is today’s cyber news for November 11th, 2025. We open with a federal push to patch a Samsung zero-day powering stealth phone spyware, then move to a North Korea–linked abuse of Google’s device-finding features as a remote kill switch. Developer ecosystems are in focus as booby-trapped Visual Studio Code extensions siphon secrets, while a breach at Knownsec exposes state-grade tools and target lists. Rounding out the first half, a turnkey kit reroutes victims to steal Microsoft 365 logins and tokens, underscoring how cheaply mass account takeover still happens in busy enterprises.
In the back half, we cover a fresh attack variant that crashes unpatched Cisco firewalls, a tiny JavaScript parser flaw that enables remote code execution, and NuGet “time-bombs” designed to detonate well after deployment. We then detail unsafe deserialization in LangGraph that lets attackers hijack AI pipelines on load, and a Monsta FTP bug that left thousands of servers open to takeover. Leaders, defenders, and builders get plain-English impact, who is most exposed, and practical signals to watch—available at DailyCyber.news.
