In partnership with

THIS WEEK IN CYBER MONDAY 🔒

Nov 24 - Dec 1, 2025 | Top 5 Weekly Highlights

1. 🪱 Sha1-Hulud Worm Strikes Again With Destructive Upgrade

A dangerous computer worm infected hundreds of JavaScript code libraries that developers rely on to build software.

What happened: Security researchers discovered a massive attack on npm, a registry where developers download code libraries. Between November 21-23, hackers infected over 800 packages with malware called Sha1-Hulud.

What's new: This version is meaner. Before, it would try to steal your passwords and secrets. Now, if it can't steal anything, it just deletes your files instead. Total destruction mode.

Who got hit: Big tools like Zapier and ENS Domains had their packages compromised. If you're a developer using JavaScript, your projects might be infected right now.

Why this matters: Hackers aren't just stealing anymore. Now they're willing to destroy everything just to cause maximum damage.

READ MORE >

❓Thinking about creating Tech content on YouTube? Check this out 👉

Effortless Tutorial Video Creation with Guidde

Transform your team’s static training materials into dynamic, engaging video guides with Guidde.

Here’s what you’ll love about Guidde:

1️⃣ Easy to Create: Turn PDFs or manuals into stunning video tutorials with a single click.
2️⃣ Easy to Update: Update video content in seconds to keep your training materials relevant.
3️⃣ Easy to Localize: Generate multilingual guides to ensure accessibility for global teams.

Empower your teammates with interactive learning.

And the best part? The browser extension is 100% free.

Check out Guidde

2. 🤖 Chinese AI Writes Buggier Code When You Mention Tibet

Researchers found that a Chinese AI program creates more security flaws when you ask it about topics China's government doesn't like.

The research: CrowdStrike tested DeepSeek, a popular Chinese AI coding assistant. When they gave it normal requests, the code had bugs 19% of the time. But when they mentioned Tibet, Uyghurs, or Falun Gong in their requests, the code had bugs 27% of the time.

What's happening: China requires its AI programs to follow government rules about sensitive topics. The AI learned to react negatively to certain words, and now it accidentally writes worse code when those words show up.

The response: Australia, South Korea, and Taiwan have already banned people from using DeepSeek. The US is considering doing the same.

Bottom line: When AI has political restrictions built in, it can create unexpected security problems.

READ MORE >

3. 🔐 CrowdStrike Fires Insider Leaking to Hackers

CrowdStrike, one of the world's biggest cybersecurity companies, caught their own employee giving secrets to hackers.

What happened: An employee was secretly sharing screenshots of CrowdStrike's internal systems with a hacking group called Scattered Lapsus$ Hunters. CrowdStrike found out when those screenshots appeared on the hackers' Telegram chat.

The bigger picture: The same hacking group broke into Salesforce earlier this year by attacking a company called Gainsight. That attack affected over 200 companies. On November 21, Gainsight revealed even more customers were affected than they first thought.

Why this matters: Even companies that specialize in security can have employees who betray them. The best security tools in the world don't help if someone on the inside is working against you.

READ MORE >

4. 🌐 Fluent Bit Vulnerabilities Threaten Cloud Infrastructure

Researchers found five serious security flaws in a tool that millions of cloud servers use every day.

What happened: Fluent Bit is a widely-used log collection tool that runs on millions of cloud servers. Security researchers discovered five flaws that hackers could chain together to take complete control of these systems.

The danger: Hackers could use these flaws to break into cloud servers without needing any passwords or login credentials. They'd have full control.

What to do: If your company uses Fluent Bit, update it immediately. This is critical infrastructure that needs to be fixed now.

READ MORE >

5. 💀 Qilin Ransomware Hits South Korea Through MSP Attack

Hackers broke into one tech company and used that access to attack 28 financial institutions in South Korea.

What happened: The hackers targeted a Managed Service Provider (MSP). That's a company that manages IT systems for other businesses. Once they broke into the MSP, they deployed Qilin ransomware to 28 different South Korean organizations, mostly banks and financial companies.

How it works: When you hire an MSP, you give them trusted access to your systems. Hackers broke into the MSP first, then used that trusted access to attack everyone the MSP worked with. One break-in, dozens of victims.

Why this matters: Qilin has been responsible for 29% of all ransomware attacks globally in 2025. And this attack shows that trusting the wrong outside company can get you hacked, even if your own security is solid.

READ MORE >

🎯 THE TAKEAWAY

This week in one line each:

• The npm worm came back with destroy mode—if it can't steal your data, it deletes everything

• Chinese AI writes buggier code about sensitive topics—political controls create security holes

• CrowdStrike caught an employee leaking secrets to hackers—insider threats hit everyone

• Fluent Bit flaws let hackers control cloud servers—patch this immediately

• One hacked MSP led to 28 South Korean companies getting ransomware—your vendors are your risk

Stay informed, stay secure. See you next week.