{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"BMC Daily Cyber News","title":"Daily Cyber News – November 11th, 2025","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/d38ac422\"></iframe>","width":"100%","height":180,"duration":434,"description":"This is today’s cyber news for November 11th, 2025. We open with a federal push to patch a Samsung zero-day powering stealth phone spyware, then move to a North Korea–linked abuse of Google’s device-finding features as a remote kill switch. Developer ecosystems are in focus as booby-trapped Visual Studio Code extensions siphon secrets, while a breach at Knownsec exposes state-grade tools and target lists. Rounding out the first half, a turnkey kit reroutes victims to steal Microsoft 365 logins and tokens, underscoring how cheaply mass account takeover still happens in busy enterprises.In the back half, we cover a fresh attack variant that crashes unpatched Cisco firewalls, a tiny JavaScript parser flaw that enables remote code execution, and NuGet “time-bombs” designed to detonate well after deployment. We then detail unsafe deserialization in LangGraph that lets attackers hijack AI pipelines on load, and a Monsta FTP bug that left thousands of servers open to takeover. Leaders, defenders, and builders get plain-English impact, who is most exposed, and practical signals to watch—available at DailyCyber.news.","thumbnail_url":"https://img.transistorcdn.com/ztVAazvsFi_NkDzeczJmr6VfZy9Dch1_T742fH8_Zd4/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8wNzA5/NzI0YjZhNmM2MjYy/ZGJmNjMzNWJlMGQ0/ZjJhZS5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}