Cyber Security Headlines Google's remote-wipe weapon, Qilin ransomware activity surges, GootLoader is back
8 snips
Nov 12, 2025 Discover how a North Korean group exploited Google Find My Device for remote wipes in South Korea. Qilin ransomware is on the rise, using new tactics for extortion via Telegram. The return of GootLoader showcases its sneaky methods, hiding malware in web fonts. Also, learn about the critical patches released by SAP to address severe vulnerabilities. Lastly, Google announces a private AI compute cloud to enhance data privacy, while a local cybersecurity meetup is on the horizon!
AI Snips
Chapters
Transcript
Episode notes
Cloud Tools Used To Erase Evidence
- North Korean group Connie used Google Find My Device to remotely factory-reset target phones and erase evidence.
- Attackers stole Google credentials via phishing and timed attacks using GPS and Kakao Talk propagation.
Qilin Targets SMBs With Double-Extortion
- Qilin ransomware activity surged, targeting SMBs in construction, healthcare, and finance.
- SRM found 88% of cases involved both data theft and encryption and extortion via Telegram and WikiLeaks V2.
Gootloader Hides Malware In Web Fonts
- Gootloader resurfaced, hiding malicious zip files behind custom Woof2 web fonts on compromised WordPress sites.
- Infections have led to domain controller compromises within 17 hours and deploy a persistent backdoor.