Microsoft cuts cloud services to Israeli military unit over Palestinian surveillance

Microsoft has cut off the Israel Ministry of Defense’s access to some of its tech and services after an internal investigation found the organization appeared to be using its tech to store surveillance data on phone calls made by Palestinians. The tech giant announced on Thursday that it made the decision to “cease and disable” certain subscriptions from the Israeli military. This affects subscriptions to Azure cloud storage and certain AI services.

RedNovember Targets Government, Defense, and Technology Organizations

In July 2024, Insikt Group publicly reported on TAG-100, a threat activity group conducting suspected cyber-espionage activity targeting high-profile government, intergovernmental, and private sector organizations globally using the open-source, multi-platform Go backdoor Pantegana. At the time, we did not attribute this activity to a particular country; however, after reviewing all available evidence, we assess that TAG-100 is highly likely a Chinese state-sponsored threat activity group. Accordingly, Insikt Group now tracks this group under the designation RedNovember.

As many as 2 million Cisco devices affected by actively exploited 0-day

As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can remotely crash or execute code on vulnerable systems. Cisco said Wednesday that the vulnerability, tracked as CVE-2025-20352, was present in all supported versions of Cisco IOS and Cisco IOS XE, the operating system that powers a wide variety of the company’s networking devices. The vulnerability can be exploited by low-privileged users to create a denial-of-service attack or by higher-privileged users to execute code that runs with unfettered root privileges. It carries a severity rating of 7.7 out of a possible 10.

Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

A viral app called Neon, which offers to record your phone calls and pay you for the audio so it can sell that data to AI companies, has rapidly risen to the ranks of the top-five free iPhone apps since its launch last week. The app already has thousands of users and was downloaded 75,000 times yesterday alone, according to app intelligence provider Appfigures. Neon pitches itself as a way for users to make money by providing call recordings that help train, improve, and test AI models.

GitHub notifications abused to impersonate Y Combinator for crypto theft

A massive phishing campaign targeted GitHub users with cryptocurrency drainers, delivered via fake invitations to the Y Combinator (YC) W2026 program. Y Combinator is a startup accelerator that funds and mentors projects in their early stages, and connects founders with a network of alumni and venture capital firms. The attacker abused GitHub’s notification system to deliver the fraudulent messages, by creating issues across multiple repositories and tagging targeted users.

A malicious MCP server is silently stealing user emails

Security researchers have issued a warning after discovering the first malicious Model Context Protocol (MCP) server in the wild. MCP servers are widely used to allow AI agents to handle emails and run database queries, which means giving them access to all email traffic, according to Koi Security. Postmark MCP Server is downloaded 1,500 times per week, and has been integrated into hundreds of developer workflows. However, since version 1.0.16 was released, Koi said it’s been copying every single email – including invoices, internal memos, and confidential documents – to the developer’s personal server.