Post

Infosec Reading List - November 2025

Posted
Preview Image
By Dominik Birk
4 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • 5 AI-developed malware families analyzed by Google fail to work and are easily detected - Like the other four samples Google analyzed—FruitShell, PromptFlux, PromptSteal, and QuietVault—PromptLock was easy to detect, even by less-sophisticated endpoint protections that rely on static signatures. - I guess we can leave the AI malware hype where it is and continue with doing proper infosec work - let’s see where this topic will lead to - [link]
  • Ransomware in SMBs: Top 5 Missing or Incomplete Controls That Could Help Prevent or Cripple Attackers - The top missing and/or incomplete controls that could help prevent these attacks, or even cripple attackers hard enough to give defenders enough time to detect them (assuming you’re not missing #5 in the list) have, in my opinion, nothing to do with AI and/or whatever kind of security solutions some overhyped vendor tries to sell you. - [link]
  • Microsoft: Critical GoAnywhere bug exploited in ransomware attacks - “For initial access, the threat actor exploited the then-zero-day deserialization vulnerability in GoAnywhere MFT. To maintain persistence, they abused remote monitoring and management (RMM) tools, specifically SimpleHelp and MeshAgent.” - [link]
  • NTP Security - The internet’s last major UDP-only service - There are multiple techniques to NTP scanning, but here we consider only responses to a special “mode 7” request commonly referred to as “GET_MONLIST.” This is the special management query used by the reference NTP implementation. If available and permitted, the NTP server will respond with a list of client systems it has communicated with, stored in a local cache. - interesting - [link]
  • Mullvad VPN presents And Then? - [link]
  • China’s ‘autonomous’ AI-powered hacking campaign still required a ton of human work - However, Klein also made it clear that “most autonomous” is a relative term. There is plenty of evidence to indicate this hacking group devoted significant human and technical resources into the way it used Claude. - We knew this was going to happen, but what’s astonishing to me is … if I’m a Chinese state-sponsored actor and I do want to use AI models with agentic capabilities to do autonomous hacking, I probably would not go to Claude to do that,” Saade noted. “I would probably build something in-house and under the hood. So they did want to be seen.” - interesting times we live in - [link]
  • Inside a Messy Ransomware Negotiation: When Negotiators Change and Hackers Send the Wrong Decryptor - “Our IT guys say… it does not decrypt. The files stay with the .akira extension. Could it be that by mistake you sent an ENCRYPTOR and not a DECRYPTOR?” - [link]
  • What organisations can learn from the record breaking fine over Capita’s ransomware incident - [link]
  • Someone Is Trying to ‘Hack’ People Through Apple Podcasts - [link]
  • anthropic’s paper smells like bullshit - [link]
  • How the classic anime ‘Ghost in the Shell’ predicted the future of cybersecurity 30 years ago - [link]
  • Hitchhiker’s Guide to Attack Surface Management - [link]
  • Operation WrtHug, The Global Espionage Campaign Hiding in Your Home Router - focus on Asus routers, primarily EOL, using known CVEs - [link]
  • 5 Strategies to Learn Better with AI (and Traps to Avoid) - you don’t learn ideas deeply by skimming them. It’s only by reading a book in full that you can truly learn and understand the examples, knowledge base and authorial perspective that allows you to use that information to reason about other things. - [link]
  • Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem) - Iterating through JSONFormatter and CodeBeautify, we captured a dataset of 80,000+ saved pieces of JSON - and then parsed this dataset (using internal apparatus) to identify secrets, credentials, keys, and other types of data with acronyms beginning with P (such as PII). - [link]
  • IBM CEO says there is ‘no way’ spending trillions on AI data centers will pay off at today’s infrastructure costs - Krishna clarified that he wasn’t convinced that the current set of technologies would get us to AGI, a yet to be reached technological breakthrough generally agreed to be when AI is capable of completing complex tasks better than humans. He pegged the chances of achieving it without a further technological breakthrough at 0-1%. - [link]
  • Cyber Brief 25-12 - November 2025 - [link]
  • Microsoft has a problem: nobody wants to buy or use its shoddy AI products — as Google’s AI growth begins to outpace Copilot products - [link]
infosec readinglist
This post is licensed under CC BY 4.0 by the author.