Hyundai Leak Exposed, International Malware Bust, Lighthouse Phishing Lawsuit – Cybersecurity News [November 10, 2025]

Cybersecurity headlines this week show a clear picture, and no one seems immune. Hyundai confirmed a data breach that may have exposed millions of Social Security numbers, and Google has gone on the offensive, suing a China-based group accused of running a billion-dollar phishing operation.

Meanwhile, a new WhatsApp malware named Maverick is spreading fast in Brazil, and GlobalLogic has alerted thousands of employees after hackers exploited an Oracle vulnerability. Europol also led a major global sweep, taking down over 1,000 servers linked to powerful malware networks.

Here’s a quick roundup of this week’s biggest cyber incidents and what you can do to stay a step ahead.

Hyundai Data Leak May Have Compromised 2.7 Million Social Security Numbers

Hyundai is warning millions of customers across North America about a major data breach that exposed Social Security numbers and driver’s license details.

The incident was discovered back in early March but was disclosed this week, marking the car giant’s third major cybersecurity lapse in three years. They shared how hackers infiltrated the systems of Hyundai AutoEver America (HAEA) sometime between February 22 and March 2, gaining unrestricted access for nine days. Once the intrusion was detected, Hyundai says it removed the attackers and launched a forensic investigation, which took months to complete. Letters are now being sent to affected individuals, but the enterprise hasn’t specified the exact number of victims. It is worth noting that the HAEA’s systems connect to 2.7 million vehicles, which could mean that the data of that many is at risk. The stolen data includes full names, Social Security numbers, and driver’s license information.

Customers are urged to monitor credit reports, enable fraud alerts, and take advantage of free credit monitoring if notified.

International Crackdown Takes Down 1,000 Malware Servers: Rhadamanthys, VenomRAT, and Elysium

Law enforcement from nine countries has dismantled over 1,000 servers linked to the Rhadamanthys infostealer, VenomRAT, and Elysium botnet networks.

The coordinated effort was part of Operation Endgame, led by Europol and Eurojust with crucial support from cybersecurity enterprises like CrowdStrike, Proofpoint, Bitdefender, Lumen, and HaveIBeenPwned. Between 10 and 13 of this month, investigators searched 11 sites across Germany, Greece, and the Netherlands, seizing 20 domains and taking down 1,025 servers. Europol reported that the disrupted infrastructure consisted of hundreds of thousands of compromised computers and millions of stolen credentials, including access to over 100,000 crypto wallets potentially worth millions of euros. Plus, Lumen’s Black Lotus Labs noted that Rhadamanthys’ network had surged sharply since October 2025, with many command servers still undetected by VirusTotal at the time of the operation.

This is a big win, but it’s best to follow the official advice and verify whether your devices were affected by visiting politie.nl/checkyourhack or haveibeenpwned.com, and to update security software to protect against ongoing cyber threats.

Google Files Lawsuit Against China-Based Hackers Running $1 Billion ‘Lighthouse’ Phishing Scheme

Google has filed a lawsuit in the U.S. District Court for the Southern District of New York against a group of China-based hackers accused of running a massive Phishing-as-a-Service (PhaaS) operation that has defrauded over one million people across 120 countries.

According to Google, Lighthouse PhaaS operation enabled large-scale SMS phishing attacks using fake messages from trusted brands like E-ZPass and USPS to trick victims into revealing financial details. The platform’s reach and sophistication helped it generate more than $1 billion over three years. Google’s General Counsel, Halimah DeLaine Prado, said the hackers misused Google’s trademarks on at least 107 fake login pages designed to look authentic. And the lawsuit seeks to dismantle the operation under multiple U.S. laws, including the RICO Act and the Computer Fraud and Abuse Act. Investigations link Lighthouse to a wider network of Chinese cybercrime groups like Darcula and Lucid that are responsible for distributing thousands of smishing messages and creating over 17,500 phishing domains, too.

What can you do? It’s best to remain cautious of unsolicited texts, verify website addresses, and use multi-factor authentication to guard against phishing attacks.

New WhatsApp Malware ‘Maverick’ Hijacks Browser Sessions to Target Brazil’s Leading Banks

Security researchers have found a new malware strain named Maverick spreading through WhatsApp Web. It’s being used to attack major banks in Brazil.

Experts say Maverick is very similar to an older threat called Coyote, suggesting both may come from the same criminal group. Reports from CyberProof, Trend Micro, and Kaspersky link the malware to a hacker group known as Water Saci. The infection starts when victims receive a ZIP file through WhatsApp Web. Once opened, the file runs a Windows shortcut that launches PowerShell commands. These commands disable antivirus protection and download several malicious components, including Maverick itself.

After installation, the malware monitors browser activity for banking websites and can display fake login pages to steal passwords. It only activates on computers set to Brazil by checking the system region, language, and time. Researchers also discovered that Maverick works with another tool called SORVEPOTEL. Together, they use ChromeDriver and Selenium to automate WhatsApp sessions, taking over accounts to send infected ZIP files to contacts while pretending to be a “WhatsApp Automation” feature.

An easy way to stay protected is to avoid opening ZIP files sent over WhatsApp, keep your antivirus up to date, and regularly install software updates.

GlobalLogic Alerts 10,000 Employees to Possible Data Theft Linked to Oracle Breach

GlobalLogic, a digital engineering organization owned by Hitachi, has warned more than 10,000 current and former employees about a data breach involving Oracle’s E-Business Suite (EBS).

According to a report filed with the Maine Attorney General, the attack began around July 10, 2025, and data theft was confirmed on October 9. The stolen details include names, contact information, birth dates, nationalities, passport and tax IDs, salary information, and bank account numbers. GlobalLogic said the breach was limited to its Oracle systems and did not affect other parts of its network. The organization also noted that several other Oracle customers were targeted. Investigators believe the incident is tied to the Clop ransomware group, which has been exploiting a critical Oracle EBS flaw (CVE-2025-61882). Clop has already leaked data from organizations such as Harvard University, Envoy Air, and The Washington Post.

GlobalLogic has not yet appeared on the group’s leak site, possibly indicating negotiations are still ongoing. The organization advised affected employees to keep a close watch on their bank and credit reports while authorities continue investigating the broader Oracle-related attacks.