Major Incidents or Breaches

• SitusAMC, a major real-estate finance services provider, disclosed a data breach impacting customer data.
• Harvard University reported a compromise of its Alumni Affairs and Development systems via a voice phishing attack, resulting in exposure of personal data of students, alumni, donors, and staff.
• Delta Dental of Virginia suffered a breach affecting 146,000 individuals, with names, Social Security numbers, ID numbers, and health information stolen from a compromised email account.
• Spanish airline Iberia notified customers of a data breach following claims of 77GB of stolen data.
• Multiple organisations, including Canon, Cox, and Mazda, have been named as victims in the Oracle E-Business Suite (EBS) extortion campaign, with Cox confirming over 1.6 TB of data was stolen and Canon confirming subsidiary impact. Mazda reported no data leakage or operational impact.
• Illegal streaming devices (e.g., Superbox, modded Amazon Fire TV Sticks) have been implicated in widespread scams, data theft, and integration into botnets.
• Russian-linked threat actors are distributing StealC V2 infostealer malware via malicious Blender 3D model files uploaded to online marketplaces.
• CISA issued a warning about active spyware campaigns targeting high-value Signal and WhatsApp users, leveraging commercial spyware and remote access trojans (RATs).

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Iberia has disclosed a customer data leak resulting from a security breach at a third-party supplier. The airline is notifying affected customers. The incident follows a threat actor’s claim of possessing Iberia customer data on a hacking forum.

Newly Discovered Vulnerabilities

• Wireshark version 4.6.1 has been released, addressing two vulnerabilities and resolving 20 bugs in the network protocol analyzer.

Notable Threat Actor Activity

• A threat actor has claimed responsibility for the compromise of Iberia customer data, posting about the breach on a hacking forum prior to the airline’s disclosure.

Trends, Tools, or Tactics of Interest

Major Incidents or Breaches

• Cox Enterprises has disclosed a data breach involving its Oracle E-Business Suite. Attackers exploited a zero-day vulnerability to gain access to the company network, exposing personal data of impacted individuals.
• Researchers exploited a flaw in WhatsApp’s contact-discovery API, which lacked rate limiting, to scrape 3.5 billion mobile phone numbers and associated personal information.

Newly Discovered Vulnerabilities

• A zero-day vulnerability in Oracle E-Business Suite was exploited in the breach of Cox Enterprises, allowing attackers to access sensitive data.
• WhatsApp’s API was found to lack adequate rate limiting, enabling large-scale enumeration and scraping of user data.

Notable Threat Actor Activity

Major Incidents or Breaches

• Salesforce Customers Breached via Gainsight Integrations: Threat actors affiliated with the ShinyHunters extortion group used third-party Gainsight applications to steal data from Salesforce instances, repeating tactics seen in previous attacks earlier in the year.
• CrowdStrike Insider Incident: An insider at CrowdStrike leaked internal system screenshots to hackers, with the material subsequently appearing on Telegram via the Scattered Lapsus$ Hunters threat group.
• Transport for London Breach: Two British teenagers, allegedly linked to the Scattered Spider group, pleaded not guilty to charges related to the August 2024 breach of Transport for London, which caused significant financial and data exposure impacts.
• WEL Companies Data Breach: A data breach at WEL Companies affected 120,000 individuals.
• Cloudflare Outage: A recent Cloudflare outage highlighted the widespread impact a failure at a major provider can have on the global digital economy.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Salesforce reported unauthorized data access via Gainsight-linked OAuth activity, resulting in revoked refresh tokens and an ongoing investigation into possible customer data theft.
• Italy’s national railway operator, FS Italiane Group, suffered a data breach after its IT services provider, Almaviva, was compromised. A threat actor claims to have stolen 2.3TB of data.
• CTM360 exposed a global WhatsApp hijacking campaign (“HackOnChat”) leveraging deceptive authentication portals and impersonation pages to compromise accounts.
• Over 50,000 Asus routers were compromised in “Operation WrtHug,” attributed to a Chinese threat actor exploiting known vulnerabilities in discontinued devices.
• A vulnerability, now patched, previously allowed scraping of up to 3.5 billion WhatsApp accounts.
• Researchers reported that some budget Samsung phones were shipped with unremovable spyware (“AppCloud”) in certain regions.
• A TV streaming piracy platform, Photocall, with 26 million annual users, was shut down following an investigation by ACE and DAZN.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Tens of thousands of outdated or end-of-life ASUS routers have been compromised globally in “Operation WrtHug,” exploiting six vulnerabilities to create a large botnet, with most affected devices located in Taiwan, the U.S., and Russia.
• Cloudflare experienced a major outage, its worst in six years, caused by an internal database access control change, resulting in widespread service disruption for nearly six hours.
• A 45-year-old California man pleaded guilty to laundering $25 million in cryptocurrency stolen from a $230 million heist.
• The U.S., UK, and Australia have sanctioned Russian bulletproof hosting provider Media Land for supporting ransomware gangs and other cybercrime operations.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• The Pennsylvania Attorney General’s office confirmed a data breach following a ransomware attack by the Inc Ransom group, which claims to have stolen several terabytes of data.
• Princeton University disclosed a data breach affecting alumni, donors, faculty, students, and parents, with hackers accessing a database containing personal information.
• Eurofiber France suffered a breach where a threat actor exploited a vulnerability, exfiltrated data, and attempted extortion.
• French social security agency Pajemploi reported a data breach potentially exposing the personal information of 1.2 million individuals.
• DoorDash disclosed a data breach involving theft of customer names and addresses.
• A simple flaw in WhatsApp’s contact discovery tool exposed up to 3.5 billion phone numbers, along with profile photos and other data, by allowing mass enumeration.
• Cloudflare experienced a global outage affecting multiple major online services, though it was confirmed not to be caused by a cyberattack.

Newly Discovered Vulnerabilities

Major Incidents or Breaches

• Eurofiber France disclosed a data breach after hackers exploited a vulnerability in its ticket management system, resulting in exfiltration of customer information. The breach was discovered after the attacker attempted to sell the data.
• Princeton University reported a data breach on 10 November 2025, exposing personal information of alumni, donors, faculty, and students.
• DoorDash confirmed a data breach involving compromise of names, addresses, email addresses, and phone numbers after an employee was targeted in a social engineering attack.
• The Pennsylvania Attorney General’s office confirmed a data breach following an August 2025 ransomware attack by the INC Ransom group, with personal and medical information stolen.
• Logitech confirmed a data breach after being listed by the Cl0p ransomware group. The incident is linked to the Oracle E-Business Suite exploitation.
• Dutch police seized approximately 250 servers used by a bulletproof hosting service that provided infrastructure for cybercriminals.

Newly Discovered Vulnerabilities

Newly Discovered Vulnerabilities

• Microsoft released security updates addressing more than 60 vulnerabilities in Windows and supported software as part of November 2025 Patch Tuesday. The update includes at least one zero-day vulnerability that is actively being exploited.

Trends, Tools, or Tactics of Interest

• Google reported that the adoption of the Rust programming language in Android has reduced memory safety vulnerabilities to below 20% for the first time.
• Google announced it will begin flagging Android apps on the Play Store with excessive background battery usage, targeting apps with high battery drain for further action.
• mcp-scan, a new tool for real-time guardrail monitoring and dynamic proxying of MCP servers, has been released, offering capabilities for traffic inspection and enforcement for agents and tools.

Major Incidents or Breaches

• Jaguar Land Rover reported that the financial impact of a recent cyberattack reached £196 million ($220 million) for the July–September quarter.

Newly Discovered Vulnerabilities

• FortiWeb CVE-2025-64446: Exploit attempts for this vulnerability have been detected in honeypots, indicating active targeting in the wild.
• XWiki Critical Flaw: The RondoDox botnet is exploiting an unpatched critical vulnerability in XWiki instances, enabling arbitrary code execution and expanding its botnet footprint.

Notable Threat Actor Activity