Cybersecurity and email security teams faced a busy week as active exploitation targeted core infrastructure and widely used platforms. Cisco warned of a critical AsyncOS zero-day affecting Secure Email appliances, while SonicWall patched an SMA 100 flaw reportedly chained for root-level takeover. HPE fixed a maximum-severity OneView RCE issue. SoundCloud also confirmed a breach exposing user emails and profile data, alongside outages, VPN blocks, and follow-on disruption.
Cyber incidents this week spanned operating systems, browsers, enterprise platforms, hardware, and developer tooling. Microsoft closed out the year patching 56 Windows flaws and three zero days, while Google rushed an emergency fix for an actively exploited Chrome bug. Fortinet, Ivanti, and SAP shipped critical updates for auth bypass and RCE risks, and new PCIe IDE weaknesses prompted firmware work from Intel and AMD. At the same time, a Gogs zero day and abused GitHub tokens highlighted ongoing threats to software supply chains.
Cyber incidents this week hit emergency alerting, e-commerce, infrastructure, and app stacks. To start with, ransomware against the CodeRED platform disrupted local emergency notifications and exposed clear-text passwords. In another incident, a five-month breach at a major East Asian retailer affected tens of millions of customer accounts. Attackers exploited a command injection bug in Array Networks gateways, an admin takeover flaw in the King Addons WordPress plugin, and the React2Shell RCE vulnerability in React and Next.js.
Cyber incidents this week included ToddyCat deploying new tools to steal email data, Harvard reporting a breach affecting its alumni community, and a vendor compromise at SitusAMC exposing corporate records tied to major banks. Alongside, Asahi confirmed data theft affecting two million individuals, and OpenAI disclosed limited user information exposure linked to a Mixpanel breach. Here are this week’s top headlines.
Logitech Data Breach, Mass Router Hijack, Android Trojan Sturnus – Cybersecurity News [November 17, 2025]
by DuoCircle
Here are this week’s cybersecurity updates, bringing you headlines that made news around the world. Princeton University reported a data breach impacting alumni and donors, and the Clop extortion gang’s activity continued, with Logitech confirming data theft linked to a third-party zero-day.
Cybersecurity headlines this week show a clear picture, and no one seems immune. Hyundai confirmed a data breach that may have exposed millions of Social Security numbers, and Google has gone on the offensive, suing a China-based group accused of running a billion-dollar phishing operation.
This week saw a surge in major cyber incidents worldwide. A ransomware attack crippled Japan’s Askul retail network, Qilin claimed Habib Bank AG Zurich, and Google uncovered AI-powered malware that rewrites its code. Cisco issued urgent fixes for firewall exploits, while Oglethorpe and NMHC disclosed healthcare data breaches.
This week’s cybersecurity highlights include a Chrome zero-day exploited by Memento Labs for spyware attacks, new npm supply chain threats like PhantomRaven and an info-stealer campaign, and active exploitation of DELMIA Apriso and XWiki flaws. Meanwhile, ransomware hit Sedgebrook and Heartland Health Center, exposing patient data and prompting renewed healthcare security concerns.
Cyber threats kept security teams busy this week. A new campaign called PassiveNeuron is spying on government and industry networks across several regions, while the Jingle Thief group is running cloud-based gift card scams.Hackers are also exploiting the SessionReaper bug in Adobe Commerce, and a critical Lanscope flaw has been flagged by CISA. In healthcare, a breach at Conduent exposed personal data from 462,000 Blue Cross Blue Shield members, underscoring how widespread and damaging these attacks have become. Here are the latest updates from this past week.
It’s been a hectic week for enterprise security, with several major companies pushing out critical fixes. F5 admitted that attackers stole its BIG-IP source code, which even triggered a federal emergency directive. Microsoft wasn’t far behind, releasing 183 patches, including three zero-days, just as Windows 10 support was ending, and it had to tighten security on Edge’s IE mode after reports of it being exploited. On top of that, successive flaws struck Oracle’s E-Business Suite, and Cisco devices were hit by a new campaign called Operation Zero Disco that used a zero-day exploit to deploy stealthy Linux rootkits.
We are once again back with fresh news pieces highlighting the important news where major platforms and giant industries have been targeted. To start with, a critical WordPress flaw is being widely exploited to hijack administrator accounts, with over 13,800 attack attempts recorded. SonicWall confirmed that firewall backup files for all cloud backup customers were exposed in a breach, overturning earlier claims of limited impact.
It was a busy week for cybersecurity threats. Hackers exploited a flaw in VMware software, giving them full control over virtual machines. At the same time, Microsoft flagged a phishing campaign that used AI written code in fake file sharing emails to trick victims. A new Android Trojan, Datzbro, also spread through fake senior community apps, letting criminals take over phones. To top it off, the Confucius group launched fresh phishing attacks, and researchers found a malicious Python package that secretly installed backdoors on Windows systems.
This week saw a wave of cyber incidents across critical sectors. A stealthy campaign used the BRICKSTORM backdoor to hide inside networks for over a year, while a flaw in Pandoc was exploited in attempts to steal AWS credentials. Libraesva patched a bug in its Email Security Gateway that attackers are already abusing. Airports across Europe faced massive disruptions after a ransomware attack, and researchers flagged ShadowV2, a new Docker-targeting botnet offering DDoS-for-hire services.
Cyber incidents this week underline just how disruptive attacks have become. One of the country’s biggest carmakers has kept its production lines shut, losing around 1,000 vehicles a day while work continues to restore systems. Investigators also uncovered a vast ad-fraud scheme that ran across 224 apps with 38 million downloads, generating more than two billion fake ad requests daily. Alongside that, a worm-like breach spread through hundreds of npm packages, while poisoned search results and phishing emails delivered remote-access malware to new victims.
This week’s cyber reports reveal escalating threats on trusted platforms. A significant phishing attack on npm spread malware to millions, while a compromise of Salesloft’s GitHub account impacted the Drift application. Researchers also uncovered a malvertising campaign using fake GitHub commits and detailed the stealthy EggStreme framework, highlighting how attackers are exploiting familiar workflows with increasing sophistication and success.
This week brought a wave of innovative and large-scale cyberattacks. Scammers abused social media ads with AI features to push harmful links, with hundreds of accounts posting thousands of scams. More than 100 compromised government email accounts were used in a global phishing campaign against embassies and international organisations. At least 65 servers were hijacked to manipulate Google search rankings, while new backdoors turned email into a data theft tool. Attackers also exploited a Microsoft-signed driver to shut down security defences and install malware. These incidents highlight how quickly trusted platforms and tools can be weaponized, emphasizing the critical need for robust email security measures.
Cybersecurity threats are on the rise again this week. Hybrid cloud ransomware attacks are becoming more and more frequent. Intruders are now stealing vast amounts of data and wiping out backups without even using traditional malware. Also, government networks in Asia have been targeted in long-running data theft campaigns. On top of all that, a global wave of phishing is hitting people with new malware delivered through fake voicemails and purchase orders. In South Asia, some skilled attackers are expanding their threat space to target Linux systems. And if that’s not enough, a massive healthcare data breach has exposed the personal details of more than 600,000 individuals.
Cybersecurity threats continue to escalate this week. Apple issued its seventh zero-day fix of 2025 after reports of active exploitation. Hackers are abusing a two-year-old Apache flaw to install hidden back doors that patch themselves to evade detection. A phishing campaign is spreading malware against enterprises worldwide. Authorities renewed sanctions on crypto exchanges that moved over $100 million for ransomware groups and froze another $300 million tied to fraud. At the same time, another malware is exploiting Windows flaws to infiltrate multiple industries.
Cybersecurity incidents this week include Google completing notifications for a Salesforce breach linked to ShinyHunters, and the discovery of Charon ransomware targeting the Middle East public and aviation sectors with APT-style tactics. Researchers exposed new 2TETRA:2BURST flaws in critical TETRA radio systems, while a WinRAR zero-day was exploited by Paper Werewolf and RomCom groups. The GreedyBear campaign stole over $1 million via malicious browser extensions, alongside an Ethereum trading bot scam using AI-generated YouTube videos to drain wallets of nearly $900,000. Let’s dissect each news in brief!
Recent cybersecurity incidents underscore growing threats everywhere in healthcare, cloud services, and mobile platforms. A ransomware attack compromised over 113,500 patient records at a cancer centre; meanwhile, critical flaws in AI servers and enterprise security systems exposed risks of credential stealing and remote code execution. Alongside, fake VPN apps on official stores tricked users into fraudulent subscriptions, and a cloud container vulnerability allowed malicious actors to avoid isolation controls. These cases point to the need for prompt patching, stricter access controls, and user vigilance against growing cyber threats.
![Cisco AsyncOS Exploited, SonicWall SMA Fix, HPE OneView Patched – Cybersecurity News [December 15, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-tester-3450.jpg)
![Microsoft 2025 Fixes, Chrome Zero-Day, Enterprise Security Flaws – Cybersecurity News [December 08, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-3456.jpg)
![React2Shell RCE Threat, CodeRED Alert Disruption, Coupang Data Breach – Cybersecurity News [December 01, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-generator-4560.jpg)
![ToddyCat APT Evolving, Harvard Breach Reported, SitusAMC Vendor Breach– Cybersecurity News [November 24, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-validator-5634.jpg)
![Logitech Data Breach, Mass Router Hijack, Android Trojan Sturnus – Cybersecurity News [November 17, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/hosted-email-server-4002.jpg)
![Hyundai Leak Exposed, International Malware Bust, Lighthouse Phishing Lawsuit – Cybersecurity News [November 10, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-check-3501.jpg)
![Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware – Cybersecurity News [November 03, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-5602.jpg)
![Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities – Cybersecurity News [October 27, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-tester-6780.jpg)
![Silent PassiveNeuron Attacks, Jingle Thief Fraud, SessionReaper Adobe Exploit – Cybersecurity News [October 20, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/spf-validator-7800.jpg)
![F5 Breach Response, Windows 10 Patch, Oracle Security Flaws – Cybersecurity News [October 13, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/dkim-validation-5602.jpg)
![Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft – Cybersecurity News [October 06, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/sendgrid-alternative-4502.jpg)
![VMware Exploit Attacks, AI Phishing Alert, Android Trojan Hijack – Cybersecurity News [September 29, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/email-smtp-service-8041.jpg)
![Ransomware Disrupts Airports, BRICKSTORM Backdoor Intrusions, Pandoc Flaw Exploited – Cybersecurity News [September 22, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dkim-validation-5601.jpg)
![JLR Cyber Shutdown, SlopAds App Fraud, Worm Hits npm – Cybersecurity News [September 15, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-permerror-0009.jpg)
![Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick – Cybersecurity News [September 08, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-record-generator-6703.jpg)
![AI Spreads Malware, Diplomats Phished Globally, GhostRedirector Exploits Servers – Cybersecurity News [September 01, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/sender-policy-framework-5670.jpg)
![Ransomware Hits Hybrid, Data Theft Campaigns, Phishing Targets Companies – Cybersecurity News [August 25, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dmarc-reporting-service-3456.jpg)
![Apple Patches ImageIO, Hackers Exploit Apache, Noodlophile Targets Firms – Cybersecurity News [August 18, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/What-is-a-dmarc-5601.jpg)
![Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws – Cybersecurity News [August 11, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/spf-record-tester-5670.jpg)
![Patient Data Breach, Hackers Exploit AI, Code Execution Bug – Cybersecurity News [August 04, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/dmarc-generator-8901.jpg)