Last week was replete with unfortunate phishing mishaps. Here are the top cyber incidents that we have covered for you to keep you updated. While Amazon, the e-commerce giant, is being targeted by phishing actors, left, right, and center, LinkedIn is also becoming a popular playground for cybercrooks. The crypto community is already in shock because of the Ledger customer data breach incident. Meanwhile, a highly sophisticated campaign is targeting the user credentials by impersonating Google Support.
This week’s cybersecurity news highlights how trust-based digital systems continue to be exploited across crypto platforms, browser ecosystems, and online marketplaces. Trust Wallet disclosed a major supply-chain attack that led to millions in stolen crypto, while researchers uncovered a long-running browser extension campaign tied to corporate espionage.
Cyber incidents this week ranged from large-scale scraping to high-impact software and supply chain risks. An activist group claims to have scraped tens of millions of tracks from a major streaming platform, raising fresh copyright concerns. Separately, a critical n8n flaw could allow code execution on exposed instances. Other reports covered a notarized macOS stealer campaign, a GitLab breach impacting a car maker’s customers, and malicious Chrome extensions abusing proxy access to steal credentials.
Cybersecurity and email security teams faced a busy week as active exploitation targeted core infrastructure and widely used platforms. Cisco warned of a critical AsyncOS zero-day affecting Secure Email appliances, while SonicWall patched an SMA 100 flaw reportedly chained for root-level takeover. HPE fixed a maximum-severity OneView RCE issue. SoundCloud also confirmed a breach exposing user emails and profile data, alongside outages, VPN blocks, and follow-on disruption.
Cyber incidents this week spanned operating systems, browsers, enterprise platforms, hardware, and developer tooling. Microsoft closed out the year patching 56 Windows flaws and three zero days, while Google rushed an emergency fix for an actively exploited Chrome bug. Fortinet, Ivanti, and SAP shipped critical updates for auth bypass and RCE risks, and new PCIe IDE weaknesses prompted firmware work from Intel and AMD. At the same time, a Gogs zero day and abused GitHub tokens highlighted ongoing threats to software supply chains.
Cyber incidents this week hit emergency alerting, e-commerce, infrastructure, and app stacks. To start with, ransomware against the CodeRED platform disrupted local emergency notifications and exposed clear-text passwords. In another incident, a five-month breach at a major East Asian retailer affected tens of millions of customer accounts. Attackers exploited a command injection bug in Array Networks gateways, an admin takeover flaw in the King Addons WordPress plugin, and the React2Shell RCE vulnerability in React and Next.js.
Cyber incidents this week included ToddyCat deploying new tools to steal email data, Harvard reporting a breach affecting its alumni community, and a vendor compromise at SitusAMC exposing corporate records tied to major banks. Alongside, Asahi confirmed data theft affecting two million individuals, and OpenAI disclosed limited user information exposure linked to a Mixpanel breach. Here are this week’s top headlines.
Logitech Data Breach, Mass Router Hijack, Android Trojan Sturnus – Cybersecurity News [November 17, 2025]
by DuoCircle
Here are this week’s cybersecurity updates, bringing you headlines that made news around the world. Princeton University reported a data breach impacting alumni and donors, and the Clop extortion gang’s activity continued, with Logitech confirming data theft linked to a third-party zero-day.
Cybersecurity headlines this week show a clear picture, and no one seems immune. Hyundai confirmed a data breach that may have exposed millions of Social Security numbers, and Google has gone on the offensive, suing a China-based group accused of running a billion-dollar phishing operation.
This week saw a surge in major cyber incidents worldwide. A ransomware attack crippled Japan’s Askul retail network, Qilin claimed Habib Bank AG Zurich, and Google uncovered AI-powered malware that rewrites its code. Cisco issued urgent fixes for firewall exploits, while Oglethorpe and NMHC disclosed healthcare data breaches.
This week’s cybersecurity highlights include a Chrome zero-day exploited by Memento Labs for spyware attacks, new npm supply chain threats like PhantomRaven and an info-stealer campaign, and active exploitation of DELMIA Apriso and XWiki flaws. Meanwhile, ransomware hit Sedgebrook and Heartland Health Center, exposing patient data and prompting renewed healthcare security concerns.
Cyber threats kept security teams busy this week. A new campaign called PassiveNeuron is spying on government and industry networks across several regions, while the Jingle Thief group is running cloud-based gift card scams.Hackers are also exploiting the SessionReaper bug in Adobe Commerce, and a critical Lanscope flaw has been flagged by CISA. In healthcare, a breach at Conduent exposed personal data from 462,000 Blue Cross Blue Shield members, underscoring how widespread and damaging these attacks have become. Here are the latest updates from this past week.
It’s been a hectic week for enterprise security, with several major companies pushing out critical fixes. F5 admitted that attackers stole its BIG-IP source code, which even triggered a federal emergency directive. Microsoft wasn’t far behind, releasing 183 patches, including three zero-days, just as Windows 10 support was ending, and it had to tighten security on Edge’s IE mode after reports of it being exploited. On top of that, successive flaws struck Oracle’s E-Business Suite, and Cisco devices were hit by a new campaign called Operation Zero Disco that used a zero-day exploit to deploy stealthy Linux rootkits.
We are once again back with fresh news pieces highlighting the important news where major platforms and giant industries have been targeted. To start with, a critical WordPress flaw is being widely exploited to hijack administrator accounts, with over 13,800 attack attempts recorded. SonicWall confirmed that firewall backup files for all cloud backup customers were exposed in a breach, overturning earlier claims of limited impact.
It was a busy week for cybersecurity threats. Hackers exploited a flaw in VMware software, giving them full control over virtual machines. At the same time, Microsoft flagged a phishing campaign that used AI written code in fake file sharing emails to trick victims. A new Android Trojan, Datzbro, also spread through fake senior community apps, letting criminals take over phones. To top it off, the Confucius group launched fresh phishing attacks, and researchers found a malicious Python package that secretly installed backdoors on Windows systems.
This week saw a wave of cyber incidents across critical sectors. A stealthy campaign used the BRICKSTORM backdoor to hide inside networks for over a year, while a flaw in Pandoc was exploited in attempts to steal AWS credentials. Libraesva patched a bug in its Email Security Gateway that attackers are already abusing. Airports across Europe faced massive disruptions after a ransomware attack, and researchers flagged ShadowV2, a new Docker-targeting botnet offering DDoS-for-hire services.
Cyber incidents this week underline just how disruptive attacks have become. One of the country’s biggest carmakers has kept its production lines shut, losing around 1,000 vehicles a day while work continues to restore systems. Investigators also uncovered a vast ad-fraud scheme that ran across 224 apps with 38 million downloads, generating more than two billion fake ad requests daily. Alongside that, a worm-like breach spread through hundreds of npm packages, while poisoned search results and phishing emails delivered remote-access malware to new victims.
This week’s cyber reports reveal escalating threats on trusted platforms. A significant phishing attack on npm spread malware to millions, while a compromise of Salesloft’s GitHub account impacted the Drift application. Researchers also uncovered a malvertising campaign using fake GitHub commits and detailed the stealthy EggStreme framework, highlighting how attackers are exploiting familiar workflows with increasing sophistication and success.
This week brought a wave of innovative and large-scale cyberattacks. Scammers abused social media ads with AI features to push harmful links, with hundreds of accounts posting thousands of scams. More than 100 compromised government email accounts were used in a global phishing campaign against embassies and international organisations. At least 65 servers were hijacked to manipulate Google search rankings, while new backdoors turned email into a data theft tool. Attackers also exploited a Microsoft-signed driver to shut down security defences and install malware. These incidents highlight how quickly trusted platforms and tools can be weaponized, emphasizing the critical need for robust email security measures.
Cybersecurity threats are on the rise again this week. Hybrid cloud ransomware attacks are becoming more and more frequent. Intruders are now stealing vast amounts of data and wiping out backups without even using traditional malware. Also, government networks in Asia have been targeted in long-running data theft campaigns. On top of all that, a global wave of phishing is hitting people with new malware delivered through fake voicemails and purchase orders. In South Asia, some skilled attackers are expanding their threat space to target Linux systems. And if that’s not enough, a massive healthcare data breach has exposed the personal details of more than 600,000 individuals.
![Global Amazon Threats, LinkedIn Attack Hotspot, Ledger Breach Safety – Cybersecurity News [January 9, 2025]](https://www.duocircle.com/wp-content/uploads/2026/01/email-smtp-service-7865.jpg)
![Spotify Copyright Scrape, n8n Code Execution, MacSync Stealer Installer – Cybersecurity News [December 22, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-check-7888.jpg)
![Cisco AsyncOS Exploited, SonicWall SMA Fix, HPE OneView Patched – Cybersecurity News [December 15, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-tester-3450.jpg)
![Microsoft 2025 Fixes, Chrome Zero-Day, Enterprise Security Flaws – Cybersecurity News [December 08, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-3456.jpg)
![React2Shell RCE Threat, CodeRED Alert Disruption, Coupang Data Breach – Cybersecurity News [December 01, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-record-generator-4560.jpg)
![ToddyCat APT Evolving, Harvard Breach Reported, SitusAMC Vendor Breach– Cybersecurity News [November 24, 2025]](https://www.duocircle.com/wp-content/uploads/2025/12/spf-validator-5634.jpg)
![Logitech Data Breach, Mass Router Hijack, Android Trojan Sturnus – Cybersecurity News [November 17, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/hosted-email-server-4002.jpg)
![Hyundai Leak Exposed, International Malware Bust, Lighthouse Phishing Lawsuit – Cybersecurity News [November 10, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-check-3501.jpg)
![Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware – Cybersecurity News [November 03, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-5602.jpg)
![Chrome Spyware Exploited, npm InfoStealer Attack, DELMIA XWiki Vulnerabilities – Cybersecurity News [October 27, 2025]](https://www.duocircle.com/wp-content/uploads/2025/11/spf-record-tester-6780.jpg)
![Silent PassiveNeuron Attacks, Jingle Thief Fraud, SessionReaper Adobe Exploit – Cybersecurity News [October 20, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/spf-validator-7800.jpg)
![F5 Breach Response, Windows 10 Patch, Oracle Security Flaws – Cybersecurity News [October 13, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/dkim-validation-5602.jpg)
![Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft – Cybersecurity News [October 06, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/sendgrid-alternative-4502.jpg)
![VMware Exploit Attacks, AI Phishing Alert, Android Trojan Hijack – Cybersecurity News [September 29, 2025]](https://www.duocircle.com/wp-content/uploads/2025/10/email-smtp-service-8041.jpg)
![Ransomware Disrupts Airports, BRICKSTORM Backdoor Intrusions, Pandoc Flaw Exploited – Cybersecurity News [September 22, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dkim-validation-5601.jpg)
![JLR Cyber Shutdown, SlopAds App Fraud, Worm Hits npm – Cybersecurity News [September 15, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-permerror-0009.jpg)
![Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick – Cybersecurity News [September 08, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/spf-record-generator-6703.jpg)
![AI Spreads Malware, Diplomats Phished Globally, GhostRedirector Exploits Servers – Cybersecurity News [September 01, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/sender-policy-framework-5670.jpg)
![Ransomware Hits Hybrid, Data Theft Campaigns, Phishing Targets Companies – Cybersecurity News [August 25, 2025]](https://www.duocircle.com/wp-content/uploads/2025/09/dmarc-reporting-service-3456.jpg)