---
title: "Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03, 2025] | DuoCircle"
description: "Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/"
---

Quick Answer

Cybersecurity news for the week of November 3, 2025\. A ransomware attack against Japanese retailer Askul shut down its three e-commerce platforms (Askul, Lohaco, Soloel Arena) and disrupted partners including Muji, Loft, and Sogo & Seibu; Asahi Group Holdings and Sagawa Express also reported recent incidents. The Qilin group claimed Habib Bank AG Zurich. Google disclosed AI-powered malware that rewrites its own code. Cisco issued urgent firewall fixes. Oglethorpe and NMHC disclosed healthcare data breaches.

Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News \[November 03, 2025\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/11/Askul-Ransomware-Disruption-Qilin-Targets-Habib-Google-Exposes-Malware---Cybersecurity-News-November-03-2025.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-46-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Askul%20Ransomware%20Disruption%2C%20Qilin%20Targets%20Habib%2C%20Google%20Exposes%20Malware%2C%20Cybersecurity%20News%20%5BNovember%2003%2C%202025%5D&url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-46-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-46-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-46-of-2025%2F&title=Askul%20Ransomware%20Disruption%2C%20Qilin%20Targets%20Habib%2C%20Google%20Exposes%20Malware%2C%20Cybersecurity%20News%20%5BNovember%2003%2C%202025%5D "Share on Reddit") [ ](mailto:?subject=Askul%20Ransomware%20Disruption%2C%20Qilin%20Targets%20Habib%2C%20Google%20Exposes%20Malware%2C%20Cybersecurity%20News%20%5BNovember%2003%2C%202025%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcybersecurity-news-update-week-46-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/11/spf-record-5602.jpg) 

This week saw a surge in major cyber incidents worldwide. A ransomware attack crippled Japan’s Askul retail network, Qilin claimed Habib Bank AG Zurich, and Google uncovered [AI-powered malware](https://www.cybersecuritydive.com/news/ai-powered-malware-google/804760/) that rewrites its code. Cisco issued urgent fixes for firewall exploits, while **Oglethorpe and NMHC** disclosed healthcare data breaches.

## Ransomware Attack on Askul Disrupts Japan’s Retail Supply Chain

Japanese retailer [Askul has stopped online orders and product shipments](https://www.askul.co.jp/snw/newsDispView/?newsId=18466) after [a ransomware attack incapacitated its systems](https://www.japantimes.co.jp/business/2025/11/07/companies/askul-online-sales-december/), disrupting several major retail partners that rely on its logistics network. The Tokyo-based company discovered the breach over the weekend, forcing it to shut down operations across its three e-commerce platforms, including Askul for office supplies, Lohaco for household goods, and Soloel Arena for corporate clients. All new orders and user registrations have been paused, existing shipments cancelled, and customer inquiries temporarily disabled. [Askul said it is still investigating the scale of the incident,](https://www.askul.co.jp/snw/newsDispView/?newsId=18464) including whether any personal or customer data was compromised. The attack has also caused a ripple effect across Japan’s retail sector. 

Muji, which depends on Askul’s logistics arm, has halted domestic online sales and parts of its mobile app, although physical stores remain unaffected. Other retailers, including Loft and Sogo & Seibu, have also faced service disruptions connected to Askul’s logistics network. The breach comes when a surge of cyber incidents is happening across Japan. Earlier in November, [Asahi Group Holdings confirmed a ransomware attack](https://www.asahigroup-holdings.com/en/newsroom/detail/20251014-0203.html) by the attackers that disrupted production, while [Sagawa Express reported unauthorized logins](https://www2.sagawa-exp.co.jp/information/detail/361/) to customer accounts linked to stolen credentials. The wave of attacks shows how ransomware and data theft continue to challenge Japan’s critical business operations.

[![ stolen credentials](https://media.mailhop.org/duocircle/images/2025/11/spf-record-checker-0020.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-checker-0020.jpg)

## Qilin Ransomware Gang Claims Habib Bank AG Zurich as Latest Victim

The [Switzerland-based Habib Bank AG Zurich](https://habibbank.com/) is the latest victim to show up on the [Qilin ransomware gang’s dark web site](https://cybernews.com/security/swiss-habib-bank-data-breach/). The group claims to have stolen around 2.5 terabytes of data, including nearly two million files. To back up its claims and pressure the bank to negotiate, the gang has posted screenshots said to come from the stolen data. Researchers at Cybernews, who reviewed the samples, noted that they appear to include **customer account details** such as passport numbers, balances, and transaction records. The attackers also say they nabbed source code for internal tools, which raises alarms about potential security flaws in the bank’s systems.

_Habib Bank, which operates in several countries, hasn’t commented on the breach yet_. [The Qilin ransomware group](https://blog.qualys.com/vulnerabilities-threat-research/2025/06/18/qilin-ransomware-explained-threats-risks-defenses) has been active since 2022 and has become one of the most prolific gangs out there, targeting hospitals, manufacturers, and major companies like **Volkswagen Group France and Nissan**. This incident is just the latest in a growing list of cyberattacks hitting the global financial sector, as groups like [HSBC USA](https://cybernews.com/security/hsbc-usa-data-breach-claims/) and [Jordan Kuwait Bank](https://cybernews.com/security/jordan-kuwait-bank-data-breach-everest-ransomware/) have also recently suffered data breaches, showing that financial institutions are still prime targets.

[![data breaches ](https://media.mailhop.org/duocircle/images/2025/11/spf-record-check-0020.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-check-0020.jpg)

## Google Uncovers AI-Powered Malware That Rewrites Its Own Code

Google just spotted a [new experimental malware called PROMPTFLUX](https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools), and it’s pretty concerning. It actually uses Google’s own [Gemini AI model](https://blog.google/products/gemini/google-gemini-new-features-july-2024/) to rewrite its code, making it better at hiding from antivirus software. The VBScript malware pings the [Gemini API](https://cybersecuritynews.com/promptflux-malware-using-gemini-api/) to **ask for code changes** and then generates new versions of itself, saving them in the Windows Startup folder to stick around. Researchers think PROMPTFLUX is still in development, since its self-changing feature isn’t active yet. Still, its design points to a new phase of AI-powered malware that can evolve in real time.

_Google says the attackers seem financially motivated and are testing AI-driven replication. But they’re not the only ones_. The company is also seeing other AI-powered malware, like FRUITSHELL, [PROMPTLOCK](https://exchange.xforce.ibmcloud.com/osint/guid:7e5a1c764c66451c95b9b6d1a9481572), and QUIETVAULT, using **large language models** to create or change code on demand. Beyond just experimental tools, Google has tracked several state-linked groups using [generative AI](https://www.cybersecuritydive.com/news/ai-cyberattacks-malware-open-source-phishing-gartner/750283/) for phishing, data theft, and building malware. The company warns that this shows a shift toward [fully integrated, automated cyber operations](https://cloud.google.com/blog/topics/threat-intelligence/cybersecurity-forecast-2026). As more hackers experiment with generative AI, Google expects these tools will become standard for building large-scale, adaptive attacks.

As cyberattacks surge worldwide, **implementing strong** [email security](/) through [SPF](/resources/what-is-spf), [DKIM](/email-security/verify-dkim-checking-your-emails-domainkeys-identified-mail-setup/), and [DMARC](/resources/what-is-dmarc) is crucial to defend against spoofing, phishing, and evolving AI-driven threats.

[![AI-powered malware](https://media.mailhop.org/duocircle/images/2025/11/smtp-relay-4522.jpg)](https://media.mailhop.org/duocircle/images/2025/11/smtp-relay-4522.jpg)

## Cisco Issues Urgent Fixes After Fresh Firewall Exploitation Detected

Cisco has warned that attackers are now exploiting a new variant of attacks targeting its [Secure Firewall (ASA) and Threat Defense (FTD) software](https://gbhackers.com/cisco-secure-asa-and-ftd-rce-vulnerability/). This campaign affects devices vulnerable to two recently disclosed flaws, [CVE-2025-20333](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB) and [CVE-2025-20362](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW). The company says the exploit can cause unpatched devices to reload unexpectedly, resulting in a [denial-of-service (DoS)](https://www.scworld.com/brief/us-among-most-targeted-by-ddos-intrusions-study-finds). Cisco is urging customers to apply the **latest patches right away** to avoid potential disruption.

As per the **UK’s National Cyber Security Centre**, these flaws were already being used as zero-days in attacks that deploy malware like [RayInitiator and LINE VIPER](https://www.ncsc.gov.uk/news/persistent-malicious-targeting-cisco-devices). The first bug lets attackers run code remotely, while the second allows unauthorized access to restricted URLs. Cisco also released fixes for [two critical flaws in its Unified Contact Center Express platform](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ) that could let attackers upload files, bypass authentication, and run commands with root privileges. They also [patched a high-severity DoS flaw in the Identity Services Engine](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-radsupress-dos-8YF3JThh) that could allow attackers to repeatedly restart affected systems.

[![malware ](https://media.mailhop.org/duocircle/images/2025/11/spf-record-0020.jpg)](https://media.mailhop.org/duocircle/images/2025/11/spf-record-0020.jpg)

## Oglethorpe and NMHC Report Data Breaches Linked to Cyber Incidents

Two U.S. healthcare providers have just [reported separate data breaches](https://www.hipaajournal.com/oglethorpe-data-breach/). [Tampa’s Oglethorpe](https://www.oglethorpeinc.com/), which runs mental health and addiction recovery centers in **Florida, Louisiana, and Ohio**, had a cyber incident that disrupted its systems between May 15 and June 6, 2025\. Investigators confirmed attackers stole files with patient [Personally Identifiable Information (PII)](https://www.techtarget.com/searchsecurity/definition/personally-identifiable-information-PII), including names, birth dates, [Social Security numbers](https://www.investopedia.com/terms/s/ssn.asp), driver’s license details, and medical info. [This breach hit 92,332 people, including 85 in Maine](https://thehipaaetool.com/oglethorpe-data-breach-affects-92000/). Oglethorpe says it hasn’t seen any data misuse yet, but it’s offering 12 months of free credit monitoring and has rebuilt its systems to boost security.

In a separate case, [Northern Montana Health Care (NMHC)](https://nmhcare.org/) said it was impacted by a [breach at its debt collection partner, Wakefield & Associates](https://nbcmontana.com/news/local/northern-montana-health-care-alerts-patients-to-vendor-data-breach). _The good news is that the problem was limited to Wakefield’s network, and no NMHC systems were affected_. Wakefield is notifying the affected individuals directly and offering them credit monitoring and identity protection. The total number of patients impacted hasn’t been confirmed yet. As of now, neither of these breaches has popped up on the **HHS Office for Civil Rights portal**.

## Topics

DKIMDMARCemail securityNewsSecurityspfUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 5m  Apple Pay Scam, Crypto Fraud Victims, Retirement Phishing Loss, Cybersecurity News \[April 06, 2026\]  Apr 13, 2026 ](/blog/announcements/cyber-security-news-update-week-15-of-2026/)[  News 6m  GitHub Backdoor Threat, Cartier Data Breach, Fake RubyGems Steal, Cybersecurity News \[June 02, 2025\]  Jun 9, 2025 ](/blog/announcements/cyber-security-news-update-week-24-of-2025/)[  News 6m  Malicious npm Packages, Salesloft GitHub Breach, Malvertising Commit Trick, Cybersecurity News \[September 08, 2025\]  Sep 15, 2025 ](/blog/announcements/cyber-security-news-update-week-38-of-2025/)[  News 6m  Hackers Hijack WordPress, SonicWall Backup Breach, Oracle Data Theft, Cybersecurity News \[October 06, 2025\]  Oct 13, 2025 ](/blog/announcements/cybersecurity-news-update-week-42-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03, 2025]","description":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/","datePublished":"2025-11-10T16:52:34.000Z","dateModified":"2025-11-10T17:12:56.000Z","dateCreated":"2025-11-10T16:52:34.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":1074,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/11/spf-record-5602.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03, 2025]","item":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03, 2025]","description":"Askul Ransomware Disruption, Qilin Targets Habib, Google Exposes Malware, Cybersecurity News [November 03.","url":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/","datePublished":"2025-11-10T16:52:34.000Z","dateModified":"2025-11-10T17:12:56.000Z","dateCreated":"2025-11-10T16:52:34.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cybersecurity-news-update-week-46-of-2025/"},"articleSection":"announcements","keywords":"DKIM, DMARC, email security, News, Security, spf, Updates","wordCount":1074,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/11/spf-record-5602.jpg","caption":"cybersecurity news","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```