Patch Tuesday – November 2025

Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote Read More …

UK: NHS providers reviewing stolen data published by cyber criminals

Pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack last year. Synnovis has now completed its investigation into patient and staff data published online by the cyber criminal gang on Read More …

You Thought It Was Over? Authentication Coercion Keeps Evolving

Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system.Instead, they can simply force your computer to Read More …

Industrial computing systems at risk from “time bombs ” in malicious NuGet packages

Thousands of critical infrastructure organizations, as well as those working in other, equally important verticals, were targeted by a perfidious attack that sought to sabotage their industrial control devices (ICD) two years down the line, experts have discovered. Cybersecurity researchers Read More …

Cyber Toufan leaks secret data on Iron Dome, Jericho missiles, and Australia’s Land 400 project

A hacking group believed to have ties to Iran has claimed responsibility for a massive cyberattack that exposed information linked to Australia’s $7 billion Land 400 defence program. The group, known as Cyber Toufan, says it accessed the data after Read More …

UK: BBC leaders resign amid scandal over misleading edit of Trump speech

Two top leaders at the BBC resigned on Sunday amid an escalating scandal over impartiality and bias that plunged Britain’s public broadcaster into one of its biggest crises in recent years. The BBC’s most senior executive, director general Tim Davie, Read More …

Threat Landscape of the Building and Construction Sector: IA, Supply Chain, and IoT

In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries such as Read More …

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not Read More …

Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk

Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained Read More …