News – November 2025

  • Multiple London councils hit by ‘cyber attack’

    November 26, 2025

    Several London councils have been hit by a “cyber attack” which could have compromised residents’ data. Kensington and Chelsea, Hammersmith and Fulham, and Westminster City councils said they have been responding to a “cyber security issue” since Monday morning. The councils, which share a number of IT systems, added they are working with the “help of ...

  • The Dual-Use Dilemma of AI: Malicious LLMs

    November 25, 2025

    A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to technologies like nuclear physics or biotechnology, but now also central to AI. Any tool powerful enough ...

  • From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

    November 24, 2025

    Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in 2020 when the Pinchy Spider group, better known as ...

  • CISA orders feds to patch Oracle Identity Manager zero-day after signs of abuse

    November 24, 2025

    CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix was released. The flaw, tracked as CVE-2025-61757 and now sitting in CISA’s Known Exploited Vulnerabilities catalog, ...

  • CrowdStrike fires ‘suspicious insider’ who passed information to hackers

    November 21, 2025

    Cybersecurity giant CrowdStrike has confirmed firing a “suspicious insider” last month who allegedly fed information about the company to a notorious hacking group. A hacking collective known as Scattered Lapsus$ Hunters published screenshots late Thursday and Friday morning in a public Telegram channel that allegedly showed insider access to CrowdStrike systems. The screenshots, which TechCrunch has ...

  • WhatsApp security flaw lets experts scrape 3.5 billion user numbers

    November 21, 2025

    WhatsApp users may need to take extra steps to protect their account information following a potentially concerning discovery. A study by researchers at the University of Vienna revealed the app’s contact-discovery system enabled the collection of extensive WhatsApp user data at an unprecedented scale due to insufficient rate-limiting across global endpoints. The researchers were able to ...

  • Google says hackers stole data from 200 companies following Gainsight breach

    November 21, 2025

    Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack. On Thursday, Salesforce disclosed a breach of “certain customers’ Salesforce data” — without naming affected companies — that was stolen via apps published by Gainsight, which provides a customer support platform to other companies. Read more… Source: ...

  • European Union Agency for Cybersecurity (ENISA) becomes a Common Vulnerabilities and Exposures (CVE) Program-Root

    November 20, 2025

    As a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA), ENISA is authorised to assign CVE Identifiers (CVE IDs) and to publish CVE Records for vulnerabilities discovered by or reported to EU CSIRTs, in line with their dedicated coordinator roles since January 2024. As Root CNA, ENISA is now expanding its role within the CVE ...

  • Logitech Confirms Data Breach After Cl0p, Linked to Oracle E-Business Suite Exploits, Takes Responsibility

    November 20, 2025

    Hardware and software solutions company Logitech has disclosed a data breach that exposed employee, customer, and supplier information. “Logitech International S.A. (“Logitech”) recently experienced a cybersecurity incident relating to the exfiltration of data,” the company stated. Read more… Source: CPO Magazine News Sign up for the Cyber Security Review Newsletter The latest cyber security news and insights delivered right to ...

  • US, UK, and Australia sanction Russian ‘bulletproof’ web host used in ransomware attacks

    November 19, 2025

    The governments of the United States, United Kingdom, and Australia have sanctioned a Russian “bulletproof” web hosting company and several of its related firms for allegedly being used to launch ransomware attacks against U.S. victims and critical infrastructure. In a statement Wednesday, the U.S. Treasury said it imposed coordinated sanctions on the Russia-based web host ...