News – November 2025

  • UK: NHS providers reviewing stolen data published by cyber criminals

    November 11, 2025

    Pathology supplier Synnovis is contacting NHS organisations which had data stolen and published online following a major cyber attack last year. Synnovis has now completed its investigation into patient and staff data published online by the cyber criminal gang on 20 June 2024, which includes personal data such as names, NHS numbers, test results and test ...

  • You Thought It Was Over? Authentication Coercion Keeps Evolving

    November 10, 2025

    Imagine a scenario where malicious actors don’t need to trick you into giving up your password. They have no need to perform sophisticated social engineering attacks or exploit vulnerabilities in your operating system.Instead, they can simply force your computer to authenticate to an attacker-controlled system, effectively commanding your machine to hand over valuable credentials. This attack ...

  • Industrial computing systems at risk from “time bombs ” in malicious NuGet packages

    November 10, 2025

    Thousands of critical infrastructure organizations, as well as those working in other, equally important verticals, were targeted by a perfidious attack that sought to sabotage their industrial control devices (ICD) two years down the line, experts have discovered. Cybersecurity researchers Socket recently found nine packages on NuGet that contained sabotage payloads set to activate in 2027 ...

  • Cyber Toufan leaks secret data on Iron Dome, Jericho missiles, and Australia’s Land 400 project

    November 10, 2025

    A hacking group believed to have ties to Iran has claimed responsibility for a massive cyberattack that exposed information linked to Australia’s $7 billion Land 400 defence program. The group, known as Cyber Toufan, says it accessed the data after breaching several Israeli defence companies. Cyber Toufan, a pro-Hamas group, shared the stolen material on Telegram. ...

  • UK: BBC leaders resign amid scandal over misleading edit of Trump speech

    November 10, 2025

    Two top leaders at the BBC resigned on Sunday amid an escalating scandal over impartiality and bias that plunged Britain’s public broadcaster into one of its biggest crises in recent years. The BBC’s most senior executive, director general Tim Davie, and the chief executive of the news division, Deborah Turness, both quit after the leak of ...

  • Threat Landscape of the Building and Construction Sector: IA, Supply Chain, and IoT

    November 7, 2025

    In 2025, the construction industry stands at the crossroads of digital transformation and evolving cybersecurity risks, making it a prime target for threat actors. Cyber adversaries, including ransomware operators, organized cybercriminal networks, and state-sponsored APT groups from countries such as China, Russia, Iran, and North Korea, are increasingly focusing their attacks on the building and construction ...

  • LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices

    November 7, 2025

    Unit 42 researchers have uncovered a previously unknown Android spyware family, which we have named LANDFALL. To deliver the spyware, attackers exploited a zero-day vulnerability (CVE-2025-21042) in Samsung’s Android image processing library. The specific flaw LANDFALL exploited, CVE-2025-21042, is not an isolated case but rather part of a broader pattern of similar issues found on multiple ...

  • Hyundai IT services breach could put 2.7 million Hyundai, Kia owners in the US at risk

    November 7, 2025

    Hyundai AutoEver America (HAEA), the carmaker’s IT-services subsidiary servicing the North American region, has confirmed suffering a cyberattack and lost sensitive customer data as a result. In a data breach notification letter recently sent out to affected individuals, HAEA explained that the attack began on February 22, 2025, and lasted until March 2, when the attackers ...

  • U.S. Congressional Budget Office confirms it was hacked

    November 7, 2025

    The U.S. Congressional Budget Office has confirmed it was hacked. Caitlin Emma, a spokesperson for CBO, told TechCrunch on Friday that the agency is investigating the breach and “has identified the security incident, has taken immediate action to contain it, and has implemented additional monitoring and new security controls to further protect the agency’s systems ...

  • Cisco Releases Security Updates for Unified CCX

    November 6, 2025

    Cisco has released security updates to address two critical vulnerabilities in Unified Contact Center Express (Unified CCX). CVE-2025-20354 – Unauthenticated Remote Code Execution (RCE) vulnerability – CVSSv3 score: 9.8 CVE-2025-20358 – Authentication Bypass (unauthenticated to administrative privileges) vulnerability – CVSSv3 score: 9.4 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber security news and ...