Seventy-three civil liberties campaigners, lawyers, and academics are demanding a parliamentary inquiry into the UK's Information Commissioner's Office after its failure to investigate the Ministry of Defence over the Afghan data breach. The serious leak exposed names of Afghans who worked with British forces, potentially putting their lives at risk after the Taliban takeover in August 2021.

The groups, coordinated by Open Rights Group, accuse Commissioner John Edwards of a "collapse in enforcement activity" and warn of deeper structural failures. They cite the ICO's pattern of issuing weak reprimands instead of meaningful penalties for public sector breaches, including those affecting Windrush victims.

The letter warns that both public and private sectors are now ignoring data protection rules, knowing enforcement is unlikely.

Source: The Guardian

Cox Enterprises confirmed hackers breached its Oracle E-Business Suite between August 9-14, compromising personal information of nearly 9,500 individuals. The conglomerate, which operates in communications, automotive, and agriculture, joins over 100 organizations targeted in this massive cybercrime campaign.

The Cl0p ransomware group has publicly leaked 1.6 TB of files allegedly stolen from Cox and named major victims including Logitech, The Washington Post, Harvard, Mazda, and American Airlines subsidiary Envoy Air. Security experts link the attacks to threat actor FIN11, previously behind similar breaches of Cleo, MOVEit, and Fortra file transfer systems.

Source: SecurityWeek

Cybersecurity researchers at K7 Labs discovered sophisticated Python-based malware that injects itself into legitimate Windows binaries like cvtres.exe to avoid detection. The attack starts with a fake PNG file that's actually a RAR archive, downloaded from cloud storage and extracted using built-in Windows tools.

The malware uses multiple layers of obfuscation—Base64 encoding, BZ2 compression, and Zlib decompression—to hide its true payload. It disguises itself as system files like AsusMouseDriver.sys and ntoskrnl.exe while bundling a complete Python runtime environment.

Once active, it establishes encrypted command-and-control communications that persist even after the original loader terminates. This fileless attack strategy poses serious risks to enterprise environments where traditional signature-based security tools may miss the threat.

Source: Cybersecurity News

Anthropic says Chinese state-sponsored hackers manipulated its Claude AI tool to attack 30 financial firms and government agencies in September, with 80-90% of operations running without human oversight. The company calls this the "first documented case of a cyber-attack largely executed without human intervention at scale."

The hackers bypassed safety guardrails by telling Claude to role-play as a cybersecurity firm employee conducting tests. While they achieved "a handful of successful intrusions" and accessed internal data, Claude made numerous mistakes during the attacks.

Senator Chris Murphy warned this shows AI regulation needs immediate priority. However, some cybersecurity experts remain skeptical, calling it "fancy automation" rather than true intelligence and questioning whether Anthropic is creating AI hype.

Source: The Guardian

Human error accounts for 80-90% of industrial accidents, with negligent insiders responsible for 56% of cybersecurity breaches in operational technology environments. Critical infrastructure faces growing risks from disgruntled employees, compromised contractors, and foreign agents infiltrating supply chains.

Experts warn that operational technology personnel have wide-ranging system privileges, making simple mistakes like clicking wrong buttons or plugging in unauthorized USB drives potentially catastrophic. The challenge intensifies as third-party vendors often have the same access as internal staff but limited cybersecurity awareness.

While AI and behavioral analytics show promise for detecting anomalous behavior, experts emphasize they're tools to assist, not replace, strong organizational culture and process controls. Organizations must balance strict monitoring with maintaining workforce trust and morale to prevent creating a "policing culture" that breeds resentment.

Source: Industrial Cyber

St. Anthony Hospital in Chicago disclosed Wednesday that a February data breach may have exposed personal information of more than 6,600 patients and staff members. An unauthorized party accessed employee email accounts, potentially compromising names, addresses, Social Security numbers, medical records, and prescription information.

The hospital says there's no evidence the data has been misused for identity theft or fraud. Officials are notifying affected individuals and recommend placing fraud alerts on credit files and monitoring financial accounts. A dedicated hotline (877-580-4384) is available weekdays 8 a.m. to 5 p.m. for questions about the incident.

Source: CBS News Chicago

CISA has added a critical Oracle Identity Manager zero-day vulnerability (CVE-2025-64446) to its Known Exploited Vulnerabilities catalog after confirming active attacks in the wild. The flaw scores a devastating 9.8 on the CVSS scale and lets attackers remotely execute code without any authentication required.

The vulnerability poses a major threat to organizations relying on Oracle Identity Manager for access control. Federal agencies face a mandatory patching deadline under CISA's Binding Operational Directive 22-01. Organizations should immediately apply patches and check their systems for signs of compromise, as hackers are already exploiting this security hole.

Source: The Hacker News

Fortinet disclosed another zero-day vulnerability in its FortiWeb firewall just days after revealing a separate exploited flaw. CVE-2025-58034 allows authenticated attackers to run code through crafted HTTP requests, earning a 6.7 CVSS score.

Orange Cyberdefense reports "several exploitation campaigns" are chaining this new flaw with last week's vulnerability for more powerful attacks. Trend Micro detected around 2,000 exploitation attempts.

The timing raises questions about Fortinet's disclosure practices - both vulnerabilities were quietly patched before public disclosure. CISA added the flaw to its Known Exploited Vulnerabilities catalog with an accelerated one-week patching deadline for federal agencies.

Source: Dark Reading

Nearly every organization worldwide (97%) has been hit by supply chain breaches, up dramatically from 81% in 2024, according to BlueVoyant's latest survey of 1,800 IT leaders.

Despite the alarming jump, companies are fighting back. Almost half are now collaborating directly with third parties to fix security issues, and 46% claim to have mature risk management programs in place.

But there's a catch: many programs focus on compliance checkboxes rather than actually reducing risk. Only 16% of companies list risk reduction as their primary goal, while cyber insurance requirements and board mandates drive most efforts. The biggest challenge? Lack of internal support, cited by 60% of program managers.

Source: Infosecurity Magazine

CISA has issued an urgent warning about a zero-day vulnerability in Google Chrome that's already being exploited by attackers. The flaw, CVE-2025-13223, affects Chrome's V8 JavaScript engine and allows hackers to execute malicious code remotely just by tricking users into visiting compromised websites.

The vulnerability impacts Chrome versions before 131.0.6778.72 and extends to other Chromium-based browsers like Microsoft Edge and Brave. Google patched the issue on November 19, 2025, but CISA has given federal agencies until December 10 to update their systems.

With over 3 billion Chrome users worldwide, this high-severity bug poses massive risks for data breaches and malware infections. Users should immediately update to the latest Chrome version to protect themselves.

Source: Cybersecurity News