Ticker feed

Microsoft released its November 2025 Patch Tuesday updates on November 11, fixing 63 security flaws across Windows, Office, Azure, and Visual Studio. The most urgent concern is CVE-2025-62215, a zero-day Windows Kernel vulnerability already being exploited by attackers to escalate privileges on compromised systems.

Five critical vulnerabilities lead the pack, including CVE-2025-62199 in Microsoft Office that allows remote code execution through malicious documents, and CVE-2025-60724 in GDI+ enabling network-based attacks on graphics applications.

The remaining 57 "Important" rated flaws primarily target privilege escalation, affecting everything from Smart Card services to Kerberos authentication. Security teams should prioritize patching internet-facing systems immediately, as no workarounds exist for the exploited zero-day.

Source: Cyber Security News

The Qilin ransomware group has ramped up attacks on small and medium businesses, particularly in construction, healthcare, and finance sectors. Security firm S-RM reports that 88% of 2025 cases involved both data theft and file encryption, with stolen information posted on dark web sites when ransoms aren't paid.

Qilin exploits basic vulnerabilities like unpatched VPNs, missing multi-factor authentication, and exposed management interfaces. The group operates like a tech business, renting tools to affiliates including members of Scattered Spider.

While major attacks like the 2024 UK healthcare breach grab headlines, most victims are smaller organizations. S-RM urges companies to patch VPNs regularly, enable multi-factor authentication, and monitor networks for intrusion signs.

Source: Infosecurity Magazine

UK transport and cyber-security officials are investigating whether hundreds of Chinese-made Yutong buses operating across Britain could be remotely controlled by their manufacturer. The probe follows Norwegian findings that Yutong buses could theoretically be "stopped or rendered inoperable" through over-the-air software updates via mobile networks.

Yutong buses run in Bristol, Essex, Leicester, Nottingham, and other UK locations. The company has exported nearly 110,000 buses to over 100 countries, capturing 10% of the global market. Denmark also launched an investigation after Norway's discovery.

While there's no evidence of actual interference, the case highlights growing concerns about Chinese involvement in British infrastructure and the security risks of connected vehicles.

Source: The Guardian

The Cl0p ransomware group has publicly named 29 organizations allegedly hit in a cyberattack targeting Oracle's E-Business Suite customers. The campaign, linked to threat actor FIN11, involved extortion emails sent to executives in late September.

Confirmed victims include Harvard University, South Africa's Wits University, American Airlines subsidiary Envoy Air, and The Washington Post. Major corporations like Schneider Electric, Emerson, Logitech, and Cox Enterprises appear on the list but haven't confirmed breaches.

The hackers leaked data from 18 victims, sometimes releasing terabytes of files. The attacks likely exploited Oracle EBS vulnerabilities CVE-2025-61882 and CVE-2025-61884, which allow remote access without authentication. Most targeted organizations remain silent while conducting investigations.

Source: SecurityWeek

Elastic disclosed a high-severity vulnerability (CVE-2025-37735) in its Defend security software for Windows that could let attackers escalate privileges to gain admin control. The flaw affects versions up to 8.19.5 and 9.0.0 through 9.1.5, scoring 7.0 on the CVSS scale.

The bug stems from improper file permission handling in the Defend service, which runs with SYSTEM-level privileges. Attackers with local access could exploit this to delete arbitrary files and potentially gain full system control.

Elastic urges immediate upgrades to fixed versions 8.19.6, 9.1.6, or 9.2.0. Organizations unable to patch immediately should consider upgrading to Windows 11 24H2, which makes exploitation much harder.

Source: Cybersecurity News

Google released November 2025 Android security updates addressing two critical vulnerabilities in the System component. The most serious flaw, CVE-2025-48593, affects Android versions 13-16 and allows remote code execution without user interaction or additional privileges. It stems from insufficient input validation.

A second vulnerability, CVE-2025-48581, affects Android 16 devices and could block security updates through a logic error in apexd.cpp code.

This marks another departure from Google's traditional monthly update pattern. After skipping July and October entirely, the company resolved over 100 vulnerabilities in August and September. Devices with security patch level 2025-11-01 are protected against these threats.

Source: SecurityWeek

The Biden administration is weighing a ban on TP-Link routers, which control about 65% of the US router market, citing national security risks tied to China. Multiple federal agencies including Commerce, Defense, and Justice have investigated the company since December 2023.

TP-Link Systems, headquartered in California but with 11,000 employees in China, denies being controlled by the Chinese government. The company was founded in Shenzhen in 1996 and split into two entities in 2024 amid congressional pressure.

Lawmakers worry about router vulnerabilities and potential cyberattacks, while the Justice Department separately probes possible predatory pricing. Over 300 internet providers currently distribute TP-Link routers to customers nationwide.

Source: CNET

The Congressional Budget Office confirmed Thursday it was hacked, potentially exposing sensitive government data to malicious actors. The 275-employee agency provides cost estimates for nearly every congressional bill and handles massive datasets on policy issues ranging from deportation plans to tariffs and tax cuts.

According to The Washington Post, four sources identified the attackers as suspected foreign actors, though the CBO hasn't confirmed this detail. Spokeswoman Caitlin Emma said the agency contained the breach and implemented new security controls while investigations continue.

The timing is particularly concerning given the CBO's access to data on major policy initiatives including the Trump administration's mass deportation plans and sweeping tariff implementations.

Source: Security Week

Security researchers discovered sophisticated spyware called "Landfall" that secretly targeted Samsung Galaxy users across Iraq, Iran, Turkey, and Morocco from mid-2024 through April 2025. The malware exploited a critical zero-day vulnerability in Samsung's image processing library, delivered through weaponized image files sent via WhatsApp.

Landfall could record conversations, track locations, capture photos, and steal contacts from high-end Galaxy devices like the S22, S23, and S24 series. Palo Alto Networks' Unit 42 team found the spyware had advanced detection evasion capabilities and linked it to commercial-grade surveillance operations similar to NSO Group's Pegasus.

Samsung patched the vulnerability after researchers privately reported it, but the campaign highlights how commercial spyware vendors increasingly target mobile platforms for government surveillance.

Source: Dark Reading

The Congressional Budget Office fell victim to a cybersecurity breach, with suspected foreign attackers potentially accessing communications between lawmakers and agency researchers. CBO spokesperson Caitlin Emma confirmed the incident Thursday, saying the agency quickly contained it and added new security measures.

The nonpartisan office, established in 1974 to provide budget analysis to Congress, employs 275 staff members and recently requested $76 million for fiscal 2026 - with nearly half the budget increase earmarked for cybersecurity improvements. Officials believe they caught the intrusion early, and the investigation continues while normal operations proceed.

Source: CyberScoop