Another wild week in cybersecurity! From PhaaS platforms targeting M365 to ransomware groups naming victims, Russian IABs pleading guilty, and a chipmaker publishing 60+ vuln patches—it’s been eventful.

We’ve got nation-state espionage campaigns, supply chain nightmares, fake travel sites stealing payment data, and even Android photo frames shipping with malware. Plus, the passwordless dream keeps hitting reality checks while Microsoft rushes fixes for Windows 10 stragglers.

Check out this week’s Friday Wrap Up for the full breakdown!

Major Cyberattacks & Incidents

This week witnessed significant breaches across multiple sectors, from hospitality to financial services, with ransomware groups capitalizing on system vulnerabilities.

• 🎯 New PhaaS platform Quantum Route Redirect uses 1,000 domains to steal Microsoft 365 credentials through automated phishing campaigns targeting users worldwide. (Published on 10-Nov-2025, BleepingComputer). Read More

• 🏨 ClickFix attackers compromise hospitality providers with infostealer and RAT malware, then launch secondary phishing attacks against customers via email and WhatsApp. (Published on 10-Nov-2025, Dark Reading). Read More

• 💰 Cl0p ransomware group lists nearly 30 alleged victims of Oracle EBS hack, including Logitech, The Washington Post, Cox Enterprises, and Pan American Silver. (Published on 10-Nov-2025, SecurityWeek). Read More

• ⚖️ Russian initial access broker pleads guilty to facilitating seven Yanluowang ransomware attacks, earning over $250,000 from his role selling network access. (Published on 11-Nov-2025, Malware Analysis). Read More

• 🎣 Russian-speaking threat actors created over 4,300 fake travel domain names to target hotel guests with phishing emails designed to steal payment data. (Published on 13-Nov-2025, The Hacker News). Read More

• 🔒 CISA warns Akira ransomware operation now using Linux encryptor specifically designed to target and encrypt Nutanix AHV virtual machines in attacks. (Published on 13-Nov-2025, BleepingComputer). Read More

• 💳 Checkout.com breached by ShinyHunters who accessed legacy cloud storage; company refuses ransom demands and will donate equivalent amount to charity instead. (Published on 14-Nov-2025, BleepingComputer). Read More

• 📰 Washington Post confirms nearly 10,000 employees impacted by Oracle hack as cybercriminals attempted extortion after stealing personal information from systems. (Published on 14-Nov-2025, SecurityWeek). Read More

Malware & Vulnerabilities

Critical flaws across enterprise platforms and consumer devices demanded immediate patching this week as active exploitation emerged across multiple products.

• 🚨 Critical pre-authentication flaw CVE-2025-34299 in Monsta FTP allows hackers to completely take over web servers; users must update to version 2.11.3 immediately. (Published on 10-Nov-2025, Hackread). Read More

• 🪱 GlassWorm malware returns to Open VSX marketplace with three more infected VS Code extensions and now emerges in GitHub repositories as well. (Published on 10-Nov-2025, SecurityWeek). Read More

• ⚠️ ClickFix attack technique bypasses many endpoint protections and represents one of the biggest security threats families and organizations may not recognize yet. (Published on 11-Nov-2025, Ars Technica). Read More

• 🔧 Intel, AMD, and Nvidia published Patch Tuesday advisories describing over 60 vulnerabilities discovered recently across their processor and graphics card products. (Published on 12-Nov-2025, SecurityWeek). Read More

• 🛡️ Ivanti and Zoom patched high-severity vulnerabilities that could enable arbitrary file writes, privilege escalation, code execution, and information disclosure attacks. (Published on 12-Nov-2025, SecurityWeek). Read More

• 📋 CISA added three actively exploited vulnerabilities to KEV Catalog affecting WatchGuard Firebox, Gladinet Triofox, and Microsoft Windows requiring immediate federal agency remediation. (Published on 12-Nov-2025, CISA Alerts). Read More

• 🇨🇳 CISA updates patching guidance after federal agencies incorrectly reported Cisco ASA and FTD devices as patched while still running vulnerable software versions. (Published on 13-Nov-2025, SecurityWeek). Read More

• 📱 Popular Uhale Android-based digital picture frames ship with critical vulnerabilities and some models automatically download and execute malware at boot time. (Published on 13-Nov-2025, BleepingComputer). Read More

• 🔓 Fortinet FortiWeb authentication bypass vulnerability actively exploited in the wild allows attackers to create admin accounts and completely compromise devices. (Published on 14-Nov-2025, The Hacker News). Read More

Supply Chain & Software Security S

oftware supply chains faced mounting threats as malicious actors targeted developer ecosystems and cloud platforms with sophisticated phishing infrastructure.

• 📊 OWASP’s new Top 10 list highlights supply chain risks as second place priority while security misconfiguration jumped up and injection vulnerabilities dropped. (Published on 10-Nov-2025, Dark Reading). Read More

• 📦 Massive spam campaign flooded npm registry with over 67,000 fake packages since early 2024 in systematic, financially motivated attack surviving nearly two years. (Published on 12-Nov-2025, The Hacker News). Read More

• ⚖️ Google filed lawsuit to dismantle “Lighthouse” Chinese phishing-as-a-service platform used for global SMS scams impersonating USPS and E-ZPass toll systems. (Published on 12-Nov-2025, BleepingComputer). Read More

Data Breaches & Credential Theft

Another massive credential database emerged on breach notification services, underscoring the persistent threat of compromised authentication data.

• 🔐 Have I Been Pwned added 1.96 billion accounts from Synthient credential dataset to its breach notification database for users to check exposure. (Published on 11-Nov-2025, Hackread). Read More

Espionage & Nation-State Activities

State-sponsored threat actors ramped up surveillance operations as leaked documents revealed extensive cyber weapons and intelligence collection capabilities.

• 🇨🇳 Massive leak at Chinese security firm Knownsec exposed 12,000 files revealing state-backed cyber weapons and spying operations targeting over 20 countries globally. (Published on 14-Nov-2025, Hackread). Read More

• 🎯 Iranian APT42 launched SpearSpecter espionage campaign targeting defense and government organizations of interest to Islamic Revolutionary Guard Corps since September 2025. (Published on 14-Nov-2025, The Hacker News). Read More

AI & Policy

Legal battles over AI training practices reached European courts with significant implications for copyright protection and machine learning development.

• ⚖️ German court ruled OpenAI’s ChatGPT violated copyright law by training language models on licensed musical works without proper authorization or compensation. (Published on 12-Nov-2025, TechCrunch). Read More

Insider Threats & Corporate Security

Corporate espionage concerns escalated as major chipmaker pursued legal action over massive theft of proprietary technical documentation.

• 🔒 Intel filed lawsuit seeking $250,000+ damages from ex-engineer accused of stealing 18,000 top secret files containing proprietary technical and business information. (Published on 10-Nov-2025, Hackread). Read More

Identity & Authentication

Enterprise passwordless adoption faces significant technical hurdles as legacy systems and operational technology create persistent authentication challenges.

• 🔑 Passwordless future stalls as 90% of organizations report adoption challenges due to coverage gaps, legacy systems, and poor user experiences. (Published on 10-Nov-2025, CSO Online). Read More

Microsoft Updates & Patches

Microsoft released emergency fixes addressing enrollment issues for Windows 10 users seeking extended security coverage beyond end-of-life.

• 🪟 Microsoft issued emergency out-of-band update fixing known issue preventing Windows 10 users from enrolling in Extended Security Updates program properly. (Published on 11-Nov-2025, BleepingComputer). Read More

• 🔧 Microsoft rushes fix for Windows 10 users abandoned after end-of-life who encountered problems accessing Extended Security Updates enrollment wizard. (Published on 12-Nov-2025, The Register). Read More

Industry Workforce & Training

Retail sector faces mounting pressure to develop cybersecurity talent pipelines as attack surfaces expand across commerce infrastructure.

• 👥 Retail organizations need dedicated cybersecurity talent incubators as sector remains particularly vulnerable to attacks requiring personnel-focused solutions over technology alone. (Published on 14-Nov-2025, CyberScoop). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!