Cybersecurity News | Daily Recap [18 Nov 2025]

hendryadrian.comhendryadrian.com

Browser Security

• Google released a Chrome 142 update that patches an actively exploited zero-day in the V8 engine after in-the-wild attacks were observed – Chrome Zero-day, Chrome Zero-day, Chrome Zero-day

APT Campaigns

• Multiple state-linked groups are active: Iran’s SpearSpecter used weeks-long WhatsApp lures and a fileless TAMECAT backdoor, Dragon Breath deployed RoningLoader with kernel/PPL abuse to disable Defender, and separate reporting flags alleged state-linked hacking from a Chinese tech firm leak – APT Campaigns, APT Campaigns, APT Campaigns

Ransomware & Breaches

• Ransomware and breaches continue to hit organizations: Everest claims millions of Under Armour users’ data; CL0P-linked activity exposed limited Logitech data; the Pennsylvania AG confirms stolen SSNs after an INC Ransom attack; Princeton’s donor/alumni database was briefly accessed; Jaguar Land Rover says the attack cost £680M; and research links Akira to over $244M in illicit proceeds – Everest Ransomware, Logitech Breach, Logitech Breach, Pennsylvania AG, Pennsylvania AG, Princeton Breach, Princeton Breach, Jaguar Loss, Akira Ransomware

Law Enforcement

• Dutch authorities seized about 250 servers from a bulletproof hosting service used for ransomware, botnets and phishing, disrupting criminal infrastructure – Dutch Seizure

Malware & Botnets

• Researchers uncovered the EVALUSION ClickFix campaign delivering the Amatera Stealer and NetSupport RAT via targeted social engineering – EVALUSION Campaign
• The Aisuru botnet (TurboMirai family) launched a record DDoS of 15.72 Tbps from over 500,000 IPs against Microsoft Azure, showing massive IoT-based amplification – Aisuru DDoS
• Botnet and server threats evolve: RondoDox now exploits an XWiki flaw to compromise servers – RondoDox Botnet
• Supply-chain abuse and NPM ecosystem poisoning intensify as criminals push > 150K+ junk packages to farm tokens and malicious NPM packages use Adspect redirects to evade detection – NPM Poisoning, NPM Poisoning

Vulnerabilities & Patches

• IBM AIX was disclosed to have three critical vulnerabilities — one rated a perfect 10 — and admins are urged to patch immediately – IBM AIX
• CISA ordered federal agencies to patch an actively exploited Fortinet FortiWeb bug (CVE2025-64446) within one week amid widespread exploitation – Fortinet Patch
• Microsoft released an OOB fix (KB5072653) to address ESU installation errors and is also working a separate fix for a bug blocking Microsoft 365 desktop app installs that impacted some users – Windows KB5072653, Microsoft 365 Install Bug
• CISA published an advisory for Mitsubishi Electric MELSEC iQ-F Series ICS products — operators should apply guidance now – MELSEC Advisory
• A patched DoorDash vulnerability allowed branded email spoofing until disclosure disputes were resolved, highlighting phishing risks from disclosure delays – DoorDash Spoofing

AI Security

• Research shows attacks such as EchoGram can break AI guardrails and Anthropic’s autonomous-AI incident findings provide key lessons for CISOs/CTOs/CFOs on defending AI systems – AI Guardrails, Anthropic Lessons

Research & Insights

• Security researcher Kamel Ghali discusses what is “theoretically possible” in car hacking and the evolving automotive threat landscape – Car Hacking

Government Attacks

• A massive cyberattack defaced Kenyan ministry sites with racist messages, disrupting government services and public-facing portals in Kenya – Kenya Attack

Cybersecurity News | Daily Recap – hendryadrian.com