![Cybersecurity News | Daily Recap [19 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [19 Nov 2025]")
Daily Recap, Cloudflare faced a global outage due to an internal database permissions/configuration error, not a cyberattack, while Fortinetβs FortiWeb flaws prompted a 7-day patch window per CISA. The recap highlights multiple evolving threat vectors, including AI-assisted intrusions (Tuoni), phishing and MFA bypass, ransomware supply chain activity (ShinySp1d3r, PlushDaemon), and state-sponsored and politically sensitive cyber operations.
#Cloudflare #FortiWeb #Tuoni #Sneaky 2FA #DoorDash Incident #ShinySp1d3r #PlushDaemon #LG Ransomware #W3 Total Cache #WrtHug #ShadowRay #Pajemploi Breach #CCTV Hack #Airline Broker #Meta Bounties #Denmark DDoS #National Cyber Strategy
#Cloudflare #FortiWeb #Tuoni #Sneaky 2FA #DoorDash Incident #ShinySp1d3r #PlushDaemon #LG Ransomware #W3 Total Cache #WrtHug #ShadowRay #Pajemploi Breach #CCTV Hack #Airline Broker #Meta Bounties #Denmark DDoS #National Cyber Strategy
Cloud Outage
- Cloudflare suffered a global service disruption traced to an internal database permissions/configuration error β analysis shows it was not a cyberattack β Cloudflare Outage, Cloudflare Analysis, Cloudflare Not Attack, Cloudflare Hit
Fortinet Flaws
- FortiWeb vulnerabilities and a controversial silent patch have been linked to active exploitation, prompting CISA to tell agencies to apply fixes within 7 days β CISA 7 Days, FortiWeb CVE, FortiWeb Zero-Day, Silent Patch Concern
Tuoni Attacks
- The AI-augmented Tuoni C2 framework was used in an attempted intrusion against a major US real-estate firm, blending social engineering, steganography, and AI-driven code delivery β Tuoni Framework, Tuoni Research
Nation-state & APTs
- MI5 warns UK lawmakers that suspected Chinese intelligence operatives are using LinkedIn to target Parliament members for recruitment and espionage β MI5 Alert, MI5 Warns, MI5 LinkedIn
- Activity from state-linked APTs continues: Iran-linked UNC1549 targets aerospace via DLL hijacks and VDI breakouts, while a suspected Russian affiliate of Void Blizzard was arrested in Thailand β UNC1549, Void Blizzard Arrest
Ransomware & Supply Chain
- The new RaaS ShinySp1d3r from the ShinyHunters group and a wave of supply-chain attacks where PlushDaemon hijacked software updates highlight expanding ransomware and update-tampering threats β ShinySp1d3r, PlushDaemon
- An overseas facility of an LG battery subsidiary was hit by a ransomware attack targeting operations β company confirms incident β LG Ransomware
Phishing & MFA Bypass
- New phishing toolkits like Sneaky 2FA and the Tycoon platform increasingly bypass legacy MFA by mimicking browser UI elements and adding BitB pop-ups to harvest codes β Sneaky 2FA, Tycoon 2FA
- Major vendor incident: DoorDash confirmed a cybersecurity incident following a social-engineering attack on employees β DoorDash Incident
Product Security & Features
- Microsoft announced security enhancements across identity, defense, and compliance, plus plans to integrate Sysmon into Windows 11/Server 2025 to boost telemetry β Microsoft Enhancements, Sysmon Integration
- Microsoft also rolled out Windows 11 Cloud Rebuild and Point-in-Time Restore tools, and Teams will let users report messages wrongly flagged as threats β Windows 11 Tools, Teams Reporting
- Client and mail updates: Thunderbird added native support for Microsoft Exchange accounts β Thunderbird Exchange
Cloud & DevOps Security
- Researchers warn about hidden risks in DevOps stack data and cloud workloads, offering mitigation strategies for access control and compliance in production pipelines β DevOps Risks, Cloud Workloads Webinar
Web & CMS Vulnerabilities
- A critical W3 Total Cache flaw (CVE-2025-9501) endangers over 1,000,000 WordPress sites if unpatched β update or mitigate now β W3 Total Cache
Infrastructure & IoT
- The new WrtHug campaign has hijacked thousands of end-of-life ASUS routers to build botnets and persistence, underscoring risks from unsupported IoT gear β WrtHug Campaign
- ShadowRay attacks are converting Ray compute clusters into covert crypto miners, exploiting misconfigured or exposed cluster controls β ShadowRay Miners
Data Breaches & Privacy
- French childcare agency Pajemploi reported a breach exposing data of 1.2M people (no financial data affected) raising identity-theft concerns β Pajemploi Breach
- An attack exposed intimate footage from roughly 50,000 CCTVs in India, with sensitive hospital videos offered for sale online β CCTV Hack
- An airline data broker has agreed to stop selling individualsβ travel records to government agencies amid privacy scrutiny β Airline Broker
Crime & Crypto
- A California man pleaded guilty to laundering over $25M of funds tied to a $230M cryptocurrency heist that used social engineering, hacking, and layered blockchain laundering techniques β Crypto Laundering
Research & Bug Bounties
- Meta paid out $4M via its bug bounty program in 2025 and expanded WhatsApp security research with a new proxy tool to strengthen app protections β Meta Bounties, WhatsApp Research
Political Disruption
- A pro-Russian group claimed DDoS hits on Danish party websites as voters headed to the polls, disrupting political services β Denmark DDoS
Government & Policy
- The White House says the upcoming national cyber strategy will include efforts to shape adversary behavior alongside defensive measures β National Cyber Strategy
- The CBO director testified that hackers had been expelled from sensitive email systems after government-led remediation efforts β a sign of active incident response in federal networks β CBO Testimony