![Cybersecurity News | Daily Recap [22 Nov 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 Nov 2025]")
Daily Recap, Active exploitation of a critical Oracle Identity Manager RCE and a CVSS 10 Grafana SCIM flaw prompts urgent advisories, while a new Matrix Push C2 campaign uses browser notifications for cross-platform phishing and an Android Spy variant exfiltrates audio and encrypted messages. Patches from Nvidia and Microsoft fix gaming issues and the Windows 11 hotpatch install loop, Google adds AirDrop compatibility to Android Quick Share, and investigations cover Scattered Spider, insider activity at CrowdStrike, the SolarWinds dismissal, GridEx VIII, FCC rollback, APT31 hacks, and Flock Safety surveillance. #OracleOIM #GrafanaSCIM #MatrixPush #AndroidSpy #NVIDIA #Windows11 #QuickShare #GridExVIII #APT31 #FlockSafety #ScatteredSpider #CrowdStrikeInsider #SolarWinds #Oklahoma #Massachusetts #WhatsAppNSO #CISA
Vulnerabilities & Exploits
- CISA warns a critical Oracle Identity Manager RCE is being actively exploited as a suspected zero-day, prompting urgent advisories – Oracle OIM, Oracle OIM, Oracle OIM
- Grafana patched a CVSS 10.0 SCIM flaw that enabled admin impersonation and warned of a max‑severity admin-spoofing issue – Grafana SCIM, Grafana SCIM
Malware & Phishing
- New Matrix Push C2 campaign leverages browser notifications for fileless, cross‑platform phishing to execute commands and evade detection – Matrix Push
- An Android malware strain records encrypted messages and hijacks devices to exfiltrate audio and data from compromised phones – Android Spy
Vendor Patches & Features
- NVIDIA confirmed and fixed gaming issues caused by October Windows updates that affected GPU performance – Nvidia Fix
- Microsoft issued an out‑of‑band update to resolve a Windows 11 hotpatch install loop impacting some systems – Windows Fix
- Google added AirDrop compatibility to Android Quick Share using Rust‑hardened security components to improve file‑sharing security – Quick Share
Incidents, Investigations & Legal
- Alleged Scattered Spider teens pleaded not guilty in the UK over a high‑profile transport hack, with hearings ongoing – Scattered Spider, Scattered Spider
- CrowdStrike says it caught an insider feeding information to hackers, underscoring persistent insider threat risks – CrowdStrike Insider
- The SEC voluntarily dismissed the SolarWinds lawsuit, ending that regulatory action for now – SolarWinds Dismissal
- Local law enforcement agencies in Oklahoma and Massachusetts are responding to separate cyber incidents affecting regional services – Local Incidents
Policy, Infrastructure & Exercises
- Over 370 organizations participated in GridEx VIII to test and improve electric grid security and incident response capabilities – GridEx Exercise
- The FCC rolled back cybersecurity rules for telcos despite warnings about state‑sponsored hacking risks and industry concerns – FCC Rollback
Nation‑state & Surveillance
- A report links China-associated APT31 to hacks on Russian tech firms, highlighting ongoing nation‑state targeting in the region – APT31 Hacks
- A rights group found Flock Safety cameras were used to monitor protesters, raising privacy and surveillance concerns – Flock Safety
Roundup
- Short briefs: ATM jackpotting incidents, the ongoing WhatsApp‑NSO lawsuit, and CISA hiring among other items in a multi‑topic roundup – Other News