Cybersecurity News | Daily Recap [25 Nov 2025]

Daily Recap, multiple critical disclosures dominated today’s cybersecurity briefing, including CVE-2025-65998 in Apache Syncope that risks stored passwords and urgent patches for affected deployments, and Fluent Bit RCE flaws that could enable stealthy cloud intrusions if unpatched. The roundup also highlights campaigns and advisories—from the Oracle KEV exploitation impacting vendors including a Canon subsidiary and the Shai-Hulud npm supply-chain campaign to hundreds of packages, the SitusAMC breach exposing client data, Dartmouth College’s Clop extortion breach, and Almaviva’s data leak involving Ferrovie dello Stato—plus ToddyCat’s Outlook token harvesting and Autumn Dragon’s WinRAR-based backdoor, along with IC3 impersonation scams, ClickFix, Festo MSE6 ICS advisories, and ICO enforcement concerns.
#Syncope #FluentBit #Oracle #Canon #ShaiHulud #NPM #SitusAMC #DartmouthCollege #Clop #Almaviva #FerrovieDelloStato #ToddyCat #AutumnDragon #IC3 #ClickFix #Festo #ICO

Vulnerabilities & Exploits

• Newly disclosed CVE-2025-65998 in Apache Syncope risks stored passwords and requires urgent patching – Syncope CVE
• Multiple flaws in Fluent Bit allow RCE and stealthy cloud infrastructure intrusions if left unpatched – Fluent Bit

Oracle Incidents

• Exploitation of recent Oracle Identity Manager/EBS flaws has been confirmed by CISA, impacting vendors including a Canon subsidiary and prompting KEV catalog action – Canon Hit, Oracle KEV, Oracle Exploit

Supply Chain & NPM Attacks

• The Shai-Hulud supply-chain campaign has poisoned hundreds of npm packages (reports cite ~500–640 packages) with malicious code, affecting projects with over 100+ million cumulative downloads – Shai-Hulud, Shai-Hulud Scale

Blender & StealC Malware

• Attackers are hijacking Blender 3D assets and model files to deliver the StealC V2 infostealer, exfiltrating user data from targeted artists and pipelines – Blender Hijack, StealC Delivery

Data Breaches & Extortion

• Real-estate finance firm SitusAMC suffered a breach exposing client data, is under investigation, and has impacted major US banks — incident details and fallout continue to emerge – SitusAMC Breach, Banks Impacted, SitusAMC Impact
• Dartmouth College confirms a data breach tied to Clop extortion, with stolen records under review by the institution – Dartmouth Breach
• A massive data leak from an Almaviva breach exposed customer records of Italian railway operator Ferrovie dello Stato in Italy—investigations continue – Ferrovie Leak

Threat Actors & Tools

• New tooling from ToddyCat is harvesting Outlook emails and Microsoft 365 access tokens to enable account takeover and data theft campaigns – ToddyCat Tools
• China‑nexus APT Autumn Dragon exploited a WinRAR flaw to deploy a Telegram C2 backdoor for stealthy intrusions – Autumn Dragon

Social Engineering & Scams

• The FBI/IC3 warns of a surge in impersonation scams targeting individuals and organizations, increasing fraud and credential theft risks – IC3 Scams
• The ClickFix campaign uses a fake Windows Update screen to trick users into installing malware, highlighting UI‑spoofing risks – ClickFix Scam

DevSec & Data Leakage

• Code-formatters have accidentally exposed thousands of secrets from banks, government, and tech organizations, amplifying supply-chain and credential risks – Formatters Leak
• ASEC publishes an analysis of malicious apps using advanced detection-evasion techniques to bypass mobile and endpoint defenses—recommended for defenders and app stores – ASEC Report

Security Operations

• Three key SOC challenges—detection coverage, automation, and analyst burnout—must be solved before 2026 to maintain resilient incident response and threat hunting – SOC Challenges

Alerts & Advisories

• CISA added a newly known exploited vulnerability to its catalog—organizations should prioritize mitigation and patching per the alert – CISA KEV
• CISA issued an ICS advisory for Festo MSE6 devices (CVE-2023-3634) warning of remote exploitation of hidden functions and recommending network isolation and secure remote access controls – Festo ICS

Policy & Regulation

• A rights coalition warns the UK privacy regulator (ICO) has seen a ‘collapse in enforcement activity’, raising concerns about data protection oversight in the UK – ICO Collapse

Cybersecurity News | Daily Recap – hendryadrian.com