Cybersecurity News | Daily Recap [12 Nov 2025]

hendryadrian.com

hendryadrian.com

Vulnerabilities & Patches

• Microsoft fixed 63 security flaws including an actively exploited Windows kernel zero-day as part of November Patch Tuesday – MS Patch, MS Patch, MS Patch, MS Patch
• Microsoft also released multiple out‑of‑band and cumulative updates including a Windows 10 ESU first update, an emergency ESU enrollment fix (KB5071959), and Windows 11 23H2 support changes – MS Updates, MS Updates, MS Updates, MS Updates, MS Updates
• Multiple vendors patched critical flaws: Intel fixed over 60 CPU issues, Adobe patched 29 bugs, Ivanti and Zoom addressed high-severity flaws, Synology fixed BeeStation zero-days, and SAP patched critical SQL Anywhere Monitor/Solution Manager flaws – Vendor Fixes, Vendor Fixes, Vendor Fixes, Vendor Fixes, Vendor Fixes
• Exploits in the wild: attackers abused a Triofox antivirus feature to deploy remote access tools and exploited Triofox, while threat actors also exploited Citrix and Cisco ISE zero-days and a Zoom Workplace local privilege escalation bug was reported – Triofox, Triofox, Citrix/Cisco, Zoom Flaw

Phishing & Social Engineering

• Scams and kits are proliferating: security-alert themed emails steal email logins, a new Quantum Route redirect phishing kit lowers the bar for attackers, and a campaign targets Meta Business Suite users – Email Scam, Quantum Kit, Meta Phish
• Credential theft via messaging grew as Telegram bots were used to siphon corporate logins in a new phishing campaign – Telegram Phish

Malware & Campaigns

• A Russian‑sold Android RAT called Fantasy Hub is being offered as MaaS and provides full-device espionage capabilities – Android RAT
• Qilin ransomware activity surged, increasingly targeting small businesses, while organisations like Synnovis are still notifying victims of breaches tied to prior ransomware incidents – Qilin Ransom, Synnovis Breach
• Infostealers and web loaders: the Rhadamanthys infostealer infrastructure was disrupted, while GootLoader returned using a new font trick to hide malware on WordPress sites – Rhadamanthys, GootLoader
• A new WhatsApp malware dubbed Maverick hijacks browser sessions to target Brazil’s largest banks, highlighting mobile-messaging financial fraud risks – Maverick

Policy & Infrastructure

• The UK moved to tighten cyber laws to strengthen critical infrastructure defenses as attacks threaten hospitals, energy and transport, and experts warn Active Directory weaknesses put critical services at risk – UK Laws, UK Laws, Active Directory

Espionage & Geopolitics

• North Korea actors reportedly abused Google Find Hub features as a remote‑wipe tool in targeted operations – Find Hub
• An accusation surfaced alleging a China cyberattack claim that implicates the US in a $13B Bitcoin theft, underscoring rising geopolitical cyber tensions – China Accusation

Research, Events & Industry

• $458,000 was paid out by Google at a live hacking event, while Synology fixes were highlighted at Pwn2Own and startups like Tenzai raised $75 million to build AI-powered pentesting platforms – Google Payout, Pwn2Own, Tenzai Funding
• Guidance and tools: a webinar on reducing attack surface exposure with DASR and a CISO guide to AI supply chain attacks were published, while Firefox rolled out protections that halve the number of trackable users – DASR Webinar, AI Supply Chain, Firefox Privacy

Cybersecurity News | Daily Recap – hendryadrian.com