Latest Internet & Cybersecurity News
659 Ransomware Attacks in November 2025 with Major Data Theft Increases
November 2025 saw 659 ransomware incidents worldwide, a slight decline but with drastically increased data theft. Notably, the Qilin and Akira groups led record exfiltrations, such as 31,200TB globally. Major breaches affected entities like University of Pennsylvania, The Washington Post, and corporate giants, with the Clop gang exploiting Oracle E-Business Suite zero-day CVE-2025-61882, exposing millions of records.
Oracle E-Business Suite Zero-Day Exploited by Clop Ransomware Gang
The Clop group exploited the critical Oracle vulnerability (CVE-2025-61882), leading to widespread data breaches including 1.2 million records at the University of Pennsylvania and financial data at The Washington Post. This zero-day attack forced urgent patching across affected Oracle versions 12.2.3 to 12.2.14.
Chinese State-Sponsored Actors Use BRICKSTORM Malware for Persistent Access
PRC-linked cyber threat actors maintained long-term access since April 2024 using the stealthy Go-based BRICKSTORM backdoor, compromising VMware systems and domain controllers. This activity was revealed following a CISA incident response engagement and highlights ongoing advanced persistent threat campaigns.
Rapid Exploitation of React2Shell Vulnerability (CVE-2025-55182) by Chinese Threat Groups
Shortly after Meta disclosed the React2Shell zero-day on December 3, Chinese state-nexus groups (Earth Lamia, Jackpot Panda) began active exploitation attempts impacting React Server Components and Next.js, prompting emergency patches and warnings from cybersecurity agencies including CISA.
Cloudflare Outage on December 5, 2025 Due to React2Shell Mitigation Efforts
Cloudflare suffered a ~25-minute outage affecting thousands of websites while implementing defensive configuration changes against React2Shell vulnerability. The unintended network strain caused 500 Internal Server Errors, marking Cloudflare's second major outage in under a month linked to complex security patching.
Trend Micro Predicts 2026 as the Year of AI-Driven, Scaled, and Emotion-Engineered Scams
A new report warns that in 2026, scam operations will increasingly leverage AI for voice cloning, deepfake media, and automated multi-channel fraud, creating highly realistic and convincing scams that challenge traditional detection methods. Tools like Trend Micro’s ScamCheck aim to help consumers combat these sophisticated threats.
Barts Health NHS Confirms Clop Ransomware Breach via Oracle Vulnerability
Barts Health NHS disclosed a data breach caused by Clop ransomware exploiting an Oracle flaw, resulting in invoice data exposure. Patient records and clinical systems reportedly remained unaffected, but the attack underscores ongoing risks to healthcare organizations from sophisticated ransomware groups.
Record Global Ransomware Impact in November 2025 with 754 Victims Across 73 Countries
Data Breaches Digest reports 754 ransomware victims globally in November 2025, including 396 in the U.S. spanning 49 states. Fifty-seven ransomware operators were active, with four new groups (Benzona, Kazu, ROOT, TridentLocker) emerging. This sustained high volume highlights relentless threat actor activity despite increasing defenses.
New Android Malware FvncBot Targets Banking Users via Keystroke Capture
Security researchers identified FvncBot, a new Android malware strain focusing on mobile banking, capable of capturing keystrokes and delivering credential theft. This threat exemplifies growing mobile financial sector targeting by cybercriminals leveraging advanced malware capabilities.
Recent U.S. Power Grid Cyberattack Highlights Critical Infrastructure Vulnerabilities
A December 2025 House hearing detailed a significant cyberattack on the U.S. power grid, intensifying concerns over foreign state cyber operations targeting critical infrastructure. Lawmakers emphasized the urgency to bolster cybersecurity resilience amidst evolving global threat landscapes.