Penn Breach Exposes 1.2M Records; Critical Android Zero-Click &amp; Chinese APTs Target Zero-Days

University of Pennsylvania Hit by Major Data Breach; Hacker Claims Access to 1.2 Million Donor and Alumni Records

A threat actor has claimed responsibility for a massive data breach at the University of Pennsylvania, asserting they have stolen the personal and financial data of 1.2 million donors and alumni. The breach was first revealed after offensive emails were sent from a university system hosted on Salesforce Marketing Cloud. The attacker claims to have gained initial access via a compromised employee single sign-on (SSO) account, which provided a gateway to sensitive platforms including Salesforce, Qlik, SAP, and SharePoint. Data samples, including highly sensitive demographic and financial information, were shared to substantiate the claims, highlighting severe security lapses at the institution.

Data BreachHigher EducationSSOPIISalesforce +2 more

6 min read

Data Breach

Cyberattack

Threat Intelligence

Polish Government Confirms "Very Serious" Data Breach at SuperGrosz Loan Platform

Major Data Breach at Polish Loan Company SuperGrosz Exposes Sensitive Personal and Financial Data

Polish authorities, led by the Deputy Prime Minister, have confirmed a "very serious" data breach at the online loan platform SuperGrosz. The attack resulted in the theft of a vast repository of sensitive customer information, including full names, national identification (PESEL) numbers, ID card details, bank account numbers, and detailed employment information. Poland's national cybersecurity teams have launched a full investigation, and the government has issued a public warning urging affected customers to take immediate security measures to prevent identity theft, such as blocking their PESEL numbers.

Data BreachPolandFinancePESELIdentity Theft +1 more

5 min read

Data Breach

Cyberattack

Regulatory

Google Patches Critical Zero-Click RCE Flaw in Android; Millions of Devices at Risk

CRITICAL

Google Addresses Critical Zero-Click RCE Vulnerability (CVE-2025-48593) in November 2025 Android Security Update

Google's November 2025 Android Security Bulletin includes a patch for a critical zero-click remote code execution (RCE) vulnerability, tracked as CVE-2025-48593. The flaw, residing in the Android System component, affects Android versions 13, 14, 15, and 16, and allows remote attackers to compromise a device without any user interaction. Due to its severity and zero-click nature, the vulnerability poses a severe risk to users. The update also addresses a high-severity privilege escalation flaw, CVE-2025-48581. Users are urged to install the update as soon as it becomes available.

AndroidVulnerabilityZero-ClickRCECVE-2025-48593 +2 more

Google Patches Critical Zero-Click RCE Flaw in Android; Millions of Devices at Risk

Mobile Security

"SleepyDuck" RAT Emerges in Open VSX Marketplace via Malicious Update

SleepyDuck RAT Discovered in Open VSX Marketplace Using Ethereum Smart Contract for C2

A new remote access trojan (RAT) named "SleepyDuck" has been discovered in the Open VSX marketplace, a popular repository for IDE extensions. A seemingly benign developer extension, 'juan-bianco.solidity-vlang', was updated on November 1, 2025, to include the malware after it had already been downloaded thousands of times. SleepyDuck activates when a user opens a new editor window or a Solidity file. In a sophisticated twist, the malware uses an Ethereum smart contract for a resilient and dynamic command-and-control (C2) infrastructure, allowing it to fetch updated C2 server addresses from the blockchain.

SleepyDuckRATSupply Chain AttackOpen VSXEthereum +3 more

5 min read

"SleepyDuck" RAT Emerges in Open VSX Marketplace via Malicious Update

Malware

Supply Chain Attack

Threat Intelligence

Samsung's November Security Update Patches 45 Vulnerabilities, Including Critical Android Flaws

Samsung Rolls Out November 2025 Security Patch, Addressing 45 Vulnerabilities in Galaxy Devices

Samsung has released its November 2025 security maintenance release, delivering patches for 45 vulnerabilities affecting its Galaxy smartphones and tablets. The update incorporates Google's latest Android patches, including a fix for the critical zero-click RCE vulnerability CVE-2025-48593. Additionally, the release addresses 9 Samsung-specific vulnerabilities (SVEs), including high-severity flaws in the fingerprint trustlet and image codec library, as well as 11 security issues in its Exynos chipsets. Users are advised to install the update promptly.

SamsungPatch ManagementAndroidVulnerabilityGalaxy +1 more

Samsung's November Security Update Patches 45 Vulnerabilities, Including Critical Android Flaws

Mobile Security

openSUSE Patches Moderate-Severity Flaws in X.Org Server

MEDIUM

openSUSE Releases Security Update for X.Org Server Vulnerabilities in Tumbleweed

The openSUSE project released a security advisory on November 1, 2025, to address three moderate-severity vulnerabilities in the xorg-x11-server package for its Tumbleweed distribution. The flaws could lead to out-of-bounds memory access, potentially resulting in denial-of-service via server crashes or, in some cases, privilege escalation. Users of openSUSE Tumbleweed are advised to apply the update to mitigate the risks.

openSUSETumbleweedLinuxVulnerabilityX.Org +1 more

3 min read

openSUSE Patches Moderate-Severity Flaws in X.Org Server

T-Mobile Enters Credit Card Market with Capital One, Raising Data Security Questions

INFORMATIONAL

T-Mobile Partners with Capital One to Launch New Credit Card, Expanding into Financial Services

T-Mobile announced its entry into the financial services sector with the launch of its first-ever credit card, created in partnership with banking giant Capital One. This strategic move will leverage T-Mobile's vast customer base and Capital One's financial infrastructure. The partnership introduces significant cybersecurity and data privacy considerations, as it creates a new, complex data environment merging telecommunications and financial information. Both companies have histories of data breaches, making robust security and compliance with regulations like PCI DSS critical for the new venture's success.

T-MobileCapital OneFinancial ServicesData PrivacyPCI DSS +1 more

T-Mobile Enters Credit Card Market with Capital One, Raising Data Security Questions

Policy and Compliance

Regulatory

Updated Articles (1)

CISA Adds Actively Exploited Motex LANSCOPE RCE Flaw to KEV Catalog

CRITICAL

CISA Adds Critical Motex LANSCOPE Endpoint Manager Vulnerability (CVE-2025-61932) to KEV Catalog Amid Active Exploitation

Update:

New intelligence attributes the active exploitation of CVE-2025-61932 to the China-linked 'Bronze Butler' (Tick) APT group. Researchers confirm the group exploited this vulnerability as a zero-day, initiating attacks in mid-2025, months before a patch was available. The APT deployed an updated 'Gokcpdoor' backdoor for data theft and remote control, utilizing tools like 'goddi' for credential dumping and 7-Zip for archiving. This attribution to a sophisticated nation-state actor significantly elevates the threat level and highlights the advanced nature of the ongoing campaign.

October 28, 2025

Updated: November 2, 2025

CISAKEVMotexLANSCOPEVulnerability +2 more

CISA Adds Actively Exploited Motex LANSCOPE RCE Flaw to KEV Catalog