Daily Digest

Critical Infrastructure Under Fire: CISA Warns of Major ICS Flaws, State-Sponsor Breaches F5 BIG-IP

Critical Infrastructure Under Fire: CISA Warns of Major ICS Flaws, State-Sponsor Breaches F5 BIG-IP

November 5, 2025
6 articles (5 new, 1 updated)
18 min read

Summary

This cybersecurity brief for November 5, 2025, covers a series of high-stakes threats targeting critical infrastructure and enterprise security. CISA has disclosed severe vulnerabilities in industrial control systems from five vendors, while a state-sponsored actor has breached F5, compromising its BIG-IP source code and creating a significant supply chain risk. Other major developments include the evolution of the DragonForce ransomware group into a 'cartel' with ties to Scattered Spider, the indictment of cybersecurity insiders for deploying BlackCat ransomware, and a massive data breach at a Swedish IT firm exposing 1.5 million individuals' data. These events underscore the growing threats to OT environments, the sophistication of ransomware actors, and the persistent danger of insider threats and cloud misconfigurations.

Filter by Category

New Articles (5)

CISA Warns of Critical ICS Flaws in Fuji, Delta, and Radiometrics Systems

CRITICAL

CISA Issues Advisories for Critical Vulnerabilities in Industrial Control Systems from Five Major Vendors

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released five advisories detailing critical vulnerabilities in Industrial Control Systems (ICS) from Fuji Electric, Survision, Delta Electronics, Radiometrics, and IDIS. The flaws, which include buffer overflows and authentication bypasses with CVSS scores up to 10.0, could allow remote code execution and severe disruption of critical infrastructure in sectors like manufacturing, energy, and aviation. CISA is urging immediate review and mitigation, as successful exploitation could lead to loss of control over industrial processes and, in some cases, create hazardous physical conditions.

November 5, 2025
5 min read
ICSOTSCADACISABuffer Overflow +2 more
CISA Warns of Critical ICS Flaws in Fuji, Delta, and Radiometrics Systems
Industrial Control Systems
Vulnerability
Patch Management

CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog

CRITICAL

CISA Adds Two Actively Exploited Vulnerabilities in Gladinet and Control Web Panel to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming they are under active attack. The flaws include an information disclosure bug in Gladinet CentreStack/Triofox (CVE-2025-11371) and an OS command injection vulnerability in CWP Control Web Panel (CVE-2025-48703). Under Binding Operational Directive (BOD) 22-01, federal agencies are mandated to patch these vulnerabilities by a specified deadline, and CISA strongly urges all organizations to prioritize remediation to defend against these active threats.

November 5, 2025
4 min read
CISAKEVBOD 22-01Command InjectionInformation Disclosure +2 more
CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog
Vulnerability
Patch Management
Threat Intelligence

Swedish IT Firm Breach Exposes Data of 1.5 Million, Sparks GDPR Probe

HIGH

Miljödata Breach in Sweden Compromises 1.5 Million Individuals; GDPR Investigation Launched

The Swedish IT services firm Miljödata has suffered a severe data breach, exposing the personal and potentially sensitive information of over 1.5 million people. The incident, which occurred in late August, resulted in the stolen data being published on the darknet. In response, the Swedish Data Protection Authority (IMY) has launched a major investigation under the General Data Protection Regulation (GDPR), targeting both Miljödata and several of its public sector clients, including the City of Gothenburg and Region Västmanland.

November 5, 2025
4 min read
Data BreachGDPRSwedenIMYSupply Chain Attack +1 more
Swedish IT Firm Breach Exposes Data of 1.5 Million, Sparks GDPR Probe
Data Breach
Regulatory
Policy and Compliance

Identity is the New Perimeter: Stolen Credentials and Over-Privileged Accounts Drive Cloud Breaches

INFORMATIONAL

Industry Reports from AWS and ReliaQuest Highlight Stolen Credentials and Over-Privileged Identities as Top Cloud Threats

A consensus is forming across the cybersecurity industry: identity is the new security perimeter in the cloud. New reports from ReliaQuest and Amazon Web Services (AWS) reveal that identity-based attacks are the leading driver of cloud security incidents. Key findings show that compromised credentials caused 20% of breaches, while a staggering 99% of cloud identities are 'over-privileged,' possessing excessive permissions. Experts are urging a strategic shift away from network-centric security and towards a 'zero standing privileges' model, where access is granted on a temporary, as-needed basis to mitigate this massive attack surface.

November 5, 2025
3 min read
Cloud SecurityIdentity and Access ManagementIAMZero TrustCIEM +3 more
Identity is the New Perimeter: Stolen Credentials and Over-Privileged Accounts Drive Cloud Breaches
Cloud Security
Security Operations
Policy and Compliance

Hackers Claim Breach and Full Database Theft from Russian Nuclear Waste Facility 'Radon'

HIGH

Threat Actor Claims Breach of Rosatom's Radon Nuclear Waste Facility, Exfiltrating Database

A threat actor has posted on a data leak forum claiming to have breached Radon, a Russian state-owned enterprise responsible for nuclear waste management and operated by the nuclear giant Rosatom. The attackers allege they have stolen the company's entire database, which reportedly includes sensitive test statistics, user IDs, and the personal information of employees. Security experts warn that if the claim is legitimate, the breach poses a severe risk, as the data could be used to forge safety documents, endanger physical safety, or launch sophisticated spear-phishing campaigns against Russia's critical nuclear infrastructure.

November 5, 2025
4 min read
Data BreachCyberattackNuclearRadonRosatom +3 more
Hackers Claim Breach and Full Database Theft from Russian Nuclear Waste Facility 'Radon'
Cyberattack
Data Breach
Industrial Control Systems

Updated Articles (1)

F5 Hacked by Nation-State Actor; BIG-IP Source Code Stolen

CRITICAL

F5 Networks Discloses Major Security Breach by Suspected Chinese Espionage Group; BIG-IP Source Code Stolen

Update:

New information reveals the F5 BIG-IP breach by UNC5221 also compromised some customer data and is now confirmed as a supply chain attack, contradicting earlier reports. This significantly escalates the threat, particularly for critical infrastructure sectors, due to the potential for malicious code injection, theft of private signing keys, and insights into customer architectures. The incident poses a major risk to IT/OT segmentation, potentially enabling disruption or sabotage of industrial processes.

October 17, 2025
Updated: November 5, 2025
5 min read
F5Nation-StateSource CodeData BreachEspionage +4 more
F5 Hacked by Nation-State Actor; BIG-IP Source Code Stolen
Supply Chain Attack
Data Breach
Threat Actor

📢 Share This Publication

Help others stay informed about cybersecurity threats