Daily Digest

AI-Powered Malware Emerges as Critical Zero-Click Flaw Hits Billions of Android Devices

AI-Powered Malware Emerges as Critical Zero-Click Flaw Hits Billions of Android Devices

November 6, 2025
7 articles (6 new, 1 updated)
21 min read

Summary

This cybersecurity brief for November 6, 2025, covers a landmark shift in the threat landscape with Google's discovery of AI-powered malware like PROMPTFLUX, which uses LLMs to mutate its own code. Concurrently, a critical zero-click RCE vulnerability (CVE-2025-48593) was disclosed for Android versions 13-16, posing a severe risk to billions of users. Other major incidents include the Qilin ransomware gang's claimed breach of Habib Bank AG Zurich, a cyberattack on the U.S. Congressional Budget Office, and a supply chain attack by Cl0p impacting The Washington Post via an Oracle zero-day.

Filter by Category

New Articles (6)

U.S. Congressional Budget Office Breached by Suspected Foreign Actor

HIGH

U.S. Congressional Budget Office Confirms Cyberattack; Sensitive Legislative and Economic Data Potentially Exposed

The U.S. Congressional Budget Office (CBO), the nonpartisan agency that provides economic analysis to Congress, confirmed on November 6, 2025, that it suffered a significant cybersecurity breach. The attack is suspected to be the work of a foreign government, raising concerns about espionage and the potential exposure of sensitive, pre-decisional information. Data at risk includes confidential communications between lawmakers and CBO analysts, as well as early drafts of legislative cost analyses. The CBO has taken steps to contain the incident and is investigating the full scope of the compromise.

November 6, 2025
6 min read
GovernmentData BreachCyberattackEspionageNation-State +1 more
U.S. Congressional Budget Office Breached by Suspected Foreign Actor
Data Breach
Cyberattack
Regulatory

Cisco Warns of New DoS Attacks Actively Exploiting Firewall Flaws

CRITICAL

Cisco Issues Warning on New Attack Variant Targeting Secure Firewall ASA and FTD Devices via CVE-2025-20333 and CVE-2025-20362

Cisco has issued an urgent warning about a new attack variant actively targeting its Secure Firewall products. Threat actors are chaining two previously disclosed vulnerabilities, CVE-2025-20333 and CVE-2025-20362, to cause a denial-of-service (DoS) condition on unpatched Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) devices. These same flaws were exploited as zero-days in September 2025 and are listed in CISA's KEV catalog. Cisco strongly recommends that all customers immediately upgrade to patched software versions to prevent network outages and potential device compromise.

November 6, 2025
5 min read
CiscoFirewallDoSVulnerabilityCVE-2025-20333 +3 more
Cisco Warns of New DoS Attacks Actively Exploiting Firewall Flaws
Vulnerability
Cyberattack
Patch Management

Critical SQL Injection Flaw in Django Framework Puts Web Apps at Risk

CRITICAL

Django Patches Critical SQL Injection Vulnerability (CVE-2025-64459) with 9.1 CVSS Score

The Django project has released urgent security updates to patch a critical SQL injection vulnerability, CVE-2025-64459, rated 9.1 on the CVSS scale. The flaw affects Django versions 4.2, 5.1, 5.2, and the 6.0 beta. It allows an attacker to manipulate database queries by passing a specially crafted dictionary to certain ORM methods, potentially leading to unauthorized data access, modification, or authentication bypass. Due to the widespread use of Django and the low complexity of the attack, developers are strongly urged to upgrade to the patched versions (4.2.26, 5.1.14, 5.2.8) immediately.

November 6, 2025
5 min read
DjangoSQL InjectionVulnerabilityCVE-2025-64459Python +2 more
Critical SQL Injection Flaw in Django Framework Puts Web Apps at Risk
Vulnerability
Patch Management
Threat Intelligence

Washington Post Confirms Breach in Cl0p's Oracle Supply Chain Attack

HIGH

The Washington Post Acknowledges Impact from Cl0p Ransomware Campaign Exploiting Oracle E-Business Suite Zero-Day

The Washington Post confirmed on November 6, 2025, that it was a victim of the widespread supply chain attack orchestrated by the Cl0p ransomware gang. The attack exploited a zero-day vulnerability in Oracle's E-Business Suite (EBS), a widely used enterprise software platform. This confirmation came after Cl0p added the newspaper to its dark web leak site, a classic extortion tactic. The incident highlights the significant risk of supply chain attacks, where a single vulnerability in a trusted third-party vendor's software can lead to the compromise of hundreds of high-profile organizations.

November 6, 2025
6 min read
Cl0pRansomwareSupply Chain AttackOracleZero-Day +2 more
Washington Post Confirms Breach in Cl0p's Oracle Supply Chain Attack
Supply Chain Attack
Ransomware
Data Breach

Zscaler: 239 Malicious Apps on Google Play Downloaded 42 Million Times

MEDIUM

Zscaler ThreatLabz 2025 Report Reveals 67% Surge in Android Malware and Rise in OT Attacks

A new report from Zscaler's ThreatLabz, published November 5, 2025, reveals a dramatic 67% year-over-year increase in Android malware. Researchers identified 239 malicious applications that successfully bypassed Google Play Store security, amassing a collective 42 million downloads before being removed. These apps often masqueraded as legitimate productivity 'Tools' to trick users. The report also highlights a dangerous trend in attacks against critical infrastructure, with the energy sector seeing a 387% surge in IoT/OT attacks, and significant increases in transportation and healthcare as well.

November 6, 2025
6 min read
AndroidMalwareGoogle PlayThreat IntelligenceZscaler +2 more
Zscaler: 239 Malicious Apps on Google Play Downloaded 42 Million Times
Threat Intelligence
Malware
Mobile Security

Hackers Hijack Logistics Systems to Orchestrate Physical Cargo Heists

HIGH

Reports Detail Rise in Cyber-Enabled Cargo Theft via Compromise of Freight and Logistics Companies

A new and growing form of hybrid crime is targeting the supply chain, where cybercriminals infiltrate freight and logistics companies to facilitate physical cargo theft. According to recent reports, threat actors compromise carrier systems, often using legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect. Once inside, they manipulate digital 'load boards' to bid on and win real shipments. They then reroute the cargo to a location controlled by organized crime partners, leading to the theft of entire truckloads of goods. This trend highlights a critical vulnerability where the digital transformation of the logistics industry is being exploited to cause billions in real-world losses.

November 6, 2025
6 min read
Cargo TheftLogisticsSupply ChainCyberattackRMM +1 more
Hackers Hijack Logistics Systems to Orchestrate Physical Cargo Heists
Cyberattack
Supply Chain Attack
Threat Intelligence

Updated Articles (1)

CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog

CRITICAL

CISA Adds Two Actively Exploited Vulnerabilities in Gladinet and Control Web Panel to KEV Catalog

Update:

Further analysis of CVE-2025-48703 in Control Web Panel reveals specific exploitation details. The OS command injection occurs in the file manager's `changePerm` endpoint via the `t_total` parameter. An authentication bypass is possible by knowing a valid non-root username. This allows remote code execution (RCE) on vulnerable servers. CISA has set a firm deadline of November 25, 2025, for federal agencies to patch CWP versions prior to `0.9.8.1205`.

November 5, 2025
Updated: November 6, 2025
4 min read
CISAKEVBOD 22-01Command InjectionInformation Disclosure +2 more
CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog
Vulnerability
Patch Management
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats