Daily Digest

AI-Powered Malware Emerges as Critical Zero-Click Flaw Hits Billions of Android Devices

November 6, 2025

7 articles (6 new, 1 updated)

21 min read

Summary

This cybersecurity brief for November 6, 2025, covers a landmark shift in the threat landscape with Google's discovery of AI-powered malware like PROMPTFLUX, which uses LLMs to mutate its own code. Concurrently, a critical zero-click RCE vulnerability (CVE-2025-48593) was disclosed for Android versions 13-16, posing a severe risk to billions of users. Other major incidents include the Qilin ransomware gang's claimed breach of Habib Bank AG Zurich, a cyberattack on the U.S. Congressional Budget Office, and a supply chain attack by Cl0p impacting The Washington Post via an Oracle zero-day.

Filter by Category

New Articles (6)

U.S. Congressional Budget Office Breached by Suspected Foreign Actor

HIGH

U.S. Congressional Budget Office Confirms Cyberattack; Sensitive Legislative and Economic Data Potentially Exposed

The U.S. Congressional Budget Office (CBO), the nonpartisan agency that provides economic analysis to Congress, confirmed on November 6, 2025, that it suffered a significant cybersecurity breach. The attack is suspected to be the work of a foreign government, raising concerns about espionage and the potential exposure of sensitive, pre-decisional information. Data at risk includes confidential communications between lawmakers and CBO analysts, as well as early drafts of legislative cost analyses. The CBO has taken steps to contain the incident and is investigating the full scope of the compromise.

November 6, 2025

6 min read

GovernmentData BreachCyberattackEspionageNation-State +1 more

U.S. Congressional Budget Office Breached by Suspected Foreign Actor

Cisco Warns of New DoS Attacks Actively Exploiting Firewall Flaws

CRITICAL

Cisco Issues Warning on New Attack Variant Targeting Secure Firewall ASA and FTD Devices via CVE-2025-20333 and CVE-2025-20362

Cisco has issued an urgent warning about a new attack variant actively targeting its Secure Firewall products. Threat actors are chaining two previously disclosed vulnerabilities, CVE-2025-20333 and CVE-2025-20362, to cause a denial-of-service (DoS) condition on unpatched Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) devices. These same flaws were exploited as zero-days in September 2025 and are listed in CISA's KEV catalog. Cisco strongly recommends that all customers immediately upgrade to patched software versions to prevent network outages and potential device compromise.

November 6, 2025

5 min read

CiscoFirewallDoSVulnerabilityCVE-2025-20333 +3 more

Cisco Warns of New DoS Attacks Actively Exploiting Firewall Flaws

Critical SQL Injection Flaw in Django Framework Puts Web Apps at Risk

CRITICAL

Django Patches Critical SQL Injection Vulnerability (CVE-2025-64459) with 9.1 CVSS Score

The Django project has released urgent security updates to patch a critical SQL injection vulnerability, CVE-2025-64459, rated 9.1 on the CVSS scale. The flaw affects Django versions 4.2, 5.1, 5.2, and the 6.0 beta. It allows an attacker to manipulate database queries by passing a specially crafted dictionary to certain ORM methods, potentially leading to unauthorized data access, modification, or authentication bypass. Due to the widespread use of Django and the low complexity of the attack, developers are strongly urged to upgrade to the patched versions (4.2.26, 5.1.14, 5.2.8) immediately.

November 6, 2025

5 min read

DjangoSQL InjectionVulnerabilityCVE-2025-64459Python +2 more

Critical SQL Injection Flaw in Django Framework Puts Web Apps at Risk

Washington Post Confirms Breach in Cl0p's Oracle Supply Chain Attack

HIGH

The Washington Post Acknowledges Impact from Cl0p Ransomware Campaign Exploiting Oracle E-Business Suite Zero-Day

The Washington Post confirmed on November 6, 2025, that it was a victim of the widespread supply chain attack orchestrated by the Cl0p ransomware gang. The attack exploited a zero-day vulnerability in Oracle's E-Business Suite (EBS), a widely used enterprise software platform. This confirmation came after Cl0p added the newspaper to its dark web leak site, a classic extortion tactic. The incident highlights the significant risk of supply chain attacks, where a single vulnerability in a trusted third-party vendor's software can lead to the compromise of hundreds of high-profile organizations.

November 6, 2025

6 min read

Cl0pRansomwareSupply Chain AttackOracleZero-Day +2 more

Washington Post Confirms Breach in Cl0p's Oracle Supply Chain Attack

Zscaler: 239 Malicious Apps on Google Play Downloaded 42 Million Times

MEDIUM

Zscaler ThreatLabz 2025 Report Reveals 67% Surge in Android Malware and Rise in OT Attacks

A new report from Zscaler's ThreatLabz, published November 5, 2025, reveals a dramatic 67% year-over-year increase in Android malware. Researchers identified 239 malicious applications that successfully bypassed Google Play Store security, amassing a collective 42 million downloads before being removed. These apps often masqueraded as legitimate productivity 'Tools' to trick users. The report also highlights a dangerous trend in attacks against critical infrastructure, with the energy sector seeing a 387% surge in IoT/OT attacks, and significant increases in transportation and healthcare as well.

November 6, 2025

6 min read

AndroidMalwareGoogle PlayThreat IntelligenceZscaler +2 more

Zscaler: 239 Malicious Apps on Google Play Downloaded 42 Million Times

Hackers Hijack Logistics Systems to Orchestrate Physical Cargo Heists

HIGH

Reports Detail Rise in Cyber-Enabled Cargo Theft via Compromise of Freight and Logistics Companies

A new and growing form of hybrid crime is targeting the supply chain, where cybercriminals infiltrate freight and logistics companies to facilitate physical cargo theft. According to recent reports, threat actors compromise carrier systems, often using legitimate Remote Monitoring and Management (RMM) tools like ScreenConnect. Once inside, they manipulate digital 'load boards' to bid on and win real shipments. They then reroute the cargo to a location controlled by organized crime partners, leading to the theft of entire truckloads of goods. This trend highlights a critical vulnerability where the digital transformation of the logistics industry is being exploited to cause billions in real-world losses.

November 6, 2025

6 min read

Cargo TheftLogisticsSupply ChainCyberattackRMM +1 more

Hackers Hijack Logistics Systems to Orchestrate Physical Cargo Heists

Updated Articles (1)

CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog

CRITICAL

CISA Adds Two Actively Exploited Vulnerabilities in Gladinet and Control Web Panel to KEV Catalog

Update:

Further analysis of CVE-2025-48703 in Control Web Panel reveals specific exploitation details. The OS command injection occurs in the file manager's `changePerm` endpoint via the `t_total` parameter. An authentication bypass is possible by knowing a valid non-root username. This allows remote code execution (RCE) on vulnerable servers. CISA has set a firm deadline of November 25, 2025, for federal agencies to patch CWP versions prior to `0.9.8.1205`.

November 5, 2025

Updated: November 6, 2025

4 min read

CISAKEVBOD 22-01Command InjectionInformation Disclosure +2 more

CISA Adds Actively Exploited Gladinet and CWP Flaws to KEV Catalog

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.