Cisco Firewalls Under Siege by New DoS Attacks; AI Supercharges Ransomware Campaigns

Publication Date: November 7, 2025

Summary

In the period covering November 6-7, 2025, the cybersecurity landscape was dominated by new attack variants targeting critical Cisco firewall vulnerabilities, causing persistent denial-of-service conditions. Concurrently, reports emerged detailing how threat actors are leveraging AI to drastically shorten ransomware attack timelines, with Europe becoming a primary target. Other major developments include a sophisticated global phishing campaign against Booking.com users, the discovery of Android spyware delivered via a Samsung zero-day, and a record-breaking month for software supply chain attacks driven by ransomware groups like Qilin and Akira.

Today New Articles

Massive 'I Paid Twice' Phishing Scheme Defrauds Booking.com Hotels and Guests

A sophisticated global phishing campaign named 'I Paid Twice' is targeting hotels on Booking.com and Expedia, compromising their administrative accounts to defraud guests. Since at least April 2025, attackers have been using social engineering and the PureRAT...

Samsung Zero-Day Exploited in the Wild to Install 'LANDFALL' Android Spyware

A now-patched zero-day vulnerability, CVE-2025-21042, in Samsung Galaxy devices was actively exploited to install a commercial-grade Android spyware known as LANDFALL. Researchers from Palo Alto Networks' Unit 42 discovered that attackers sent malicious DNG im...

State-Backed Hacking Escalates: Russia Targets Ukraine, China Eyes Latin America

A new report from ESET reveals a significant escalation in cyber operations by state-sponsored threat groups from Russia and China between April and September 2025. Russia-aligned groups, notably Sandworm, have accelerated destructive wiper malware attacks aga...

Patient Sabotage: Malicious NuGet Packages with Time-Delayed ICS Payloads Discovered

Security researchers have discovered nine malicious packages on the NuGet repository, downloaded over 9,400 times, containing hidden, time-delayed sabotage code. One package, 'Sharp7Extend,' was specifically designed to corrupt write operations in industrial c...

Software Supply Chain Attacks Skyrocket to Record High, Driven by Ransomware Gangs

Software supply chain attacks reached an all-time high in October 2025, with 41 claimed incidents, according to a new report from Cyble. This figure is over 30% higher than the previous monthly record. Ransomware groups, particularly Qilin and Akira, are ident...

Amazon Patches High-Severity Flaw in WorkSpaces Linux Client

Amazon Web Services (AWS) has patched a high-severity vulnerability, CVE-2025-12779, in its WorkSpaces client for Linux. The flaw, rated 8.8 CVSS, could allow a local attacker on a shared computer to extract another user's authentication token and gain unautho...

Article Updates

CISA Adds Actively Exploited Control Web Panel RCE Flaw to KEV

Update:New information clarifies that CVE-2025-48703 in Control Web Panel (CWP) allows unauthenticated remote code execution with root privileges, a higher impact than previously detailed. The prerequisite for exploitation is knowing any valid username, including 'ro...