Daily Digest

Clop Ransomware Breaches Washington Post; Critical Flaws Found in Docker, QNAP, and AI Models

Clop Ransomware Breaches Washington Post; Critical Flaws Found in Docker, QNAP, and AI Models

November 9, 2025
7 articles (5 new, 2 updated)
21 min read

Summary

This cybersecurity brief for November 9, 2025, covers a series of high-impact events. The Clop ransomware group has been confirmed as the perpetrator behind a major breach at The Washington Post, exploiting Oracle E-Business Suite vulnerabilities in a campaign affecting over 100 organizations. Concurrently, Microsoft revealed a novel 'Whisper Leak' side-channel attack capable of inferring AI chat topics from encrypted traffic. Critical vulnerabilities have also emerged, with the GlassWorm malware resurfacing in the VSCode marketplace, QNAP patching seven zero-days from Pwn2Own, and newly disclosed flaws in the runC container runtime threatening Docker and Kubernetes environments. These incidents highlight escalating threats across enterprise software, AI platforms, and cloud infrastructure.

Filter by Category

New Articles (5)

Washington Post Breached by Clop Ransomware via Oracle Flaws

HIGH

Washington Post Confirms Breach in Widespread Clop Ransomware Campaign Targeting Oracle E-Business Suite

The Washington Post has officially confirmed it was a victim of a large-scale cyberattack orchestrated by the Clop ransomware group. The threat actors exploited vulnerabilities in Oracle's E-Business Suite, compromising over 100 organizations globally. The campaign involves data exfiltration followed by aggressive extortion tactics, with Clop publicly naming victims on its dark web leak site to pressure them into paying ransoms reportedly as high as $50 million. This incident underscores the significant risk posed by vulnerabilities in widely used enterprise software and the sophisticated, multi-faceted extortion methods employed by modern ransomware gangs.

November 9, 2025
6 min read
ClopRansomwareOracleE-Business SuiteData Breach +2 more
Washington Post Breached by Clop Ransomware via Oracle Flaws

Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats

MEDIUM

Microsoft Unveils 'Whisper Leak' Side-Channel Attack Capable of Identifying AI Chat Topics in Encrypted Traffic

Microsoft researchers have discovered a novel side-channel attack method named 'Whisper Leak' that undermines the privacy of encrypted AI chatbot conversations. By analyzing the size and timing of encrypted data packets from streaming Large Language Models (LLMs), a passive network observer can accurately infer the topic of a conversation. The proof-of-concept attack achieved over 98% accuracy against models from OpenAI, Mistral, xAI, and DeepSeek. While major AI providers have already implemented mitigations following a responsible disclosure, the finding exposes a fundamental privacy risk in the architecture of streaming LLMs, particularly for users in sensitive sectors like law and healthcare.

November 9, 2025
5 min read
Side-Channel AttackWhisper LeakAI SecurityLLMPrivacy +2 more
Microsoft 'Whisper Leak' Attack Can Spy on Encrypted AI Chats

Chinese-Made Electric Buses in Europe & Australia Pose Remote Shutdown Risk

HIGH

Cybersecurity Tests in Norway Reveal Chinese-Made Yutong Electric Buses Can Be Remotely Disabled

Cybersecurity tests conducted in Norway on November 7, 2025, have uncovered a significant security risk in Chinese-manufactured Yutong electric buses, which are widely used across Europe and Australia. The 'Lion Cage' experiment demonstrated that the buses' connected systems could theoretically be accessed and disabled remotely by the manufacturer. The findings have triggered urgent security reviews by public transit authorities in multiple countries, highlighting the growing national security concerns surrounding internet-connected critical infrastructure and potential vulnerabilities in international supply chains.

November 9, 2025
5 min read
ICSCritical InfrastructureTransportationYutongSupply Chain Security +1 more
Chinese-Made Electric Buses in Europe & Australia Pose Remote Shutdown Risk

Philippines Lawmakers Push for National Cybersecurity Fund

INFORMATIONAL

Lawmakers in Philippines Propose Dedicated National Cybersecurity Risk Management and Mitigation Fund

In the Philippines, Representatives Migz and Luigi Villafuerte have introduced a proposal to create a 'Cybersecurity Risk Management and Mitigation Fund' (CRMMF). This dedicated national fund would provide the government with the necessary resources to prevent and respond to cyberattacks against both public and private sector entities. The proposal comes after recent DDoS attack attempts on local banks and designates 30% of the fund for rapid restoration of critical information infrastructure, signaling a strong political push to enhance the nation's cyber resilience.

November 9, 2025
4 min read
PhilippinesPolicyGovernmentCybersecurity FundCritical Infrastructure +1 more
Philippines Lawmakers Push for National Cybersecurity Fund

Critical Container Escape Flaws in runC Threaten Docker & Kubernetes

CRITICAL

Critical Vulnerabilities Disclosed in runC Container Runtime, Posing Container Escape Risk to Docker and Kubernetes Environments

A security alert issued on November 9, 2025, warns of three new critical vulnerabilities in runC, the low-level container runtime used by Docker, Kubernetes, and other major container platforms. The flaws could allow a malicious actor to execute a 'container escape,' breaking out of the isolated container environment to gain unauthorized access to the underlying host operating system. A successful container escape is a worst-case scenario in cloud-native security, as it would allow an attacker to compromise all other containers on the host. Administrators of all containerized environments are urged to monitor for and apply patches immediately.

November 9, 2025
5 min read
runCDockerKubernetesContainer EscapeVulnerability +2 more
Critical Container Escape Flaws in runC Threaten Docker & Kubernetes

Updated Articles (2)

Over 75% of Orgs Can't Keep Pace with AI-Powered Attacks, Survey Finds

INFORMATIONAL

CrowdStrike Survey: 76% of Organizations Lag Behind AI-Driven Cyberattacks, Revealing Critical 'Confidence Illusion'

Update:

A new Accenture report, 'State of Cybersecurity Resilience 2025,' reinforces findings that organizations are critically unprepared for AI-driven cyber threats. Surveying over 2,200 executives, it found 90% of firms are not equipped, with 63% in an 'Exposed Zone' of reactive defenses. The report highlights that 77% lack mature security practices for AI models and data pipelines, creating significant business risk and urging a shift to security by design and robust AI governance. This complements previous findings on the widening gap between AI-powered attacks and organizational defense capabilities.

October 22, 2025
Updated: November 9, 2025
5 min read
AIartificial intelligenceCrowdStrikeransomwarethreat landscape +1 more
Over 75% of Orgs Can't Keep Pace with AI-Powered Attacks, Survey Finds

Pwn2Own Day 1: Hackers Net $522K for 34 Zero-Days in SOHO Devices

HIGH

Pwn2Own Ireland 2025 Day 1 Sees Researchers Earn $522,500 for 34 Zero-Days Across Printers, NAS, and Routers

Update:

QNAP has issued critical security updates addressing seven zero-day vulnerabilities, including CVEs like CVE-2025-62847, that were demonstrated at Pwn2Own Ireland 2025. These flaws, ranging from buffer overflows to path traversals, allow unauthenticated remote code execution and full system takeover on QTS, QuTS hero, and applications like HBS 3 Hybrid Backup Sync. Users are urged to apply patches immediately as public disclosure increases exploitation risk. This update provides specific CVEs and affected software versions, detailing the remediation for a subset of the 34 zero-days initially reported.

October 22, 2025
Updated: November 9, 2025
5 min read
Pwn2Ownzero-dayvulnerabilityhackingIoT +2 more
Pwn2Own Day 1: Hackers Net $522K for 34 Zero-Days in SOHO Devices

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.