China's Cyber Arsenal Exposed in Massive Leak; Critical Flaws Threaten QNAP, Docker, and Kubernetes

Publication Date: November 10, 2025

Summary

This cybersecurity brief for November 10, 2025, covers a series of high-impact events. A catastrophic data breach at Chinese firm Knownsec has exposed state-sponsored hacking tools and global target lists. Concurrently, critical zero-day vulnerabilities are forcing urgent patches for QNAP NAS devices and the runC container runtime, which underpins Docker and Kubernetes. Other major incidents include a significant data breach affecting 1.5 million Swedes, a cyberattack on the U.S. Congressional Budget Office, and new regulatory rollouts from the DoD and guidance from the OWASP Foundation.

Today New Articles

China's Cyber Arsenal Exposed: Knownsec Breach Leaks State Hacking Tools and Global Target Lists

A monumental data breach at Knownsec, a prominent Chinese cybersecurity firm with close government ties, has resulted in the exposure of over 12,000 classified documents. The leak, which occurred in early November 2025, provides an unprecedented view into Chin...

Swedish IT Supplier Breach Exposes Personal Data of 1.5 Million Citizens

The 'Datacarry' ransomware group has claimed responsibility for a major cyberattack on Miljödata, a Swedish IT supplier for local governments, exposing the sensitive personal data of up to 1.5 million people. The attack, which occurred in August 2025, targeted...

EU Governments Under Siege: ENISA Reports Massive Surge in DDoS and Data Attacks

A new threat landscape report from the EU Agency for Cybersecurity (ENISA) reveals that public administrations across the European Union are facing a dramatic increase in cyberattacks. DDoS attacks, largely driven by pro-Russia hacktivist groups like NoName057...

It's Official: DoD Begins Phased Rollout of CMMC Cybersecurity Program

The U.S. Department of Defense (DoD) has officially started the phased, three-year implementation of its Cybersecurity Maturity Model Certification (CMMC) program as of November 10, 2025. DoD contracting officers can now begin inserting CMMC requirements into...

OWASP Top 10 for 2025 Released, Spotlighting Supply Chain and Design Flaws

The OWASP Foundation has released the 2025 release candidate for its influential Top 10 list of web application security risks. This update signals a major shift in focus, with the introduction of new categories like 'A03: Software Supply Chain Failures' and '...

Akira Ransomware Hits US Manufacturer Koch & Co., Threatens to Leak 54GB of Data

The Akira ransomware group has added U.S. manufacturer Koch & Co., Inc. to its list of victims. In a November 7 post on its dark web leak site, the group claimed to have stolen 54 gigabytes of sensitive corporate data, including detailed financials, contracts,...

OSCE Guide Urges Unified Cyber-Physical Defense for Critical Infrastructure

The Organization for Security and Cooperation in Europe (OSCE) has published a new technical guide advising governments and operators to adopt a unified approach to securing critical infrastructure. The guide emphasizes the growing convergence of physical and...