Triofox Zero-Day Exploited In-the-Wild; CMMC Enforcement Begins for DoD Contractors

Publication Date: November 11, 2025

Summary

This cybersecurity brief for November 11, 2025, covers several critical developments. A zero-day in Gladinet's Triofox (CVE-2025-12480) is being actively exploited for remote code execution. CISA added a zero-click Samsung mobile flaw (CVE-2025-21042) to its KEV catalog following active exploitation. The DoD has officially begun CMMC enforcement for its contractors. Other major incidents include a destructive campaign by the KONNI APT against Android users, and significant data breaches at Nikkei and Hyundai AutoEver.

Today New Articles

Critical Triofox Zero-Day Actively Exploited for System-Level Access

A critical, unauthenticated remote code execution vulnerability (CVE-2025-12480) in Gladinet's Triofox file-sharing platform is being actively exploited by a threat group tracked as UNC6485. The attackers are bypassing authentication by spoofing HTTP Host head...

KONNI APT Weaponizes Google's Find Hub for Destructive Attacks

The North Korea-linked threat group KONNI has been observed in a novel campaign targeting individuals in South Korea. The attackers use social engineering to deploy PC malware that steals Google account credentials. With these credentials, they access the vict...

Pentagon Overhauls Cyber Force Model to Boost USCYBERCOM Readiness

The U.S. Department of War (DoW) has announced a new cyber force generation model aimed at enhancing the operational effectiveness, specialization, and lethality of forces assigned to U.S. Cyber Command (USCYBERCOM). The revised plan is designed to create a mo...

Nikkei Slack Breach Exposes Data of 17,000 Users via Stolen Credentials

Japanese media giant Nikkei Inc., owner of the Financial Times, has disclosed a significant data breach affecting its internal Slack workspace. An attacker gained access using authentication credentials stolen from an employee's personal computer, which was in...

Hyundai IT Affiliate Discloses Major Data Breach Exposing PII and SSNs

Hyundai AutoEver America, the IT services subsidiary of the Hyundai Group, has begun notifying customers of a major data breach that occurred between late February and early March 2025. The incident involved unauthorized access to the company's IT environment,...

Article Updates

Cisco Firewalls Under Renewed Assault as New DoS Attack Variant Emerges

Update:New information reveals the exploited Cisco firewall vulnerabilities (CVE-2025-20333, CVE-2025-20362) were originally part of the 'ArcaneDoor' zero-day campaign, attributed to a state-sponsored actor. While the original campaign aimed for full device takeover,...