Microsoft Patches Actively Exploited Windows Zero-Day; Advanced Actors Target Cisco and Citrix in New Campaigns

Publication Date: November 12, 2025

Summary

In cybersecurity news for November 12, 2025, Microsoft has released its November Patch Tuesday update, addressing a critical Windows Kernel zero-day (CVE-2025-62215) under active exploitation. Concurrently, Amazon's threat intelligence team revealed that an advanced threat actor is exploiting new zero-days in Cisco ISE and Citrix NetScaler. Major developments also include a sweeping new cybersecurity bill in the UK, a crippling ransomware attack on Asahi Breweries in Japan, and the Clop ransomware gang claiming an attack on Dartmouth College. Other significant events involve a large-scale phishing campaign abusing Facebook's infrastructure and new NYDFS compliance deadlines taking effect.

Today New Articles

Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Patch Tuesday

Microsoft's November 2025 Patch Tuesday update addresses 63 vulnerabilities, including a critical Windows Kernel privilege escalation zero-day (CVE-2025-62215) that is being actively exploited in the wild. The flaw, which has a CVSS score of 7.0, allows a loca...

Advanced Threat Actor Exploits Cisco and Citrix Zero-Days in Targeted Attacks on Network Infrastructure

Amazon's threat intelligence team has discovered an advanced threat actor actively exploiting two previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler Application Delivery Controllers (ADC). The vulnerabil...

UK Introduces Sweeping Cyber Security and Resilience Bill to Regulate MSPs and Mandate Stricter Breach Reporting

The UK government has introduced the Cyber Security and Resilience Bill to Parliament, a landmark piece of legislation set to replace the 2018 NIS Regulations. This new bill significantly expands the regulatory landscape by bringing Managed Service Providers (...

Asahi Breweries Crippled by Ransomware Attack, Shipments Plummet to 10% Ahead of Peak Holiday Season

Japan's largest brewer, Asahi Group Holdings Ltd., is facing severe operational paralysis more than a month after a devastating ransomware attack. The attack disabled the company's core order and shipment management system, forcing a regression to manual proce...

Clop Ransomware Gang Claims Attack on Dartmouth College, Threatens to Leak Data

The notorious Clop ransomware gang has claimed responsibility for a cyberattack against Dartmouth College, an Ivy League university in the U.S. On November 11, 2025, the group added the institution to its dark web leak site, threatening to publish exfiltrated...

Iranian APT 'Ferocious Kitten' Continues to Target Dissidents With Custom MarkiRAT Surveillance Malware

The Iranian-aligned APT group 'Ferocious Kitten' continues its long-running cyber-espionage campaign against Iranian dissidents and activists, according to new research from Picus Security. Active since at least 2015, the group uses spear-phishing emails with...