Daily Digest

Microsoft Patches Actively Exploited Windows Zero-Day; Advanced Actors Target Cisco and Citrix in New Campaigns

Microsoft Patches Actively Exploited Windows Zero-Day; Advanced Actors Target Cisco and Citrix in New Campaigns

November 12, 2025
6 articles (6 new)
18 min read

Summary

In cybersecurity news for November 12, 2025, Microsoft has released its November Patch Tuesday update, addressing a critical Windows Kernel zero-day (CVE-2025-62215) under active exploitation. Concurrently, Amazon's threat intelligence team revealed that an advanced threat actor is exploiting new zero-days in Cisco ISE and Citrix NetScaler. Major developments also include a sweeping new cybersecurity bill in the UK, a crippling ransomware attack on Asahi Breweries in Japan, and the Clop ransomware gang claiming an attack on Dartmouth College. Other significant events involve a large-scale phishing campaign abusing Facebook's infrastructure and new NYDFS compliance deadlines taking effect.

Filter by Category

New Articles (6)

Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Patch Tuesday

CRITICAL

Microsoft Addresses Actively Exploited Windows Kernel Zero-Day (CVE-2025-62215) and 62 Other Flaws in November 2025 Patch Tuesday

Microsoft's November 2025 Patch Tuesday update addresses 63 vulnerabilities, including a critical Windows Kernel privilege escalation zero-day (CVE-2025-62215) that is being actively exploited in the wild. The flaw, which has a CVSS score of 7.0, allows a local attacker to gain SYSTEM-level privileges. The release also includes patches for four other critical vulnerabilities, notably a remote code execution flaw in the Microsoft Graphics Component (GDI+) with a CVSS score of 9.8 (CVE-2025-60724). Other significant fixes address high-severity issues in Windows Kerberos, Microsoft Office, and Visual Studio, requiring immediate attention from administrators to prevent potential system compromise and supply chain attacks.

November 12, 2025
5 min read
Patch TuesdayZero-DayCVE-2025-62215Privilege EscalationWindows Kernel +4 more
Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Patch Tuesday

Advanced Threat Actor Exploits Cisco and Citrix Zero-Days in Targeted Attacks on Network Infrastructure

CRITICAL

Amazon Threat Intelligence Uncovers Advanced Actor Exploiting Zero-Days in Cisco ISE and Citrix NetScaler

Amazon's threat intelligence team has discovered an advanced threat actor actively exploiting two previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix NetScaler Application Delivery Controllers (ADC). The vulnerabilities, now tracked as CVE-2025-20337 (Cisco) and CVE-2025-5777 (Citrix), are being used to target critical identity and network access control infrastructure. The attackers are leveraging custom malware to gain initial access and establish persistence on these edge devices. Both Cisco and Citrix have been notified and are working on patches, which security teams are urged to apply immediately upon release.

November 12, 2025
5 min read
Zero-DayCisco ISECitrix NetScalerCVE-2025-20337CVE-2025-5777 +3 more
Advanced Threat Actor Exploits Cisco and Citrix Zero-Days in Targeted Attacks on Network Infrastructure

UK Introduces Sweeping Cyber Security and Resilience Bill to Regulate MSPs and Mandate Stricter Breach Reporting

INFORMATIONAL

United Kingdom Introduces Cyber Security and Resilience Bill, Expanding Regulation to Managed Service Providers

The UK government has introduced the Cyber Security and Resilience Bill to Parliament, a landmark piece of legislation set to replace the 2018 NIS Regulations. This new bill significantly expands the regulatory landscape by bringing Managed Service Providers (MSPs) into scope for the first time, a move impacting up to 1,100 firms. It also imposes stricter incident reporting rules, requiring an initial report within 24 hours and a full report within 72 hours. The legislation aims to bolster national security by strengthening supply chain resilience and aligning the UK with updated international standards like the EU's NIS2 Directive.

November 12, 2025
4 min read
UKCybersecurity LawRegulationNIS2MSP +2 more
UK Introduces Sweeping Cyber Security and Resilience Bill to Regulate MSPs and Mandate Stricter Breach Reporting

Asahi Breweries Crippled by Ransomware Attack, Shipments Plummet to 10% Ahead of Peak Holiday Season

HIGH

Ransomware Attack on Asahi Breweries Disrupts Supply Chain, Forcing Manual Operations and Delaying Earnings Report

Japan's largest brewer, Asahi Group Holdings Ltd., is facing severe operational paralysis more than a month after a devastating ransomware attack. The attack disabled the company's core order and shipment management system, forcing a regression to manual processes like phone calls and faxes. As a result, shipments are at only 10% of normal levels, a critical blow as the company enters its busiest sales month. The incident, which has also forced Asahi to postpone its Q3 earnings report, highlights the extreme vulnerability of complex supply chains and legacy IT systems to modern cyber threats.

November 12, 2025
5 min read
RansomwareAsahiJapanSupply ChainManufacturing +1 more
Asahi Breweries Crippled by Ransomware Attack, Shipments Plummet to 10% Ahead of Peak Holiday Season

Clop Ransomware Gang Claims Attack on Dartmouth College, Threatens to Leak Data

HIGH

Ivy League Under Fire: Clop Ransomware Gang Lists Dartmouth College as Latest Victim

The notorious Clop ransomware gang has claimed responsibility for a cyberattack against Dartmouth College, an Ivy League university in the U.S. On November 11, 2025, the group added the institution to its dark web leak site, threatening to publish exfiltrated data if the university does not enter negotiations. This incident highlights the increasing trend of ransomware attacks targeting the education sector, which holds vast amounts of sensitive personal data. Dartmouth College has not yet issued a public statement on the alleged breach, but the threat from Clop is considered highly credible due to the group's track record.

November 12, 2025
5 min read
ClopRansomwareDartmouth CollegeEducationData Breach +1 more
Clop Ransomware Gang Claims Attack on Dartmouth College, Threatens to Leak Data

Iranian APT 'Ferocious Kitten' Continues to Target Dissidents With Custom MarkiRAT Surveillance Malware

HIGH

Ferocious Kitten: Iranian APT Group's Ongoing Campaign Against Dissidents Using MarkiRAT Malware Detailed

The Iranian-aligned APT group 'Ferocious Kitten' continues its long-running cyber-espionage campaign against Iranian dissidents and activists, according to new research from Picus Security. Active since at least 2015, the group uses spear-phishing emails with malicious Office documents to deploy its custom remote access trojan (RAT), MarkiRAT. This malware is a sophisticated surveillance tool, featuring an advanced keylogger that activates only when password managers are not in use, clipboard hijacking, and data exfiltration over HTTP/S. The group also employs various defense evasion techniques, including the use of BITS and the RTLO trick to disguise malicious files.

November 12, 2025
5 min read
APTFerocious KittenMarkiRATIranCyber-espionage +2 more
Iranian APT 'Ferocious Kitten' Continues to Target Dissidents With Custom MarkiRAT Surveillance Malware

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.