Daily Digest

Jaguar Land Rover Reels from £680M Cyberattack Loss; Cl0p Exploits Oracle Zero-Day in Massive Campaign

Jaguar Land Rover Reels from £680M Cyberattack Loss; Cl0p Exploits Oracle Zero-Day in Massive Campaign

November 17, 2025
6 articles (4 new, 2 updated)
18 min read

Summary

This intelligence brief for November 16-17, 2025, covers a series of high-impact cyber events. Key incidents include Jaguar Land Rover's staggering £680 million loss from a production-halting cyberattack, a widespread campaign by the Cl0p ransomware gang exploiting an Oracle E-Business Suite zero-day to breach Logitech and others, and the introduction of a sweeping new cybersecurity bill in the UK. Other major events include the discovery of 150,000 malicious NPM packages in a crypto-farming scheme, an actively exploited Windows Kernel zero-day patch from Microsoft, and multiple data breaches affecting DoorDash and Eurofiber.

Filter by Category

New Articles (4)

DoorDash Hit by Data Breach After Employee Targeted in Social Engineering Scam

HIGH

DoorDash Discloses Data Breach Affecting Users in Four Countries After Employee Falls for Social Engineering Scam

Food delivery service DoorDash has confirmed a data breach after an employee was compromised by a social engineering scam, allowing an unauthorized third party to access internal systems. The breach exposed the names, physical addresses, phone numbers, and email addresses of an undisclosed number of customers in the United States, Canada, Australia, and New Zealand. The company has stated that financial information was not accessed. This incident highlights the persistent threat of attackers targeting the 'human element' to bypass technical security controls.

November 17, 2025
4 min read
data breachsocial engineeringphishingDoorDashhuman element
DoorDash Hit by Data Breach After Employee Targeted in Social Engineering Scam
Data Breach
Phishing
Cyberattack

Iranian APT 'SpearSpecter' Targets Officials' Families in Sophisticated Espionage Campaign

HIGH

Iranian APT 'SpearSpecter' (APT42) Targets Government Officials and Their Families with 'TameCat' Backdoor

The Iranian state-sponsored group APT42, also known by aliases like SpearSpecter, is conducting a highly sophisticated and ongoing espionage campaign targeting senior defense and government officials. According to the Israel National Digital Agency, the threat actors are using advanced social engineering tactics, including building trust over weeks and targeting victims' family members to apply psychological pressure. The campaign's technical core is 'TameCat,' a modular PowerShell-based backdoor that operates in-memory and uses legitimate services like Telegram and Discord for stealthy command-and-control.

November 17, 2025
5 min read
APT42SpearSpecterIranespionagethreat actor +3 more
Iranian APT 'SpearSpecter' Targets Officials' Families in Sophisticated Espionage Campaign
Threat Actor
Malware
Cyberattack

Eurofiber Breach Exposes Thales, Orange, and French Government Data in Major Supply Chain Incident

CRITICAL

Eurofiber France Data Breach via GLPI Flaws Exposes Data from Thales, Orange, and Government Ministries

European digital infrastructure provider Eurofiber has confirmed a major data breach in its French division, potentially exposing sensitive data from over 3,600 clients, including major corporations like Thales and Orange, and several French government ministries. A threat actor known as 'ByteToBreach' claims to have exploited vulnerabilities (CVE-2024-29889, CVE-2025-24799) in Eurofiber's GLPI IT asset management software via SQL injection. The stolen data, now for sale on the dark web, allegedly includes highly sensitive information such as SSH private keys, VPN configurations, and API keys, posing a severe supply chain risk.

November 17, 2025
5 min read
data breachsupply chain attackSQL injectionvulnerabilityEurofiber +3 more
Eurofiber Breach Exposes Thales, Orange, and French Government Data in Major Supply Chain Incident
Data Breach
Vulnerability
Supply Chain Attack

Pro-Russian Hackers Target Denmark with DDoS Attacks Ahead of Elections

MEDIUM

Pro-Russian Group NoName057(16) Launches DDoS Attacks on Danish Government and Political Parties Before Elections

The pro-Russian hacktivist group NoName057(16) has claimed responsibility for a series of Distributed Denial-of-Service (DDoS) attacks that targeted Danish government websites, political parties, and defense-related entities. The attacks, which occurred just before Denmark's municipal and regional elections, were designed to cause disruption and informational noise. Targets included the Danish Ministry of Transport and the national citizen portal, Borger.dk. While the outages were brief, the incident aligns with a pattern of politically motivated cyber activity by the group against European nations supporting Ukraine.

November 17, 2025
4 min read
DDoShacktivismNoName057(16)pro-RussianDenmark +1 more
Pro-Russian Hackers Target Denmark with DDoS Attacks Ahead of Elections
Cyberattack
Threat Actor

Updated Articles (2)

Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Update

CRITICAL

Microsoft's November 2025 Patch Tuesday Addresses Actively Exploited Windows Kernel Privilege Escalation Zero-Day (CVE-2025-62215)

Update:

The update details two new critical vulnerabilities: CVE-2025-60274, a Windows GDI+ Remote Code Execution flaw with a CVSS of 9.8, and CVE-2025-62199, an RCE in Microsoft Office. These additions significantly broaden the scope of critical issues addressed in the November Patch Tuesday. Furthermore, the article provides more specific cyber observables for pre-patch detection, including Event ID 4688 and process monitoring, along with a refined deployment priority strategy for organizations. The presence of a 9.8 CVSS RCE vulnerability elevates the overall risk profile of this patch cycle.

November 14, 2025
Updated: November 17, 2025
3 min read
Patch TuesdayMicrosoftWindowszero-dayvulnerability +2 more
Microsoft Patches Actively Exploited Windows Kernel Zero-Day in November Update
Vulnerability
Patch Management

Washington Post Breached by Clop Ransomware via Oracle Flaws

HIGH

Washington Post Confirms Breach in Widespread Clop Ransomware Campaign Targeting Oracle E-Business Suite

Update:

New information confirms the Clop ransomware group exploited a zero-day vulnerability, now tracked as CVE-2025-61882, in Oracle's E-Business Suite. This critical flaw allowed for unauthorized data access and was actively exploited for months before patches were released. Swiss electronics giant Logitech, Allianz UK, and GlobalLogic have been identified as additional victims in this widespread data exfiltration campaign, alongside The Washington Post. Organizations are urged to apply emergency patches immediately and assume compromise if running vulnerable EBS versions (12.2.3-12.2.14).

November 9, 2025
Updated: November 17, 2025
6 min read
ClopRansomwareOracleE-Business SuiteData Breach +2 more
Washington Post Breached by Clop Ransomware via Oracle Flaws
Ransomware
Data Breach
Cyberattack

📢 Share This Publication

Help others stay informed about cybersecurity threats