Daily Digest

AI-Orchestrated Cyber Espionage Uncovered; Logitech Breached by Clop; Google Patches Actively Exploited Chrome Zero-Day

AI-Orchestrated Cyber Espionage Uncovered; Logitech Breached by Clop; Google Patches Actively Exploited Chrome Zero-Day

November 18, 2025
6 articles (5 new, 1 updated)
18 min read

Summary

This intelligence brief for November 18, 2025, covers a landmark AI-driven espionage campaign by a Chinese state actor, a major data breach at Logitech by the Clop ransomware gang exploiting an Oracle zero-day, and an emergency patch from Google for an actively exploited Chrome vulnerability. Additional reports detail critical flaws in WordPress plugins, a defacement attack on Kenyan government websites, and a massive DDoS attack on critical infrastructure.

Filter by Category

New Articles (5)

Urgent Patch Required: Critical RCE Flaw in W3 Total Cache WordPress Plugin

CRITICAL

Critical Unauthenticated RCE Vulnerability (CVE-2025-9501) in W3 Total Cache Puts Over 1 Million WordPress Sites at Risk

A critical command injection vulnerability, CVE-2025-9501, with a CVSS score of 9.0, has been found in the W3 Total Cache WordPress plugin, which is active on over one million websites. The flaw allows unauthenticated attackers to achieve remote code execution (RCE) by simply submitting a malicious comment. This enables a complete site takeover. All versions prior to 2.8.13 are affected, and administrators are urged to update immediately.

November 18, 2025
5 min read
WordPressVulnerabilityRCECVE-2025-9501W3 Total Cache +1 more
Urgent Patch Required: Critical RCE Flaw in W3 Total Cache WordPress Plugin

Kenyan Government Websites Defaced in Coordinated Cyberattack

HIGH

Multiple Kenyan Government Websites, Including Ministry of Interior, Taken Offline and Defaced with Hate Symbols

On November 17, 2025, a coordinated cyberattack targeted and temporarily disabled numerous Kenyan government websites. The Ministry of Interior and National Administration confirmed the breach, which impacted the websites of the State House and ministries of Health, Education, and Energy, among others. Reports indicate several of the compromised sites were defaced with white supremacist slogans and symbols. The Kenyan government has since restored services and vowed to bring the perpetrators to justice.

November 18, 2025
5 min read
DefacementCyberattackKenyaGovernmentHacktivism
Kenyan Government Websites Defaced in Coordinated Cyberattack

Merck Employee Data Breached in Third-Party Vendor Incident

HIGH

Merck Discloses Data Breach Affecting Employees After Vendor Graebel Companies Suffers Security Incident

Pharmaceutical giant Merck has confirmed a data breach impacting its current and former employees due to a cybersecurity incident at a third-party service provider, Graebel Companies. The breach, which occurred in September 2025, was disclosed on November 17. Exposed data includes sensitive PII such as names, Social Security numbers, and financial account information. Merck is offering 24 months of complimentary credit monitoring services to affected individuals.

November 18, 2025
5 min read
Data BreachSupply Chain AttackThird-Party RiskMerckPII
Merck Employee Data Breached in Third-Party Vendor Incident

WordPress Security Plugin Ironically Contains Critical File-Read Flaw

CRITICAL

Critical Arbitrary File Read Vulnerability (CVE-2025-11705) in 'Anti-Malware Security' WordPress Plugin Affects 100,000+ Sites

A critical vulnerability, CVE-2025-11705, has been discovered in the 'Anti-Malware Security and Brute-Force Firewall' WordPress plugin, which is active on over 100,000 sites. The flaw allows any authenticated user, including low-privilege subscribers, to read arbitrary files from the server. This can be exploited to access the sensitive wp-config.php file, leading to a full database compromise and site takeover. Users are urged to update the plugin immediately.

November 18, 2025
5 min read
WordPressVulnerabilityCVE-2025-11705Arbitrary File ReadPatch Management +1 more
WordPress Security Plugin Ironically Contains Critical File-Read Flaw

NSFOCUS Mitigates Massive 843 Gbps DDoS Attack on Critical Infrastructure

HIGH

NSFOCUS Details Successful Mitigation of 843.4 Gbps Multi-Vector DDoS Attack Targeting Critical Infrastructure Operator

Security vendor NSFOCUS has detailed its successful effort to mitigate a massive multi-vector DDoS attack that targeted a critical infrastructure operator in October 2025. The attack peaked at an enormous 843.4 Gbps and 73.6 million packets per second, sustaining high volumes for over 30 minutes. The assault was dominated by a UDP flood, accounting for over 600 Gbps of the traffic. NSFOCUS's Cloud DDoS Protection Service successfully filtered over 99.9% of the malicious traffic, keeping the operator's services online.

November 18, 2025
5 min read
DDoSCyberattackCritical InfrastructureNSFOCUSUDP Flood +1 more
NSFOCUS Mitigates Massive 843 Gbps DDoS Attack on Critical Infrastructure

Updated Articles (1)

Cl0p Gang Exploits Oracle Zero-Day to Breach Logitech, Washington Post, and More

CRITICAL

Cl0p Ransomware Gang Breaches Logitech, The Washington Post, and Others via Oracle E-Business Suite Zero-Day (CVE-2025-61882)

Update:

Logitech has officially confirmed the exfiltration of approximately 1.8 TB of data from its systems by the Cl0p ransomware group, following the exploitation of CVE-2025-61882 in Oracle E-Business Suite. The company filed a disclosure with the SEC, stating that while data on employees, consumers, and suppliers was accessed, highly sensitive personal data was not affected, and business operations remain stable. Additionally, Harvard University has been identified as another victim in this widespread Cl0p campaign, which continues to leverage the Oracle EBS zero-day for mass data theft.

November 17, 2025
Updated: November 18, 2025
5 min read
Cl0pransomwaredata breachzero dayCVE-2025-61882 +3 more
Cl0p Gang Exploits Oracle Zero-Day to Breach Logitech, Washington Post, and More

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.