Daily Digest

Google Patches Actively Exploited Chrome Zero-Day as Ransomware Cripples PA Attorney General's Office

Google Patches Actively Exploited Chrome Zero-Day as Ransomware Cripples PA Attorney General's Office

November 19, 2025
8 articles (8 new)
24 min read

Summary

This cybersecurity brief for November 19, 2025, covers a critical period marked by urgent zero-day patching and high-stakes ransomware attacks. Google rushed to fix the seventh actively exploited Chrome zero-day of the year (CVE-2025-13223), a type confusion bug in the V8 engine. Concurrently, the Pennsylvania Attorney General's office confirmed a major data breach by the Inc Ransom group, who exploited a Citrix vulnerability to exfiltrate 5.7 TB of sensitive data. Other significant events include CISA adding a Fortinet FortiWeb flaw to its KEV catalog, international sanctions against a Russian bulletproof hosting network, and multiple data breaches affecting DoorDash and healthcare providers due to phishing and supply chain weaknesses.

Filter by Category

New Articles (8)

Inc Ransom Cripples PA Attorney General's Office, Exfiltrates 5.7 TB of Data

HIGH

Pennsylvania Attorney General Confirms Massive Data Breach Following Inc Ransomware Attack

The Pennsylvania Office of the Attorney General (OAG) has confirmed it suffered a severe data breach orchestrated by the Inc Ransom ransomware group. The attackers exploited the 'CitrixBleed2' vulnerability (CVE-2025-5777) to gain initial access and subsequently exfiltrated 5.7 terabytes of highly sensitive data. The stolen information includes Social Security numbers, medical details, and confidential investigative files. The attack, which occurred in August 2025, caused a three-week operational disruption for the agency's 1,200 staff members. The OAG has refused to pay the ransom and is working with the FBI on the investigation.

November 19, 2025
7 min read
Inc RansomRansomwareData BreachCVE-2025-5777CitrixBleed2 +2 more
Inc Ransom Cripples PA Attorney General's Office, Exfiltrates 5.7 TB of Data
Ransomware
Data Breach
Vulnerability

US, UK, and Australia Sanction Russian Bulletproof Hosting Network Aiding Ransomware

MEDIUM

US, UK, and Australia Impose Joint Sanctions on Russian Bulletproof Hosting Provider Media Land, LLC

In a coordinated action, the United States, United Kingdom, and Australia have sanctioned Media Land, LLC, a Russian bulletproof hosting provider, along with its network of related entities and key individuals. This infrastructure is accused of providing essential services to a wide range of global cybercriminals, including malware distributors, phishing operators, and ransomware groups like the notorious LockBit gang. The sanctions aim to disrupt the foundational services that enable cybercrime by targeting the providers who knowingly support malicious operations. The action highlights a strategic international effort to dismantle the cybercrime economy.

November 19, 2025
6 min read
SanctionsOFACBulletproof HostingCybercrimeRussia +2 more
US, UK, and Australia Sanction Russian Bulletproof Hosting Network Aiding Ransomware
Policy and Compliance
Threat Actor
Regulatory

CISA Adds Actively Exploited Fortinet FortiWeb Flaw to KEV Catalog

CRITICAL

CISA Adds Fortinet FortiWeb Command Injection Vulnerability (CVE-2025-58034) to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability in Fortinet's FortiWeb products, CVE-2025-58034, to its Known Exploited Vulnerabilities (KEV) catalog. Citing evidence of active exploitation, CISA has mandated a one-week remediation deadline for Federal Civilian Executive Branch (FCEB) agencies under Binding Operational Directive (BOD) 22-01. The vulnerability allows attackers to execute arbitrary commands on affected devices. CISA strongly urges all organizations using FortiWeb to prioritize patching this flaw to mitigate the threat.

November 19, 2025
6 min read
CISAKEVFortinetFortiWebCVE-2025-58034 +2 more
CISA Adds Actively Exploited Fortinet FortiWeb Flaw to KEV Catalog
Vulnerability
Patch Management
Cyberattack

Chicago's St. Anthony Hospital Discloses Data Breach Affecting Over 6,600

MEDIUM

St. Anthony Hospital Announces Data Breach Exposing PII and PHI of Over 6,600 Individuals

St. Anthony Hospital in Chicago has reported a data breach that may have exposed the personal and medical information of more than 6,600 patients and staff members. The incident, which was discovered in February 2025, occurred when an unauthorized party gained access to several employee email accounts. An investigation revealed that the compromised accounts contained sensitive data, including names, Social Security numbers, medical record numbers, and medical histories. The hospital states there is no evidence the data has been misused but is in the process of notifying all affected individuals.

November 19, 2025
6 min read
Data BreachHealthcareSt. Anthony HospitalPhishingPII +2 more
Chicago's St. Anthony Hospital Discloses Data Breach Affecting Over 6,600
Data Breach
Phishing
Industrial Control Systems

Supply Chain Attacks & AI-Powered Phishing Surge Across Asia-Pacific, Darktrace Warns

INFORMATIONAL

Darktrace Report Reveals Escalation of Supply Chain Attacks, Cloud Intrusions, and AI-Enhanced Phishing in APJ Region

A new threat report from cybersecurity firm Darktrace highlights a dramatic increase in sophisticated cyber threats across the Asia-Pacific and Japan (APJ) region. The report, covering the 12 months to July 2025, details a surge in supply chain attacks, business email compromise, and cloud intrusions. State-sponsored groups from China (APT40, APT41) and North Korea (Lazarus/Bluenoroff) are reportedly leveraging generative AI to create more convincing phishing emails, particularly in non-English languages like Japanese. The report also notes the high cost of supply chain breaches and the use of advanced voice-phishing by groups like Scattered Spider.

November 19, 2025
7 min read
Threat IntelligenceDarktraceAPTSupply Chain AttackPhishing +2 more
Supply Chain Attacks & AI-Powered Phishing Surge Across Asia-Pacific, Darktrace Warns
Threat Intelligence
Supply Chain Attack
Phishing

China-Aligned APT 'PlushDaemon' Wields 'EdgeStepper' Implant for Network Hijacking

HIGH

PlushDaemon: China-Aligned APT Deploys 'EdgeStepper' Network Implant for Adversary-in-the-Middle Attacks

Security researchers have uncovered a new, sophisticated network implant named 'EdgeStepper' used by the China-aligned APT group PlushDaemon. The implant provides the attackers with adversary-in-the-middle (AitM) capabilities, allowing them to intercept and hijack legitimate software updates within a compromised network. EdgeStepper is deployed as part of a larger toolset that includes 'LittleDaemon' and 'DaemonicLogistics' to deliver a Windows implant called 'SlowStepper'. This framework enables the APT group to conduct espionage and deploy additional malware by masquerading as legitimate update traffic.

November 19, 2025
7 min read
PlushDaemonEdgeStepperAPTChinaMalware +2 more
China-Aligned APT 'PlushDaemon' Wields 'EdgeStepper' Implant for Network Hijacking
Threat Actor
Malware
Supply Chain Attack

Togo and Mozambique Forge Cybersecurity Pact to Strengthen African Defenses

INFORMATIONAL

Togo and Mozambique Sign MoU to Enhance Cybersecurity Cooperation and Threat Intelligence Sharing

The nations of Togo and Mozambique have signed a Memorandum of Understanding (MoU) to formalize their cooperation on cybersecurity. The agreement, signed during the inaugural International Cybersecurity Week in Mozambique, establishes a framework for their national Computer Security Incident Response Teams (CSIRTs) to collaborate. The partnership will focus on sharing real-time threat intelligence, conducting joint capacity-building exercises, and coordinating operational responses to cyber incidents, aiming to bolster the digital resilience of both nations and the wider African continent.

November 19, 2025
4 min read
PolicyCybersecurity CooperationAfricaTogoMozambique +1 more
Togo and Mozambique Forge Cybersecurity Pact to Strengthen African Defenses
Policy and Compliance
Regulatory
Threat Intelligence

Vendor Breach Exposes Patient Data at Innovative Physical Therapy

MEDIUM

Innovative Physical Therapy Discloses Patient Data Breach Due to Phishing Attack on Third-Party Vendor

Innovative Physical Therapy has notified patients of a data breach that originated from a third-party vendor responsible for practice management. The breach occurred when two vendor employees fell victim to phishing emails, leading to the compromise of their email accounts. Between June 25 and June 26, 2025, an unauthorized party accessed these accounts, which contained the protected health information (PHI) and personally identifiable information (PII) of at least 2,023 patients. The exposed data includes names, Social Security numbers, medical information, and health insurance details.

November 19, 2025
6 min read
Data BreachHealthcareSupply Chain AttackPhishingVendor Breach +1 more
Vendor Breach Exposes Patient Data at Innovative Physical Therapy
Data Breach
Supply Chain Attack
Phishing

📢 Share This Publication

Help others stay informed about cybersecurity threats