Daily Digest

Zero-Day Exploits Rock Oracle and Chrome; APTs Uncovered in Multi-Year Espionage Campaigns

Zero-Day Exploits Rock Oracle and Chrome; APTs Uncovered in Multi-Year Espionage Campaigns

November 23, 2025
3 articles (1 new, 2 updated)
10 min read

Summary

This cybersecurity brief for November 23, 2025, covers a tumultuous period marked by the active exploitation of zero-day vulnerabilities in Oracle E-Business Suite by the Cl0p ransomware gang and in Google Chrome. Concurrently, researchers have exposed long-running cyberespionage campaigns by APT24 and APT31, which utilized sophisticated supply chain attacks and cloud-based C2 infrastructure. Other major incidents include a record-breaking 15.72 Tbps DDoS attack mitigated by Microsoft, a critical CVSS 10.0 vulnerability in Grafana Enterprise, and a series of data breaches impacting Harvard University, CrowdStrike, and Salesforce customers via a supply chain attack on Gainsight.

Filter by Category

New Articles (1)

Harvard University Data Breach Exposes Donor Information After Phone Phishing Attack

MEDIUM

Harvard University's Development Office Hit by Data Breach Following Sophisticated Vishing Campaign

Harvard University has disclosed a data breach affecting its Alumni Affairs and Development Office, discovered on November 18, 2025. The incident originated from a phone-based phishing (vishing) attack that gave an unauthorized party access to systems containing personal information and donation records of university affiliates and donors. While highly sensitive data like Social Security numbers were reportedly not compromised, the breach exposed names, contact details, and donation histories. This attack follows a similar pattern seen in recent incidents at Princeton University and the University of Pennsylvania, indicating a targeted campaign against the development departments of major educational institutions.

November 23, 2025
5 min read
vishingsocial engineeringdata breacheducation sectordonor data +1 more
Harvard University Data Breach Exposes Donor Information After Phone Phishing Attack

Updated Articles (2)

Logitech Confirms Breach: Clop Ransomware Exploits Oracle Zero-Day

HIGH

Logitech Becomes Latest Victim of Clop Ransomware's Mass-Exploitation of Oracle E-Business Suite Zero-Day

Update:

Cox Enterprises has confirmed a data breach affecting nearly 9,500 individuals due to the Clop ransomware gang exploiting the same Oracle E-Business Suite zero-day vulnerability (CVE-2025-61882). The breach occurred in August 2025 but was detected in late September. This adds Cox Enterprises to the growing list of victims in Clop's large-scale campaign targeting this critical Oracle flaw, underscoring the widespread impact of the zero-day exploit. Cox is offering identity theft protection to affected individuals.

November 18, 2025
Updated: November 23, 2025
5 min read
ClopRansomwareData BreachZero-DayOracle +2 more
Logitech Confirms Breach: Clop Ransomware Exploits Oracle Zero-Day

URGENT: CISA Orders 7-Day Patch for Actively Exploited FortiWeb Zero-Day

CRITICAL

Fortinet Discloses Critical FortiWeb Zero-Day (CVE-2025-58034) Under Active Attack; CISA Issues Emergency Directive

Update:

Fortinet has officially patched the actively exploited CVE-2025-58034 in FortiWeb WAF, affecting 7.x and 8.x versions. The vulnerability was initially 'stealth-patched' in routine updates before public disclosure. A critical development is the release of an exploit module for this flaw in the Metasploit framework. This significantly lowers the technical barrier for exploitation, making it accessible to a wider range of threat actors and dramatically increasing the likelihood of widespread attacks. Organizations are urged to apply patches immediately due to the heightened risk.

November 20, 2025
Updated: November 23, 2025
5 min read
Zero-DayWAFCommand InjectionCISAKEV +2 more
URGENT: CISA Orders 7-Day Patch for Actively Exploited FortiWeb Zero-Day

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.