Daily Digest

Ransomware Cripples US Emergency Alerts and London Councils; Critical Flaws in Azure and Oracle Under Active Attack

Ransomware Cripples US Emergency Alerts and London Councils; Critical Flaws in Azure and Oracle Under Active Attack

November 27, 2025
6 articles (4 new, 2 updated)
18 min read

Summary

This cybersecurity brief for November 26-27, 2025, covers a series of high-impact ransomware attacks and critical vulnerability disclosures. The Inc Ransom group disrupted the CodeRED emergency alert system across the U.S., while a separate attack crippled services for three London councils. The Akira ransomware gang claimed attacks on five North American firms. Concurrently, CISA issued warnings for actively exploited vulnerabilities in Oracle Identity Manager (CVE-2025-61757) and spyware targeting messaging apps. A critical CVSS 10.0 authentication bypass flaw (CVE-2025-49752) was also discovered in Microsoft's Azure Bastion service, highlighting significant risks in both public infrastructure and cloud environments.

Filter by Category

New Articles (4)

Major Cyberattack Hits Three London Councils, Crippling Public Services

HIGH

Shared IT Systems for Three London Boroughs Taken Offline by Coordinated Cyberattack, Affecting Over 500,000 Residents

A major cyber incident was declared on November 26, 2025, after a coordinated attack struck the shared IT infrastructure of three London councils: the Royal Borough of Kensington and Chelsea (RBKC), Westminster City Council (WCC), and the London Borough of Hammersmith and Fulham (LBHF). The attack disrupted essential services, including phone lines, for over half a million residents. The councils, which operate under a joint IT arrangement, were forced to activate emergency protocols to maintain critical functions. The UK's National Cyber Security Centre (NCSC) is assisting with the investigation. While the nature of the attack is unconfirmed, experts suspect it is a ransomware incident, potentially targeting a shared managed service provider (MSP), raising fears of a significant data breach involving sensitive citizen information.

November 27, 2025
6 min read
LondonCouncilGovernmentRansomwareMSP +2 more
Major Cyberattack Hits Three London Councils, Crippling Public Services
Cyberattack
Ransomware
Supply Chain Attack

Supply Chain Breach at Vendor Marquis Exposes Data From Dozens of US Banks

HIGH

Ransomware Attack on Marketing Vendor Marquis Software Solutions Leads to Major Data Breach for U.S. Banks and Credit Unions

A ransomware attack on Marquis Software Solutions, a marketing and data analytics vendor for the financial industry, has resulted in a significant supply chain data breach affecting dozens of U.S. banks and credit unions. Marquis began notifying its clients on November 26, 2025, about the incident, which was first detected in August. The breach exposed highly sensitive customer information, including names, Social Security numbers, taxpayer IDs, and financial account details, that the financial institutions had entrusted to the vendor. While the banks' internal systems were not compromised, the incident highlights the profound risks associated with third-party vendors. At least 42,000 individuals in Maine alone have been affected, and Marquis is offering credit monitoring services to impacted customers.

November 27, 2025
6 min read
Marquis SoftwareSupply Chain AttackData BreachRansomwareFinancial Services +2 more
Supply Chain Breach at Vendor Marquis Exposes Data From Dozens of US Banks
Supply Chain Attack
Data Breach
Ransomware

New 'HashJack' Attack Injects Malicious Prompts into AI Browsers

MEDIUM

'HashJack' Prompt Injection Technique Bypasses Network Security by Hiding Commands in URL Fragments

On November 26, 2025, researchers disclosed a novel indirect prompt injection attack called 'HashJack' that targets AI-enabled web browsers. The technique works by embedding malicious instructions in the fragment portion of a URL (the text following a '#' symbol). Because URL fragments are processed client-side and are not sent to the server, they are invisible to most network security tools like firewalls and web gateways. However, AI assistants integrated into browsers often parse the full URL, including the fragment, to gain context. This allows an attacker to craft a seemingly benign link that, when visited, secretly instructs the user's AI assistant to perform malicious actions, creating a significant new attack surface.

November 27, 2025
6 min read
HashJackPrompt InjectionAI SecurityBrowser SecurityURL Fragment +1 more
New 'HashJack' Attack Injects Malicious Prompts into AI Browsers
Vulnerability
Malware
Phishing

Mitsubishi ICS Software Flaw Exposes Credentials in Plaintext

MEDIUM

Mitsubishi Electric Discloses Cleartext Credential Storage Vulnerability (CVE-2025-3784) in GX Works2 ICS Software

On November 27, 2025, Mitsubishi Electric issued a security advisory for CVE-2025-3784, an information disclosure vulnerability in its GX Works2 industrial control system (ICS) software. The flaw, which affects all versions of the software, involves the storage of credential information in plaintext within project files. An attacker with local access to a computer running the software could extract these credentials and use them to bypass authentication on project files, allowing them to view or modify critical industrial process information. The vulnerability has a CVSS score of 5.5. Mitsubishi is developing a patch and has provided interim mitigation guidance.

November 27, 2025
6 min read
CVE-2025-3784Mitsubishi ElectricGX Works2ICSOT Security +2 more
Mitsubishi ICS Software Flaw Exposes Credentials in Plaintext
Vulnerability
Industrial Control Systems
Patch Management

Updated Articles (2)

Critical 10.0 CVSS Flaw in Azure Bastion Allows Full Cloud Takeover

CRITICAL

Microsoft Patches Critical Authentication Bypass Vulnerability (CVE-2025-49752) in Azure Bastion

Update:

New details for CVE-2025-49752 include monitoring Azure Network Security Group (NSG) Flow Logs and VM login events (Windows Event ID 4624/Linux auth.log) for suspicious activity. Remediation advice now emphasizes restricting access with NSGs and implementing zero-trust principles, alongside verifying patch status and auditing. The vulnerability was formally disclosed on November 27, 2025, confirming the timeline of the critical flaw.

November 22, 2025
Updated: November 27, 2025
5 min read
CVE-2025-49752AzureMicrosoftAzure BastionVulnerability +3 more
Critical 10.0 CVSS Flaw in Azure Bastion Allows Full Cloud Takeover
Vulnerability
Cloud Security
Patch Management

Asahi Breweries Crippled by Ransomware Attack, Shipments Plummet to 10% Ahead of Peak Holiday Season

HIGH

Ransomware Attack on Asahi Breweries Disrupts Supply Chain, Forcing Manual Operations and Delaying Earnings Report

Update:

The ransomware attack on Asahi Group Holdings, now attributed to the Qilin group, occurred in September 2025. Reports from November 27, 2025, confirm the company is still experiencing severe operational and financial consequences. The incident has forced ongoing production cuts, leading to product shortages and a significant loss of market share to competitors. The attack crippled manufacturing, supply chain, and communication systems, necessitating a temporary return to manual processes like fax machines, highlighting the deep impact on both IT and OT environments.

November 12, 2025
Updated: November 27, 2025
5 min read
RansomwareAsahiJapanSupply ChainManufacturing +1 more
Asahi Breweries Crippled by Ransomware Attack, Shipments Plummet to 10% Ahead of Peak Holiday Season
Ransomware
Cyberattack
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats