In the race for every new CVE, hackers sprint with automation, while defenders crawl with manual patching. Attackers leverage machine speed, exploiting vulnerabilities within hours, leaving IT teams scrambling and stressed. To keep pace, organizations must embrace automated defenses or risk being outpaced by tireless, AI-driven adversaries.

Operation Endgame hits a high score as Europol and Eurojust dismantle notorious malware networks, including Rhadamanthys Stealer and Venom RAT. With over 1,025 servers down and 20 domains seized, cybercriminals are running out of lives. Meanwhile, the main suspect behind Venom RAT was nabbed in Greece, proving crime doesn’t pay—at least not in euros.

Synnovis confirms patient personal information was nabbed in a June 2024 ransomware attack, disrupting London hospitals. The pathology service provider didn’t pay a ransom, rebuilt from scratch, and is now in data breach cleanup mode. Patients won’t be informed directly; hospitals get the fun job of breaking the news.

Synnovis has wrapped up its investigation into the 2024 ransomware attack, which the Qilin gang claimed, and left NHS pathology services in chaos. After 18 months, they’ve untangled the mess, but don’t hold your breath for answers on how nearly a million patients’ data went on a joyride through cybercrime land.

In this week’s ThreatsDay Bulletin, discover the latest cyber cat-and-mouse game. While hackers use clever tricks like malvertising campaigns, security teams are countering with faster defenses and smarter systems. Stay curious, stay updated, and make vigilance your new favorite hobby.

Amazon reports a threat actor exploited Citrix and Cisco zero-days before patches were out. Dubbed CitrixBleed 2, the Citrix flaw allowed memory reads, while the Cisco vulnerability let attackers execute code with root privileges. Amazon’s honeypot detected the zero-day exploits before public disclosure, revealing a highly skilled and resourceful adversary.

Fraud now accounts for 40% of UK crime, with 67% cyber-enabled. The techUK report, Anti-Fraud Report 2025: Technology’s Role in the Fight Against Online Fraud, suggests partnerships and tech adoption to combat this. Despite recommendations, the government’s response is pending, with only an identity verification scheme announced so far.

CISA has issued a warning to patch a critical vulnerability in WatchGuard Firebox firewalls. Remote attackers can exploit this flaw to execute malicious code. Agencies have until December 3 to secure their systems. With over 54,000 vulnerable devices identified, CISA urges prompt action to mitigate risks.

Amazon alerts reveal a cyber ninja exploiting zero-days in Cisco ISE and Citrix NetScaler. This threat actor deploys custom malware quicker than a cat on a laser pointer. With vulnerabilities weaponized before patches, even the most fortified systems aren’t safe. Stay vigilant!

Ransomware hit Synnovis, causing chaos: blood shortages, canceled appointments, and even a linked fatality. Despite the breach affecting up to a million patients, it took 17 months to notify clients. Experts blame poor data management and demand transparency, not secretive lessons. Synnovis cites complexity, but critics aren’t buying it.

CISA has added a critical WatchGuard Fireware security flaw to its Known Exploited Vulnerabilities catalog. This vulnerability, CVE-2025-9242, allows remote attackers to execute arbitrary code. With over 54,300 devices still affected, it’s a bit like leaving your front door wide open and hoping no one notices.

Kenya plans to become a “Code Nation,” aiming to add over 1 million tech specialists to its workforce and connect 99% of its population with high-speed digital fiber. With ambitious goals come challenges, but Kenya is stepping up as a leader in the digital economy and cybersecurity.

The IndonesianFoods spam campaign has inundated the npm registry with over 46,000 fake packages, showcasing a worm-like propagation mechanism. The campaign cleverly exploits npm’s open nature, evading detection by requiring manual script execution. While not stealing data, it strains resources and highlights vulnerabilities in security scanners.

Google and Mozilla have released updates for Chrome and Firefox to tackle high-severity vulnerabilities. Chrome’s V8 JavaScript engine flaw could lead to remote exploits, while Firefox addresses 16 serious issues, including graphics and WebGPU component defects. Users, prepare your browsers for a superhero-like transformation—minus the cape.

A Washington state court ruled that Flock Safety’s automated license plate reader data is public, despite cities’ attempts to keep it secret. This decision underscores transparency, even with third-party vendors. It’s a win for public access, though the requester won’t get records due to their deletion. Flock Safety’s practices face growing scrutiny.

CitrixBleed 2 is back, and it’s not alone. Advanced threat actors are exploiting vulnerabilities in Citrix and Cisco systems faster than patches can roll out. Organizations should review identity and access management systems before attackers do, because these bugs aren’t just a glitch—they’re a gateway for cyber mayhem.

Google is taking legal action against the “Smishing Triad” behind the Lighthouse phishing kit. This phishing-as-a-service operation, responsible for a spike in smishing attacks, has scammed over a million victims across 120 countries. With a lawsuit filed, Google aims to tackle this smishing menace head-on.

In a comedy of errors fit for a spy thriller, the Department of Homeland Security kept Chicago police records on a server for months, turning domestic espionage rules into mere suggestions. The DHS’s attempt to test FBI watchlist waters with gang data went unnoticed, much like a mime in a library.

Google sues the China-based Smishing Triad for using the “Lighthouse” phishing kit to conduct large-scale smishing attacks. This cybercriminal group has allegedly targeted millions worldwide, converting phones into ATMs for sensitive data. Google’s legal action involves charges under the RICO, Lanham, and CFAA Acts.

Mindgard’s detective skills revealed OpenAI’s Sora 2 model’s Achilles’ heel: its system prompt was sneakily spilled through audio transcripts. This unexpected karaoke session exposed the AI’s foundational rulebook, proving once again that even the most secure systems can have a penchant for spilling secrets.