SAP’s November 2025 security patch day is here, unveiling an 18-course feast of fresh security notes. Leading the charge is CVE-2025-42890, a vulnerability that made SQL Anywhere Monitor vanish into thin air, Houdini-style. Remember, folks, when SAP says “patch,” they mean it. Stay safe, and don’t let your software secrets become community gossip.

Broken access control is still the reigning champ of app risks in the OWASP Top 10 for 2025, with security misconfiguration hot on its heels. Newcomer “mishandling of exceptional conditions” joins the list, proving that even in cybersecurity, unexpected drama can steal the spotlight!

Celebrate Veterans Day by honoring the courage and dedication of veterans who have transitioned from military service to protecting digital frontiers. Their expertise enriches cybersecurity, ensuring our freedoms endure in the digital age. A heartfelt thank you to the veterans among our readers and thought leaders at SecurityWeek. Your service inspires us all.

The US Department of Defense’s CMMC program entered its enforcement phase on November 10, 2025. Defense contractors must now comply with cybersecurity measures to protect sensitive information. With potential millions at stake for missteps, even big names like Raytheon have felt the sting. The real risk lies with subcontractors who lack proper resources.

Cyber threat actors have hacked Gladinet’s Triofox platform using CVE-2025-12480, a vulnerability as gaping as a plot hole in a soap opera. By spoofing localhost, they turned admin pages into their playground. Luckily, a patched version is here to save the day—just like a superhero in a last-minute rescue.

North Korea-linked Konni APT group went undercover as counselors to hack devices, using Google’s Find Hub to wipe data and spy on defectors. They spread malware disguised as stress-relief programs through KakaoTalk, showcasing a new level of digital mischief. Remember, if a counselor offers you stress relief via email, maybe just go for a walk…

Have I Been Pwned has added 1.96 billion accounts to its breach notification service. This massive dataset, courtesy of Synthient, highlights the risks of password reuse as it includes email addresses and passwords from previous breaches. Time to change those reused passwords and enable two-factor authentication!

Microsoft researchers have discovered Whisper Leak, an AI side-channel attack that cracks encrypted chats by analyzing metadata patterns. Whisper Leak risks exposing sensitive chats to prying eyes. Their advice? Keep sensitive talks off chatbots, especially in sketchy network zones. Stay informed and protect your conversations like they’re the last slice of pizza at a party!

Cybersecurity researchers have uncovered a malicious npm package, “@acitons/artifact,” designed to target GitHub-owned repositories by typosquatting the legitimate “@actions/artifact.” This sneaky package aimed to execute during builds, exfiltrate tokens, and publish malicious artifacts. It’s a prankster in the digital world, but with malevolent intentions!

Fantasy Hub, a new Android remote access trojan, is being sold on Russian-speaking Telegram channels. This Malware-as-a-Service lets cybercriminals control devices, spy, and conduct financial fraud. With fake overlays and SMS privilege abuse, it turns your phone into a double agent. And at $500 a month, it’s cheaper than your gym membership!

The UK’s working with the National Cyber Security Centre to mitigate risks of China-made electric buses being remotely accessed. Concerns arose after Norway found vulnerabilities in Yutong buses. Pelican, the UK importer, disputes the claims, asserting compliance with security certifications. Meanwhile, the UK continues to keep an eye on these electric bus shenanigans.

GlobalLogic joins the Clop ransomware club, revealing data from over 10,000 employees was exposed in Oracle EBS attacks. The esteemed list of victims now boasts The Washington Post and Allianz UK. It’s like a data breach party, and everyone’s invited—except your privacy.

Veracode discovered a cunning attempt to steal GitHub credentials using a malicious npm package. The hackers used typosquatting with a fake “GitHub Actions Toolkit” to trick developers. This sneaky scheme had over 206,000 downloads before being shut down. Lucky for some, Veracode’s Package Firewall was already on guard.

Cyber insurance payouts in the UK soared to £197 million in 2024, driven largely by ransomware and malware claims, according to the Association of British Insurers. While some argue cyber insurance boosts security, others claim it encourages extortion by covering ransom payments. The debate on its role in cybersecurity continues to intensify.

Cisco AI Threat Research reveals that open-weight AI models, while fueling innovation, are prime targets for multi-turn attacks. These models, with publicly available parameters, can be easily manipulated, resulting in a 92.78% success rate for attackers on Mistral’s Large-2 model. It’s a reminder: AI safety needs more than just single-turn vigilance.

The Ajax armored fighting vehicle is finally rolling into the British Army after years of delays, budget blowouts, and unintended ear-ringing effects. Despite concerns about its relevance in drone warfare, the army is revved up about its modern features. Ajax has taken its time, but it’s certainly made an entrance!

Say hello to Quantum Route Redirect, a new phishing-as-a-service platform that’s making credential theft a breeze in 90 countries. This sneaky tool is so advanced it can fool security tools while guiding humans to phishing sites. Its user-friendly features make it a cybercriminal’s dream, targeting Microsoft365 credentials worldwide.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The flaw, CVE-2025-21042, was used to deploy LANDFALL spyware in the Middle East. Samsung Galaxy users can rest easy now that the zero-day exploit has been patched.

Hackers have exploited the Triofox flaw CVE-2025-12480 to bypass authentication and run malicious payloads via the platform’s antivirus feature. Mandiant discovered this bug, urging users to upgrade Triofox and audit admin accounts. Remember, in cybersecurity, always keep your software updated; don’t let hackers crash your party!

North Korean hackers are misusing Google’s Find Hub tool to track South Korean targets and reset Android devices remotely. By hijacking KakaoTalk accounts, they’re spreading malware and causing chaos. To counteract these digital shenanigans, users should enable multi-factor authentication and verify file senders like they owe you money!