28 Nov

London Councils Attacked:

At least three London local authorities—Kensington & Chelsea, Westminster City Council, and Hammersmith & Fulham experienced a serious cyber incident that disrupted shared IT services, including phone lines. Emergency plans were activated, and the National Cyber Security Centre (NCSC) and National Crime Agency are investigating.

OpenAI User Data Exposed:

A data breach at analytics company Mixpanel impacted multiple customers, including OpenAI, potentially exposing user data

Asahi Data Breach:

Asahi, the beverage maker, confirmed that a September 2025 ransomware attack potentially exposed the personal information of 1.5 million customers.

OnSolve CodeRED Disruption:

A ransomware attack by the Inc Ransom group disrupted the OnSolve CodeRED emergency notification system in the US, leading to service outages.

JLR Cyberattack Impact Lingers:

The effects of the earlier cyberattack on Jaguar Land Rover’s parent company, Tata Group, continued into November, contributing to a fall in UK car output.

New UK Laws Proposed:

New, tougher laws are being proposed in the UK to strengthen cyber defenses for essential services like the NHS, transport, and energy sectors.

UK Small Business Guidance:

The UK government issued an open letter to small businesses, urging them to use the NCSC’s free Cyber Action Toolkit and adopt the Cyber Essentials scheme to improve resilience against growing and sophisticated threats.

AI in Cyber:

Experts discussed the growing role of Artificial Intelligence (AI) in both cyber defense (Amazon using AI agents to find vulnerabilities) and offense (new “dark LLMs” boosting cybercrime automation).

Supply Chain Resilience:

The lingering effects of a major cyberattack on the Tata Group, the parent company of Jaguar Land Rover (JLR), continued to impact UK car output, highlighting the vulnerabilities in supply chains.

Scattered Lapsus$ Hunters:

This collective, made up of members from older groups like Scattered Spider and Lapsus$, announced the launch of a new ransomware-as-a-service (RaaS) platform in November. The group was linked to a supply chain attack on SaaS provider Gainsight, which exposed data from multiple customers, including some Salesforce clients.

Actively exploited vulnerabilities (zero-days)

CVE-2025-62215 (Windows Kernel EoP): A race-condition vulnerability in the Windows Kernel was patched by Microsoft. It could allow a local attacker with low privileges to escalate to full SYSTEM-level access.
CVE-2025-13223 (Google Chrome RCE): Google released an emergency update for Chrome to fix a type-confusion bug in its V8 JavaScript engine. The flaw allowed remote code execution via malicious websites and was confirmed as actively exploited.
CVE-2025-61757 (Oracle Identity Manager Auth Bypass): CISA confirmed that this vulnerability in Oracle Fusion Middleware was being actively exploited. It allowed unauthenticated remote attackers to bypass authentication and gain remote code execution.
CVE-2025-61882 (Oracle E-Business Suite RCE): The NCSC in the UK issued an alert for an actively exploited remote code execution vulnerability in the BI Publisher Integration component of Oracle Concurrent Processing.
CVE-2025-54236 (Adobe Commerce RCE): An input validation flaw in Adobe Commerce and Magento was found to be actively exploited by attackers to take over e-commerce sites.