November 30, 2025

Spyware targeting messaging apps announced by CISA

CISA issued an urgent alert on November 24, 2025, warning of multiple cyber threat actors actively using commercial spyware to target users of popular mobile messaging apps like Signal, WhatsApp, and Telegram. These actors employ sophisticated social engineering and targeting techniques, such as malicious QR codes for device pairing, zero-click exploits that infect devices silently without user interaction, and fake […]
November 24, 2025

Cox Enterprises Oracle E-Business Suite Zero-Day Breach

Cl0p ransomware operators launched a targeted campaign against Cox Enterprises by exploiting a critical zero‑day vulnerability in Oracle E‑Business Suite (Oracle EBS), tracked as CVE‑2025‑61882, which allowed remote, unauthenticated access to one of the company’s most sensitive back‑office platforms. The intrusion window ran roughly between 9 and 14 August 2025 and went undetected until late September, giving attackers ample time […]
November 18, 2025

Coupang breach exposes data of over 33 million users

South Korean e‑commerce giant Coupang has disclosed a massive data breach that exposed personal information from approximately 33.7 million customer accounts, making it one of the largest cyber incidents in the country’s history. ​The exposed data includes names, email addresses, phone numbers, postal or shipping addresses, and order histories, with some reports noting leak of delivery entrance codes, raising concerns […]
November 10, 2025

Critical vulnerability found in 7-Zip archiving tool

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-11001 (CVSS 7.0), was disclosed in the popular open-source 7-Zip archiving tool, affecting all versions before 25.00 released in July 2025. The flaw stems from improper handling of symbolic links in ZIP archives, enabling attackers to craft malicious files that allow directory traversal outside the intended extraction folder. When a user […]
November 9, 2025

Chinese Hackers Used Anthropic’s AI to Automate Cyberattacks

Anthropic, the developer of the Claude AI model, disclosed in mid-November 2025 that it disrupted the first documented large scale cyber-espionage campaign orchestrated primarily by artificial intelligence, attributed with high confidence to a Chinese state sponsored hacking group. Detected in mid-September 2025, the operation dubbed GTG-1002 involved hackers manipulating Anthropic’s Claude Code tool to automate intrusions against approximately 30 high-value […]

Collaboration can mitigate the effects of Ransomware Attacks

Archives
Categories
Privacy Policy
RSS NCSC Threat Reports Feed

© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.