Cyber security news November 2025

This posting is here to collect cyber security news in November 2025.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

83 Comments

  1. Tomi Engdahl says:

    https://www.verkkouutiset.fi/a/tekoaly-voi-kansanedustajan-mukaan-mullistaa-kyberturvallisuuden/#fb485f67

    Reply
  2. Tomi Engdahl says:

    https://cybersecuritynews.com/silentbutdeadly-neutralizes-edr-av/

    Reply
  3. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/kerberoasting-in-2025-how-to-protect-your-service-accounts/

    Reply
  4. Tomi Engdahl says:

    Cloudflare outage: the internet is broken again
    https://cybernews.com/news/cloudflare-outage-internet-down/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post&fbclid=IwVERDUAOJaC5leHRuA2FlbQIxMABzcnRjBmFwcF9pZAwzNTA2ODU1MzE3MjgAAR6KcTXD6AWna0TvXeiYCwMbyUBXe7cfOlKVPh1nfP0yWc-vdYWEdbFokO_4CA_aem_3AIHjBSBqsvCNV6o-esxxQ

    Cloudflare is experiencing technical problems, meaning that hundreds of millions of people across the globe are unable to access the internet.

    The global network that connects users with websites and apps is currently experiencing an outage, which the company is investigating.

    Cloudflare, which “powers internet requests for millions of websites” while serving 81 million HTTP requests, is currently experiencing issues on a global scale.

    Reply
  5. Tomi Engdahl says:

    https://www.tivi.fi/uutiset/a/a084008f-a1ff-4ea8-b13d-d7181921c1f8
    Verkkorosvoilla on uudet keinot käytössään – Tämä on ainoa tapa suojautua ”Clickfixiltä”
    13.11.202521:30
    Clickfix-hyökkäys ohittaa suuren osan tavanomaisista puolustautumiskeinoista.

    https://arstechnica.com/security/2025/11/clickfix-may-be-the-biggest-security-threat-your-family-has-never-heard-of/

    Reply
  6. Tomi Engdahl says:

    An outage affecting cybersecurity firm Cloudflare took down huge swathes of the internet with it on Tuesday, once again highlighting how a handful internet services allow the entire web to stay online.

    Among the websites affected by the outage are gigantic services including X-formerly-Twitter, OpenAI’s ChatGPT, and Spotify.
    https://futurism.com/future-society/internet-down-detector-cloudflare?utm_social_handle_id=352364611609411&utm_social_post_id=577362521&fbclid=IwdGRjcAOJyQZjbGNrA4nITmV4dG4DYWVtAjExAHNydGMGYXBwX2lkDDM1MDY4NTUzMTcyOAABHum8uvW99ieHTvelrsceLmtl5E5b2RxXDH54ZpToACAcs1MGhGYpskeqJ0Va_aem_5LiwoNjcIe9vwWxzM8OJug

    Reply
  7. Tomi Engdahl says:

    The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems’ permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.
    Cloudflare outage on November 18, 2025 https://share.google/s5XJSLsRmA4GFOJ5M

    Reply
  8. Tomi Engdahl says:

    What does the outage tell us about the health of the internet?
    With much of the world’s economy reliant on the internet – from banking to e-commerce – some experts in cyber-resilience warn that its infrastructure has become too reliant on a few big companies, creating a “dependency chain”. The problems at Cloudflare come less than a month after outages at other cloud services operators, Amazon’s AWS and Microsoft’s Azure. Together with Google Cloud, these three providers account for about two-thirds of the infrastructure underlying the digital world. Experts argue it shows there should be greater diversity in supply of internet services.
    What is Cloudflare – and why did its outage take down so many websites? | Internet | The Guardian https://share.google/qLGfXFtnFXfvBREf2

    Reply
  9. Tomi Engdahl says:

    Tietoliikennejätiltä varoitus – Pohjoismaat uhattuna
    Anna Helakallio17.11.202512:27Politiikka
    Yhteiskunnan kriittiset toiminnot ovat riippuvaisia digitaalisesta infrastruktuurista.
    https://www.tivi.fi/uutiset/a/bbdd6cf1-30d7-48cb-be8e-987e7de33273

    Pohjoismaiden on vahvistettava digitaalista resilienssiään laajamittaisten digitaalisten katkoksien varalta, varoittaa tietoliikenneyritys Globalconnect. Yhtiön varoitus perustuu sen teettämiin raportteihin

    Reply
  10. Tomi Engdahl says:

    https://www.cloudflare.com/learning/ssl/lava-lamp-encryption/

    https://www.howtogeek.com/cloudflares-broke-internet-open-source-app-saved-homelab/

    Reply
  11. Tomi Engdahl says:

    Tutkimus: Baltimoren laivaturma ja siltaromahdus aiheutuivat sähköjohtoon väärin liimatusta tarrasta
    https://yle.fi/a/74-20194896

    Reply
  12. Tomi Engdahl says:

    https://futurism.com/artificial-intelligence/openai-blocks-toymaker-ai-teddy-bear

    Reply
  13. Tomi Engdahl says:

    Teollisuuden kyberturvallisuus rakennetaan IT:n ja tuotannon yhteispelillä
    https://www.businessopas.fi/teollisuus/teollisuuden-kyberturvallisuus-rakennetaan-itn-ja-tuotannon-yhteispelilla/

    Reply
  14. Tomi Engdahl says:

    3 open-source, cross-platform security apps that just work
    https://www.howtogeek.com/open-source-cross-platform-security-apps-that-just-work/

    Reply
  15. Tomi Engdahl says:

    OWASP Top 10: Broken access control still tops app security list
    Risk list highlights misconfigs, supply chain failures, and singles out prompt injection in AI apps
    https://www.theregister.com/2025/11/11/new_owasp_top_ten_broken/

    Reply
  16. Tomi Engdahl says:

    Europe is finally cutting down on annoying cookie pop-ups. Under the new plan, some low-risk cookies won’t show pop-ups at all, and users will be able to control other cookies directly in their browser settings, instead of on every single website.

    Read full article: https://cnews.link/european-union-cookie-consent-banners-8/

    I am so tired of the retardation they caused, worldwide, with that law.

    Reply
  17. Tomi Engdahl says:

    https://etn.fi/index.php/opinion/18198-pilvialustojen-riskit-naehtiin-taas

    Reply
  18. Tomi Engdahl says:

    https://cybernews.com/cybercrime/disgruntled-it-worker-hacks-former-employer-resets-2500-passwords/?utm_source=cn_facebook&utm_medium=social&utm_campaign=cybernews&utm_content=post&source=cn_facebook&medium=social&campaign=cybernews&content=post

    Reply
  19. Tomi Engdahl says:

    The Formula 1 Las Vegas Grand Prix had an accidental free broadcast as fans used public street cameras to watch the whole race
    https://supercarblondie.com/formula-1-las-vegas-grand-prix-accidental-free-broadcast/

    With all eyes on the Formula 1 Las Vegas Grand Prix, some people found a savvy way to get an accidentally free broadcast, as public street cameras captured every corner of the thrilling race.

    All of this unfolded on subscription TV channels like ESPN and Sky Sports.

    But just as some people found hilarious alternative ways to view the race in the street, some people found a TV workaround by tuning in to the public cameras on the Las Vegas strip for free.

    While the quality isn’t quite that of ESPN’s, the public cameras allowed anyone to tune into any part of the circuit they wanted to and watch the cars whip past.

    Reply
  20. Tomi Engdahl says:

    Years-old bugs in open source tool left every major cloud open to disruption
    Fluent Bit has 15B+ deployments … and 5 newly assigned CVEs
    iconJessica Lyons
    Mon 24 Nov 2025 // 15:23 UTC
    A series of “trivial-to-exploit” vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to completely disrupt cloud services and alter data.
    https://www.theregister.com/2025/11/24/fluent_bit_cves/

    Reply
  21. Tomi Engdahl says:

    Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
    https://thehackernews.com/2025/11/grafana-patches-cvss-100-scim-flaw.html

    Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.

    The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First introduced in April 2025, it’s currently in public preview.

    Reply
  22. Tomi Engdahl says:

    https://www.theregister.com/2025/11/25/campbells_ciso_lawsuit/
    https://www.foodbible.com/news/campbells-soup-lawsuit-comments-poor-people-martin-bally-588431-20251125

    Reply
  23. Tomi Engdahl says:

    https://www.businessopas.fi/teollisuus/teollisuuden-kyberturvallisuus-rakennetaan-itn-ja-tuotannon-yhteispelilla/

    Reply
  24. Tomi Engdahl says:

    From locked data to live insights: how the EU Data Act transforms industrial analytics
    The EU Data Act changes how industrial IoT data can be accessed and used. Read our article on what this means for your business.
    https://nortal.com/insights/from-locked-data-to-live-insights-how-the-eu-data-act-transforms-industrial-analytics

    Reply
  25. Tomi Engdahl says:

    https://www.namecheap.com/blog/could-cloudflares-bot-blocker-impact-your-brands-discoverability/

    Reply
  26. Tomi Engdahl says:

    https://fortune.com/brandstudio/varonis/the-new-rules-for-data-security

    Reply
  27. Tomi Engdahl says:

    https://etn.fi/index.php/13-news/18216-finen-ratkaisu-paljasti-oudon-riskin-androidin-piilotettu-asetus-auttoi-pankkihuijareita

    Reply
  28. Tomi Engdahl says:

    Hackers Replace ‘m’ with ‘rn’ in Microsoft(.)com to Steal Users’ Login Credentials
    https://cybersecuritynews.com/microsoft-phishing-replace-m-with-rn/

    A sophisticated phishing campaign is currently leveraging a subtle typographical trick to bypass user vigilance, deceiving victims into handing over sensitive login credentials. Attackers utilize the domain “rnicrosoft.com” to impersonate the tech giant.

    By replacing the letter ‘m’ with the combination of ‘r’ and ‘n’, fraudsters create a visual doppleganger that is nearly indistinguishable from the legitimate domain at a casual glance.

    Reply
  29. Tomi Engdahl says:

    https://www.bleepingcomputer.com/news/security/hacker-claims-to-steal-23tb-data-from-italian-rail-group-almaviva/#amp_tf=L%C3%A4hde%3A%20%251%24s&aoh=17637176564910&referrer=https%3A%2F%2Fwww.google.com&ampshare=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fhacker-claims-to-steal-23tb-data-from-italian-rail-group-almaviva%2F

    Reply
  30. Tomi Engdahl says:

    Cryptology firm cancels elections after losing encryption key
    https://www.bbc.com/news/articles/c62vl05rz0ko

    A firm considered one of the leading global voices in encryption has cancelled the announcement of its leadership election results after an official lost the encrypted key needed to unlock them.

    The International Association for Cryptologic Research (IACR) uses an electronic voting system which needs three members, each with part of an encrypted key, to access the results.

    In a statement, the scientific organisation said one of the trustees had lost their key in “an honest but unfortunate human mistake”, making it impossible for them to decrypt – and uncover – the final results.

    The IACR said it would rerun the election, adding “new safeguards” to stop similar mistakes happening again.

    The Association used an open source electronic voting system called Helios for the process.

    The browser-based system uses cryptography to encrypt votes

    Three members of the association were chosen as independent trustees to each be given a third of the encrypted material, which when shared together would give the verdict.

    Whilst two of the trustees uploaded their share of the encrypted material online, a third never did.

    ‘Irretrievably’ lost
    The IACR said in a statement that the lack of results was due to one of the trustees “irretrievably” losing their private key, leaving it “technically impossible” for the firm to know the final verdict.

    American cryptographer Bruce Schneier told the BBC that failures in cryptographic systems often lie in the fact that “to provide any actual security” they have to be “operated by humans”.

    “Whether it’s forgetting keys, improperly sharing keys, or making some other mistake,” he said, “cryptographic systems often fail for very human reasons”.

    Voting for the IACR positions has been renewed and will run until 20 December.

    https://vote.heliosvoting.org/

    Reply
  31. Tomi Engdahl says:

    Weaponized file name flaw makes updating glob an urgent job
    PLUS: CISA issues drone warning; China-linked DNS-hijacking malware; Prison for BTC Samourai; And more
    https://www.theregister.com/2025/11/23/infosec_news_in_brief/

    Infosec In Brief Researchers have urged users of the glob file pattern matching library to update their installations, after discovery of a years-old remote code execution flaw in the tool’s CLI.

    Glob is used to find files using wildcards, is typically run as a library API, and is an all but universal part of the JavaScript stack. This vulnerability lives in glob’s CLI tool – specifically the tool’s –c flag used to execute commands on matching files.

    Spotted by security researchers at automated infosec outfit AISLE, the project’s GitHub page describes the 7.5-rated vuln (CVE-2025-64756) as follows.

    Reply
  32. Tomi Engdahl says:

    https://www.darkreading.com/threat-intelligence/iran-exploits-cyber-domain-kinetic-strikes

    Reply
  33. Tomi Engdahl says:

    Luuletko, että uusin Wi-Fi-salaus on turvallinen?
    https://etn.fi/index.php/13-news/18221-luuletko-ettae-uusin-wi-fi-salaus-on-turvallinen

    Langattomien lähiverkkojen uusin salausstandardi WPA3 esiteltiin aikoinaan korjauksena kaikkiin niihin puutteisiin, jotka tekivät WPA2-suojaustavasta altin hyökkäyksille. Uuden standardin piti estää salasanojen murtaminen offline-tilassa, torjua valelaitteiden luominen ja suojata langattoman verkon ohjausliikenne, jota hyökkääjät ovat vuosia käyttäneet laitteiden pakottamiseen irti verkosta. Sveitsiläis-saksalaisen yliopiston (SGU) tuore katsaus kuitenkin muistuttaa, että todellisuus on mutkikkaampi. WPA3 on kaukana haavoittumattomasta.

    Suurimmat ongelmat liittyvät WPA3:n keskeisiin turvamekanismeihin. Niistä merkittävin on Simultaneous Authentication of Equals eli SAE-kättely, jonka tarkoitus on estää salasanan löytämistä arvioimalla verkon vastauksia ulkopuolella. Tutkijat löysivät kuitenkin jo 2019 Dragonblood-nimisen haavoittuvuuden, jonka avulla kättelyä voi yhä käyttää vihjeiden keräämiseen salasanasta. Ajoituksen analysointi riittää antamaan hyökkääjälle mahdollisuuden murtaa salasana offline-hyökkäyksellä – juuri sellainen, jonka WPA3 lupasi estää.

    Myös WPA3:n toinen kulmakivi, Management Frame Protection, osoittautuu käytännössä puutteelliseksi. Standardin tulkinnanvaraiset säännöt tarkoittavat, että osa laitteista hyväksyy edelleen suojaamattomia ohjausviestejä. Lisäksi niin sanotut beacon-kehykset, jotka kertovat verkon asetuksista, ovat kokonaan suojaamatta.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*