Featured image of post Cybersecurity Week in Review: November 4, 2025 – November 10, 2025
NEWS

Cybersecurity Week in Review: November 4, 2025 – November 10, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Major Data Breaches

16 Billion Passwords Exposed in Colossal Data Breach

A record-breaking data breach has resulted in the exposure of 16 billion login credentials, making it the largest such incident in history. The credentials, sourced from various infostealers, are distributed across 30 different databases, with some overlap. Notably, the data is recent and not recycled from previous breaches, giving cybercriminals unprecedented access to personal credentials for account takeovers, identity theft, and targeted phishing attacks. The breach includes credentials for social media, corporate tools, VPNs, and developer platforms. Researchers warn that new leaks continue to surface, highlighting the ongoing threat posed by infostealer malware and the risks associated with holding large amounts of sensitive data, even without malicious intent1.

Motility Software Solutions Data Breach

Motility Software Solutions, a dealership software provider, suffered a ransomware attack that exposed sensitive personal data of approximately 766,000 customers. The compromised information includes full names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, and driver’s license numbers. The attack occurred on August 19, 2025, but its impact and details were highlighted in October 2025, reinforcing the persistent threat of ransomware to organizations handling large volumes of personal data2.

Significant Cyberattacks

Hyper-V Malware Campaign by Curly COMrades

A sophisticated threat actor known as Curly COMrades, reportedly supporting Russian geopolitical interests, has been observed abusing Microsoft’s Hyper-V hypervisor on compromised Windows machines. The attackers created a hidden Alpine Linux-based virtual machine to deploy malicious payloads, allowing malware to operate outside the host OS’s visibility and bypass endpoint security tools. The campaign, observed in July 2025, involved the deployment of CurlyShell and CurlyCat malware. Attackers used the Windows Deployment Image Servicing and Management (DISM) tool to enable Hyper-V, disabled its graphical interface, and imported a pre-built VM disguised as the Windows Subsystem for Linux. This method enabled malicious outbound communication to appear as legitimate host traffic, complicating detection and forensics. The campaign demonstrates the increasing sophistication of threat actors in evading EDR/XDR solutions through VM isolation3.

Widespread Exploitation of Microsoft SharePoint Vulnerabilities

A major ongoing cyberattack has targeted on-premises Microsoft SharePoint servers, with attackers exploiting vulnerabilities in widespread campaigns. Microsoft has released patches for all affected SharePoint servers, but researchers warn that attackers will continue to exploit these vulnerabilities for months. Some attacks have been linked to China-based threat actors, and the wave of “ToolShell” compromises has affected numerous companies and government agencies. The incident underscores the persistent risk posed by unpatched enterprise software and the operationalization of new vulnerabilities by threat actors45.

October 2025: High-Profile Attacks and Ransomware Campaigns

October 2025 saw a surge in advanced security breaches, including ransomware attacks, supply chain compromises, and data theft affecting major enterprises and institutions such as Motility Software Solutions, Envoy Air, Harvard University, Volkswagen France, and WestJet. Attackers increasingly targeted trusted connections, third-party systems, and business applications, exploiting vulnerabilities in commercial and industrial platforms. The incidents highlight the need for proactive cyber readiness and structured incident response planning to mitigate financial, operational, and reputational damage2.

Critical Vulnerabilities

Microsoft SharePoint Vulnerabilities

Critical vulnerabilities in on-premises Microsoft SharePoint servers have been actively exploited in widespread attacks. Microsoft has issued patches, but the vulnerabilities remain a significant risk as attackers continue to target unpatched systems. The exploitation has been linked to both criminal and state-sponsored actors, including those associated with China. The vulnerabilities have enabled attackers to compromise hundreds of organizations, including major U.S. government departments45.

F5 BIG-IP Vulnerability

A critical vulnerability in F5’s BIG-IP platform was exploited in October 2025, contributing to the wave of high-profile cyberattacks. The incident demonstrates the attractiveness of widely deployed business systems as targets for adversaries and the importance of timely patching and vulnerability management2.

Government Cybersecurity Responses

U.S. Government Response to Heightened Cyber Threats

The U.S. House Committee on Homeland Security released an updated “Cyber Threat Snapshot,” highlighting the increased threats from nation-state actors such as China, Iran, Russia, and North Korea. The report notes a 150% rise in PRC cyber espionage efforts in 2024, with targeted attacks on financial services, media, manufacturing, and industrial sectors increasing by 300%. The Salt Typhoon campaign compromised at least nine major telecommunications providers and targeted 80 countries. In July 2025, PRC-associated threat actors exploited Microsoft SharePoint vulnerabilities to compromise over 400 organizations, including key U.S. government departments. The report emphasizes the need for enhanced interagency coordination and warns that the ongoing federal government shutdown and lapse in information sharing authorities are constraining the government’s ability to defend against cyber threats5.

  • Cybercriminals are increasingly using advanced techniques such as VM isolation to evade detection and maintain long-term access to target networks.
  • Ransomware and data theft attacks continue to disrupt businesses across all sectors, with new threat groups and malware variants emerging regularly.
  • The discovery of massive data leaks and the exploitation of critical vulnerabilities in widely used platforms underscore the importance of proactive cyber readiness, regular patching, and structured incident response planning for organizations of all sizes34152.

Sources:

1: [Source 1]
2: [Source 2]
3: [Source 3]
4: [Source 4]
5: [Source 5]

© 2025 Senthorus Blog