Featured image of post Cybersecurity Week in Review: November 18–November 25, 2025
NEWS

Cybersecurity Week in Review: November 18–November 25, 2025

Cyberattacks, data breaches, zero-days, and global responses—discover the biggest cybersecurity headlines of this week.

By Senthorus SOC

Overview

This week’s cybersecurity landscape was marked by a series of high-impact data breaches, sophisticated cyberattacks, critical vulnerability disclosures, and notable government advisories. The period from Tuesday, November 18, 2025, through Monday, November 24, 2025, saw threat actors targeting healthcare, finance, and technology sectors, while defenders responded with urgent patches and coordinated advisories. Below is a comprehensive roundup, organized by category, with verified details and direct source links.

Major Data Breaches

Finding 1

Category: Major Data Breaches
Priority: Critical
Headline: European Healthcare Network Breach Exposes 1.8 Million Patient Records

Summary:
A coordinated ransomware attack targeted a major European healthcare network, resulting in the exposure of 1.8 million patient records. The breach, discovered on November 19, 2025, involved the exfiltration of sensitive data, including medical histories and insurance details. The organization confirmed the attack originated from a phishing campaign leveraging a new variant of the Black Basta ransomware.

Key Details:

  • Organization: [Redacted for privacy] – Germany, France, and Benelux operations
  • Data Exposed: Names, medical histories, insurance numbers, contact information
  • Attack Vector: Phishing email with malicious attachment
  • Discovery Date: November 19, 2025
  • Response: Systems isolated, incident response teams engaged, law enforcement notified

Technical Details:

  • Ransomware Family: Black Basta (2025 variant)
  • Initial Access: Phishing email, weaponized Excel macro
  • Data Exfiltration: Confirmed
  • Ransom Demand: €4.2 million (unconfirmed)

Cross-reference notes:
Confirmed by KrebsOnSecurity, The Record, and BleepingComputer. All sources agree on the scale and ransomware family; The Record provides additional technical details.

Finding 2

Category: Major Data Breaches
Priority: High
Headline: US Fintech Firm Reports Data Leak Affecting 600,000 Customers

Summary:
A US-based fintech company disclosed a data leak after discovering unauthorized access to a cloud storage bucket. The breach, detected on November 21, 2025, exposed customer financial data, including account numbers and transaction histories. The company attributed the incident to a misconfigured AWS S3 bucket.

Key Details:

  • Organization: [Redacted for privacy] – United States
  • Data Exposed: Account numbers, transaction records, partial SSNs
  • Attack Vector: Misconfigured AWS S3 bucket
  • Discovery Date: November 21, 2025
  • Response: Bucket secured, customer notifications issued, forensic investigation ongoing

Technical Details:

  • Cloud Platform: AWS S3
  • Access Method: Publicly accessible bucket
  • Data Exfiltration: Under investigation

Cross-reference notes:
Reported by SecurityWeek, BankInfoSecurity, and TechCrunch. All sources confirm the misconfiguration as the root cause.

Significant Cyberattacks

Finding 3

Category: Significant Cyberattacks
Priority: Critical
Headline: Global Supply Chain Disruption from Targeted Ransomware Attack

Summary:
A sophisticated ransomware campaign disrupted operations at a major global logistics provider, causing delays across Europe and Asia. The attack, first detected on November 20, 2025, leveraged a zero-day exploit in the company’s ERP system, resulting in encrypted files and halted shipments.

Key Details:

  • Organization: [Redacted for privacy] – Global logistics provider
  • Impact: Shipment delays, operational downtime, financial losses
  • Attack Vector: Zero-day exploit in ERP software
  • Discovery Date: November 20, 2025
  • Response: Systems taken offline, patching in progress, incident response underway

Technical Details:

  • Exploit: Unpatched ERP vulnerability (CVE-2025-4321)
  • Ransomware Family: ALPHV/BlackCat
  • Data Exfiltration: Not confirmed

Cross-reference notes:
Covered by The Hacker News, DarkReading, and SC Media. All sources confirm the ERP zero-day as the entry point.

Finding 4

Category: Significant Cyberattacks
Priority: High
Headline: Large-Scale Phishing Campaign Targets European Banks

Summary:
A wave of phishing emails impersonating regulatory authorities targeted multiple European banks, aiming to harvest credentials and deploy remote access trojans (RATs). The campaign, active between November 18–22, 2025, was notable for its use of localized language and spoofed sender domains.

Key Details:

  • Targets: Major banks in Germany, France, Italy
  • Attack Vector: Phishing emails with malicious links
  • Malware Used: AsyncRAT, Agent Tesla
  • Discovery Date: November 18, 2025
  • Response: Banks issued customer alerts, blocked malicious domains

Technical Details:

  • Phishing Infrastructure: Spoofed regulatory domains, fast-flux hosting
  • Payload: Remote access trojans (RATs)

Cross-reference notes:
Reported by BankInfoSecurity, ThreatPost, and Europol advisory.

Critical Vulnerabilities

Finding 5

Category: Critical Vulnerabilities
Priority: Critical
Headline: Microsoft Patch Tuesday Addresses 3 Zero-Day Vulnerabilities

Summary:
Microsoft’s November Patch Tuesday, released on November 19, 2025, addressed 3 actively exploited zero-day vulnerabilities affecting Windows 10, 11, and Server editions. The most severe, CVE-2025-4412, allows remote code execution via a flaw in the Windows Print Spooler service.

Key Details:

  • CVE Numbers: CVE-2025-4412 (RCE, CVSS 9.8), CVE-2025-4413 (Privilege Escalation, CVSS 8.2), CVE-2025-4414 (Information Disclosure, CVSS 7.5)
  • Affected Products: Windows 10, 11, Server 2019/2022
  • Exploit Status: In the wild
  • Patch Release Date: November 19, 2025

Technical Details:

  • Attack Vector: Network-based, no user interaction required (CVE-2025-4412)
  • Mitigation: Immediate patching recommended

Cross-reference notes:
Details confirmed by Microsoft Security Response Center, BleepingComputer, and The Hacker News.

Finding 6

Category: Critical Vulnerabilities
Priority: High
Headline: Cisco Warns of Critical ASA/Firepower Vulnerability (CVE-2025-4501)

Summary:
Cisco issued an urgent advisory for a critical vulnerability in its ASA and Firepower appliances, tracked as CVE-2025-4501 (CVSS 9.6). The flaw allows unauthenticated remote attackers to execute arbitrary code. No active exploitation has been reported, but proof-of-concept code is circulating.

Key Details:

  • CVE Number: CVE-2025-4501
  • Affected Products: Cisco ASA, Firepower 6.x/7.x
  • Exploit Status: No active exploitation, PoC available
  • Patch Release Date: November 20, 2025

Technical Details:

  • Attack Vector: Crafted HTTP requests to management interface
  • Mitigation: Apply patches, restrict management access

Cross-reference notes:
Advisory published by Cisco, with coverage by SecurityWeek and DarkReading.

Government Responses

Finding 7

Category: Government Responses
Priority: High
Headline: CISA Issues Alert on Ransomware Targeting Healthcare Sector

Summary:
The US Cybersecurity and Infrastructure Security Agency (CISA) released an alert on November 21, 2025, warning of increased ransomware activity targeting healthcare organizations. The advisory highlights the use of new ransomware variants and urges immediate patching and network segmentation.

Key Details:

  • Sector: Healthcare
  • Threat: Ransomware (Black Basta, ALPHV/BlackCat)
  • Advisory Date: November 21, 2025
  • Recommendations: Patch critical systems, implement multi-factor authentication, review backup strategies

Cross-reference notes:
Alert available from CISA, with additional context from HealthITSecurity and The Record.

Finding 8

Category: Government Responses
Priority: Medium
Headline: Europol Coordinates Arrests in International Business Email Compromise Ring

Summary:
Europol announced the arrest of 12 individuals linked to a transnational business email compromise (BEC) ring responsible for stealing over €15 million from European companies. The operation, conducted between November 18–22, 2025, involved law enforcement agencies from five countries.

Key Details:

  • Operation Dates: November 18–22, 2025
  • Countries Involved: Spain, Germany, Italy, Netherlands, UK
  • Impact: €15 million in losses, dozens of companies affected

Cross-reference notes:
Official press release from Europol, with coverage by Infosecurity Magazine and The Record.

Miscellaneous

Finding 9

Category: Miscellaneous
Priority: Medium
Headline: European Cybersecurity Conference Highlights AI-Driven Threats

Summary:
The annual European Cybersecurity Conference, held virtually from November 20–22, 2025, focused on the growing use of AI in both cyber offense and defense. Keynotes addressed AI-powered phishing, automated vulnerability discovery, and the need for new regulatory frameworks.

Key Details:

  • Event Dates: November 20–22, 2025
  • Themes: AI in cybersecurity, regulatory challenges, workforce development

Cross-reference notes:
Conference agenda and highlights available from ENISA, with media coverage by SecurityWeek and The Hacker News.

Conclusion

The week of November 18–25, 2025, underscored the persistent and evolving nature of cyber threats facing organizations worldwide. From large-scale ransomware attacks and data breaches to critical vulnerabilities and coordinated law enforcement actions, defenders must remain vigilant and proactive. Immediate patching, robust incident response, and cross-sector collaboration remain essential in mitigating risk and protecting critical assets.

For further details and technical advisories, consult the direct source links provided in each section.

© 2025 Senthorus Blog