Daily Security Digest – 2025-11-11
🛡️ Security Feed Digest – 2025-11-11
Total Articles: 22 SMB Tagged: 22
High-Risk
- [SMB] Patch Tuesday - November 2025
https://rapid7.com/blog/post/em-patch-tuesday-november-2025
Tue, 11 Nov 2025 20:58:18 GMT
Microsoft is publishing 66 new vulnerabilities today, which is far fewer than we’ve come to expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote... - [SMB] Security Researchers at Proton Warn of Massive Credential Exposure
https://cysecurity.news/2025/11/security-researchers-at-proton-warn-of.html
2025-11-11T04:22:00.003-05:00
Data is becoming the most coveted commodity in the ever-growing digital underworld, and it is being traded at an alarming rate. In a recent investigation conducted by Proton, it has been revealed that there are currently more than 300 million stolen credentials circulating across dark web marketplac... - [SMB] Deepfake of Finance Minister Lures Bengaluru Homemaker into ₹43.4 Lakh Trading Scam
https://cysecurity.news/2025/11/deepfake-of-finance-minister-lures.html
2025-11-10T10:45:00.001-05:00
You probably are too busy to read through what links you might be clicking on? Read this story as your final wake-up call. A deceptive social media video that appeared to feature Union Finance Minister Nirmala Sitharaman has cost a Bengaluru woman her life’s savings. The 57-year-old homemak... - [SMB] Akira Ransomware Claims 23GB Data Theft in Alleged Apache OpenOffice Breach
https://cysecurity.news/2025/11/akira-ransomware-claims-23gb-data-theft.html
2025-11-10T10:32:00.011-05:00
The group communicates in Russian on dark web forums and is known to avoid attacking computers configured with Russian-language keyboards. The Akira ransomware group has reportedly claimed responsibility for breaching Apache OpenOffice, asserting that it stole 23 gigabytes of sensitive internal dat... - [SMB] CISA Warns: Linux Kernel Flaw Actively Exploited in Ransomware Attacks
https://cysecurity.news/2025/11/cisa-warns-linux-kernel-flaw-actively.html
2025-11-10T07:45:00.001-05:00
A critical Linux kernel vulnerability (CVE-2024-1086) is now actively exploited in ransomware attacks, according to a recent update from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). First publicly disclosed on January 31, 2024, this flaw stems from a decade-old code commit to th... - [SMB] Nearly 50% of IoT Device Connections Pose Security Threats, Study Finds
https://cysecurity.news/2025/11/nearly-50-of-iot-device-connections.html
2025-11-09T23:17:00.000-05:00
As organizations rely more on connected devices to improve efficiency, the attack surface grows wider. A new security analysis has revealed that nearly half of all network communications between Internet of Things (IoT) devices and traditional IT systems come from devices that pose serious ...
Policy
- [SMB] UK Digital ID Faces Security Crisis Ahead of Mandatory Rollout
https://cysecurity.news/2025/11/uk-digital-id-faces-security-crisis.html
2025-11-11T07:24:00.001-05:00
The UK’s digital ID system, known as One Login, triggered major controversy in 2025 due to serious security vulnerabilities and privacy concerns, leading critics to liken it to the infamous Horizon scandal. One Login is a government-backed identity verification platform designed for access to p... - [SMB] Zero STT Med Sets New Benchmark in Clinical Speech Recognition Efficiency
https://cysecurity.news/2025/11/zero-stt-med-sets-new-benchmark-in.html
2025-11-10T06:04:00.001-05:00
Shunyalabs.ai has taken a decisive step into transforming medical transcription and clinical documentation by introducing Zero STT Med, a powerful automatic speech recognition (ASR) system developed especially for the medical and clinical fields. Shunyalabs.ai is a pioneer in enterprise-grade Voice ... - [SMB] TP-Link Routers May Get Banned in US Due to Alleged Links With China
https://cysecurity.news/2025/11/tp-link-routers-may-get-banned-in-us.html
2025-11-10T04:40:00.004-05:00
TP-Link routers may soon shut down in the US. There's a chance of potential ban as various federal agencies have backed the proposal. TP-Link routers may soon shut down in the US. There's a chance of potential ban as various federal agencies have backed the proposal. Alleged links with China The ...
Awareness
- [SMB] OWASP Top 10: Broken access control still tops app security list
https://theregister.com/2025/11/11/new_owasp_top_ten_broken
2025-11-11T13:26:40.00Z
The Open Worldwide Application Security Project (OWASP) just published its top 10 categories of application risks for 2025, its first list since 2021. It found that while broken access control remains the top issue, security misconfiguration is a strong second, and software supply chain issues are s... - [SMB] New Attacks Against Secure Enclaves
https://schneier.com/blog/archives/2025/11/new-attacks-against-secure-enclaves.html
2025-11-10T12:04:55Z
New Attacks Against Secure Enclaves Encryption can protect data at rest and data in transit, but does nothing for data in use. What we have are secure enclaves. I’ve written about this before: Almost all cloud services have to perform some computation on our data. Even the simplest storage provide... - [SMB] TRAI Approves Caller Name Display Feature to Curb Spam and Fraud Calls
https://cysecurity.news/2025/11/trai-approves-caller-name-display.html
2025-11-10T09:05:00.001-05:00
The Telecom Regulatory Authority of India (TRAI) has officially approved a long-awaited proposal from the Department of Telecommunications (DoT) to introduce a feature that will display the caller’s name by default on the receiver’s phone screen. Known as the Calling Name Presentation (CNAP) feature...
Emerging
- [SMB] The AI Fix #76: AI self-awareness, and the death of comedy
https://grahamcluley.com/the-ai-fix-76
Tue, 11 Nov 2025 15:27:25 +0000
News and views from the world of artificial intelligence. In episode 76 of The AI Fix, two US federal judges blame AI for imaginary case law, a Chinese “humanoid” dramatically sheds its skin onstage, Toyota unveils a crabby walking chair creeps us out, Google plans AI chips in orbit, robot dogs get... - [SMB] Prompt Injection in AI Browsers
https://schneier.com/blog/archives/2025/11/prompt-injection-in-ai-browsers.html
2025-11-11T12:08:48Z
This is why AIs are not ready to be personal assistants: A new attack called ‘CometJacking’ exploits URL parameters to pass to Perplexity’s Comet AI browser hidden instructions that allow access to sensitive data from connected services, like email and calendar. In a realistic scenario, no credent...
Controls
- [SMB] Patch Now: Microsoft Flags Zero-Day & Critical Zero-Click Bugs
https://darkreading.com/vulnerabilities-threats/patch-now-microsoft-zero-day-critical-zero-click-bugs
Tue, 11 Nov 2025 20:23:44 GMT
Security teams may have a less burdensome rollout in November after October's Goliath Patch Tuesday, but shouldn't wait on a few top-priority fixes.... - [SMB] Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws
https://bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws
Tue, 11 Nov 2025 13:45:29 -0500
Today is Microsoft's November 2025 Patch Tuesday, which includes security updates for 63 flaws, including one actively exploited zero-day vulnerability. This Patch Tuesday also addresses four "Critical" vulnerabilities, two of which are remote code execution vulnerabilities, one is an elevation of ... - [SMB] Microsoft Patch Tuesday for November 2025, (Tue, Nov 11th)
https://isc.sans.edu/diary/rss/32468
Tue, 11 Nov 2025 19:24:30 GMT
Today's Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical. Notable Vulnerabilities: CVE-2025-62215: This vulnerability is already being exploited. It is a privilege escalation vulnerability i... - [SMB] Microsoft Patch Tuesday for November 2025 — Snort rules and prominent vulnerabilities
https://blog.talosintelligence.com/microsoft-patch-tuesday-november-2025
Tue, 11 Nov 2025 18:19:21 GMT
Microsoft has released its monthly security update for November 2025, which includes 63 vulnerabilities affecting a range of products, including 5 that Microsoft marked as “critical.” Current intelligence shows that one of the important vulnerabilities, CVE-2025-62215, has already been detected in t... - [SMB] Protecting What Powers Business: Rapid7 and Microsoft Partner to Simplify Security
https://rapid7.com/blog/post/pt-rapid7-partner-mdr-for-microsoft
Mon, 10 Nov 2025 14:00:00 GMT
Across industries, Microsoft is everywhere. It powers productivity, collaboration, and security through Defender, Sentinel, Entra, and the broader Microsoft ecosystem that underpins how modern organizations operate. ⠀ As organizations deepen their Microsoft investments, there’s an even greater opp...
Other
- [SMB] OWASP Highlights Supply Chain Risks in New Top 10 List
https://darkreading.com/application-security/owasp-highlights-supply-chain-risks-new-top-10
Mon, 10 Nov 2025 22:14:09 GMT
Security misconfiguration jumped to second place while injection vulnerabilities dropped, as organizations improve defenses against traditional coding flaws.... - [SMB] Drilling Down on Uncle Sam’s Proposed TP-Link Ban
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban
Sun, 09 Nov 2025 18:14:40 +0000
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Lin... - [SMB] European Governments Turn to Matrix for Secure Sovereign Messaging Amid US Big Tech Concerns
https://cysecurity.news/2025/11/european-governments-turn-to-matrix-for.html
2025-11-11T09:18:00.000-05:00
A growing number of European governments are turning to Matrix, an open-source messaging architecture, as they seek greater technological sovereignty and independence from US Big Tech companies. Matrix aims to create an open communication standard that allows users to message each other regardless o...