Check our highlights from the cybersecurity world!
1. Significant surge in cyberattacks targeting Christmas and Black Friday shoppers
In the run-up to the 2025 holiday season, there has been a notable rise in cyber threats targeting online commerce. Over 18,000 holiday-themed domains have been registered in the past three months, mimicking legitimate retailers to carry out phishing schemes. These domains utilise popular keywords such as “Christmas” and “Black Friday” to boost search rankings and deceive shoppers.
Credential theft is also on the rise, with 1.57 million stolen login accounts from major e-commerce sites being sold in underground markets. Attackers exploit critical vulnerabilities, particularly in Adobe Magento, allowing for remote code execution and session takeover. Malicious payloads are injected into input fields to gain administrative access, facilitating data theft through backdoors and web skimmers.
Merchants are urged to apply security patches immediately to protect against these threats.
2. Over 2 million attacks recorded during Black Friday shopping spike
Recap of threat detections during this year’s 2025 Black Friday:
- Over 2 million phishing attacks targeted online gamers and shoppers, particularly through campaigns that impersonated platforms like Discord and Steam.
- In the first two weeks of November alone, more than 146,000 Black Friday-themed spam messages were detected, with Amazon being a primary target. For comparison, from January to October, 6.4 million phishing attempts were blocked, with 48.2% of these aimed at online shoppers, an increase from 37.5% in 2024.
- Sophisticated delivery methods, including RiskTool variants, accounted for 17.8 million detections. Downloaders and banking Trojans also played significant roles, capturing login credentials and enabling fraudulent transactions. The scam pages used urgency messaging and polished designs to deceive users.
3. Windows 11 24H2 Update KB5062553 disrupts logon process
Microsoft has acknowledged a significant disruption affecting Windows 11 version 24H2 users after installing cumulative update KB5062553. The issue mainly impacts Virtual Desktop Infrastructure (VDI) environments and devices on first user logon, causing empty taskbars, unresponsive Start buttons, and crashes of the explorer.exe process.
The root cause is a race condition involving XAML components that prevents the timely registration of dependency packages. Microsoft is working on a permanent solution. IT administrators can temporarily restore functionality by manually registering missing packages or using a synchronous logon script to block explorer.exe from launching until the packages are provisioned.
4. 3.5 billion phone numbers exposed due to WhatsApp flaw
A significant security flaw in WhatsApp has exposed the phone numbers of 3.5 billion users, highlighting major privacy concerns. The vulnerability, linked to the app's contact discovery feature, has persisted despite warnings to Meta since 2017.
Researchers exploited this flaw using a few authenticated accounts to probe 63 billion numbers, revealing 3.5 billion active ones within six months. Additionally, the study found 2.9 million cases of public key reuse, posing risks to end-to-end encryption. This data leak overlaps with previous breaches, increasing the potential for scams and targeted attacks.
Cybersecurity experts advise users to set profiles to private and watch for suspicious activity to improve security. The incident highlights the challenges of protecting large platforms and the dangers of public data collection.
5. When the Internet pauses: Cloudflare global outage
On November 18, a significant outage at Cloudflare disrupted numerous digital services worldwide, impacting platforms such as X, Gemini, ChatGPT, Perplexity, Google Cloud, Canva, and even popular games like League of Legends and Valorant. Millions of users experienced slow-loading pages or complete service interruptions.
This incident followed a similar outage at AWS in October, serving as a stark reminder of the internet's vulnerabilities.
The Cloudflare outage stemmed from a faulty database change that led to an oversized file disrupting Cloudflare’s traffic management system. This oversized file, essential for the Bot Management system, doubled in size and propagated throughout Cloudflare’s global network, resulting in software failures and traffic issues. Luckily, Cloudflare's engineering team quickly diagnosed the problem and implemented a fix within hours.
This incident underscores the heavy reliance on a handful of global providers for internet services and prompts a serious reassessment of how we structure and deliver digital solutions.
We must prioritise resilience over convenience and ensure that organisations aren't overly reliant on a single provider by having alternative strategies in place.
6. Microsoft November 2025 Patch Tuesday
Microsoft's November 2025 Patch Tuesday addresses 63 vulnerabilities, including one zero-day vulnerability that is presently exploited. The security update covers a wide range of products and services like Windows, Office, Azure, and Visual Studio. The main flaw categories addressed in the patch are remote code execution (RCE) and elevation of privilege (EoP) issues. Users are urged to update their software immediately.
7. Samsung Galaxy phones targeted by spyware operation
A spyware operation named LANDFALL targeted Samsung Galaxy devices by exploiting a zero-day vulnerability in the libimagecodec.quram.so library, allowing attackers to infiltrate phones via images shared on WhatsApp. Active since mid-2024, this campaign deployed commercial-grade malware for comprehensive device surveillance without user interaction.
It specifically affected Galaxy models S22, S23, S24, and Z series running Android 13 to 15. The vulnerability was patched in April 2025 after reports of in-the-wild exploitation emerged.
Users are advised to stay vigilant with image previews and keep their devices updated to prevent similar threats, emphasising the importance of collaboration between vendors and researchers to combat evolving spyware.
8. Emergency Chrome Patch. Update now!
Google has released an urgent security patch for Chrome to address five vulnerabilities, including critical flaws in WebGPU and the V8 JavaScript engine. Three of the flaws are high-severity issues that could lead to memory corruption and arbitrary code execution, while two medium-severity flaws in the Omnibox may pose phishing risks. Users are urged to check for updates and apply the patch, while enterprises should enforce auto-updates and monitor for unusual activity.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!