The week of November 17–23, 2025 has been marked by significant cybersecurity incidents, critical vulnerabilities, and notable attack campaigns impacting global organizations. From newly discovered software flaws to massive brute-force attacks and innovative malware campaigns, threat actors are relentlessly targeting weaknesses in digital systems. This advisory breaks down the week's major developments, essential vulnerabilities, and actionable defense measures for organizations and IT professionals.

Critical Vulnerabilities: Immediate Actions Needed

• SonicWall SonicOS SSLVPN Flaw (CVE-2025-40601):

A new stack-based buffer overflow vulnerability was identified in SonicWall Gen7 and Gen8 firewalls running the SSLVPN service. Exploitation could enable a remote attacker to crash the firewall, disrupting business continuity. While no attacks have been observed in the wild, SonicWall has released firmware patches and recommends temporarily restricting SSLVPN access to trusted IPs if immediate upgrades aren't possible.

Reference: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0016

• Grafana Maximum Severity Flaw (CVE-2025-41115):

Grafana's SCIM provisioning feature contains a critical impersonation flaw (CVSS 10.0) allowing attackers to escalate privileges and compromise admin accounts. All enterprise instances with the SCIM feature enabled are urged to upgrade to the latest version, disable SCIM if unused, and audit client configurations right away.

Reference: https://grafana.com/blog/2025/11/19/grafana-enterprise-security-update-critical-severity-security-fix-for-cve-2025-41115/

• Azure Application Gateway (CVE-2025-64657):

Microsoft Azure Application Gateway was subject to a high-severity elevation-of-privilege vulnerability. Fortunately, Microsoft has already mitigated this issue, with no customer intervention needed. This underlines the importance of regular vendor updates and cloud provider transparency

Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64657

Notable Cyberattack Campaigns

• Princeton University Data Breach:

Attackers accessed a donor database comprising personal information of alumni, faculty, and students. Although financial details and passwords weren't compromised, exposed data presents ongoing phishing and social engineering risks. Monitoring for identity theft and following institutional security communications are crucial for those affected.

Reference: https://oit.princeton.edu/cybersecurity-incident-information-and-faq

• Eurofiber France Customer Data Leak:

Hackers exploited a flaw in the Eurofiber France ticket platform, leading to restricted data exposure. Quick response actions included patching, platform hardening, cooperation with data protection authorities, and alerting customers to enable multi-factor authentication.

Reference: https://www.eurofiber.com/fr-fr/actualites/incident-de-cybersecurite-chez-eurofiber-france

Security News

• Massive Brute-Force on GlobalProtect VPN:

Palo Alto Networks' GlobalProtect VPN portals experienced an unprecedented 2.3 million brute-force attack attempts in a week, a 40x spike. The activity links to known actors targeting VPN and authentication services. Organizations using GlobalProtect should, at minimum, enforce multi-factor authentication, monitor access attempts, and block suspicious IPs.

Reference: https://www.greynoise.io/blog/palo-alto-scanning-surges-90-day-high

• Malicious VPN Chrome Extensions:

Researchers revealed a long-term malware campaign affecting nine million users via “Free Unlimited VPN” Chrome extensions. Extensions acted as spyware, capturing browsing data, credentials, and even enabling proxy hijacking. Users must uninstall questionable extensions, reset Chrome proxy settings, and avoid free VPN products, which pose severe privacy risks.

Reference: https://layerxsecurity.com/blog/rolypoly-vpn-the-malicious-free-vpn-extension-that-keeps-coming-back/

• Record Azure DDoS Attack:

Microsoft Azure successfully defended against a record 15.7 Tbps distributed denial-of-service (DDoS) attack orchestrated by the Aisuru botnet, which mainly exploited IoT devices. Automated defense mechanisms ensured zero customer downtime. This incident highlights the importance of advanced DDoS protection and regular testing of organizational cyber resilience.

Reference: https://techcommunity.microsoft.com/blog/azureinfrastructureblog/defending-the-cloud-azure-neutralized-a-record-breaking-15-tbps-ddos-attack/4470422

Essential Cybersecurity Best Practices

• Apply security patches and updates promptly for all critical systems, especially security products, cloud platforms, and widely used enterprise applications.
• Enforce robust multi-factor authentication on VPNs, customer portals, and remote access solutions.
• Regularly audit third-party extensions and software integrations for hidden threats.
• Conduct DDoS simulations and establish incident response strategies to minimize downtime from large-scale attacks.
• Educate employees and end-users on phishing techniques, data privacy risks, and security reporting protocols.