Weekly Cyber Threat Intelligence Report: (10–16 Nov 2025)
The cybersecurity landscape continues to evolve at unprecedented speed, with new vulnerabilities, data breaches, and threat actor activities emerging every week. Our Weekly Cyber Threat Advisory (10–16 November 2025) highlights the most significant developments shaping enterprise security. This report provides CISOs, IT administrators, SOC teams, and compliance leaders with actionable insights to strengthen their defensive posture and stay ahead of emerging threats.
1. Critical Vulnerabilities Exposed in Major Enterprise Products
Four high-impact vulnerabilities dominated the week, affecting widely deployed enterprise tools and increasing the risk of remote code execution, privilege escalation, and account takeover attacks.
1.1 Critical RCE Flaw in pgAdmin4 (CVE-2025-12762)
A severe remote code execution flaw (CVSS 9.3) was disclosed in pgAdmin4 server mode affecting all versions up to 9.9. Authenticated users could upload malicious PostgreSQL dump files that inject OS-level commands during restore operations.
Risk: High impact on confidentiality, moderate impact on integrity and availability.
Mitigation: Immediate upgrade to version 10.0+, disable PLAIN-format restores, and restrict access to restore functions.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-12762
1.2 Public Exploit Released for FortiWeb WAF (CVE-2025-64446)
A Proof-of-Concept exploit was released publicly, targeting a critical vulnerability (CVSS 9.8) in FortiWeb WAF versions 6.3.0–7.4.6.
Attackers can bypass authentication, manipulate admin accounts, and potentially gain remote code execution.
Risk: Active exploitation confirmed since October 2025.
Mitigation: Urgent patch to version 7.4.7 and restrict access to CGI endpoints.
Reference: https://fortiguard.fortinet.com/psirt/FG-IR-25-910
1.3 Dell Data Lakehouse Privilege Escalation (CVE-2025-46608)
A critical vulnerability allowing remote privilege escalation impacts Dell’s Data Lakehouse platform.
Risk: Attackers can escalate privileges beyond authorized levels without user interaction.
Mitigation: Upgrade to 1.6.0.0 and review access control logs.
1.4 Zoom Workplace Windows Client Elevation of Privilege (CVE-2025-64740)
A high-severity vulnerability affecting Zoom Workplace VDI Client for Windows allows local users to gain admin-level rights through a manipulated installer.
Mitigation: Upgrade to patched versions (6.3.14 / 6.4.12 / 6.5.10), enforce MFA, restrict installer permissions.
Reference: https://www.zoom.com/en/trust/security-bulletin/zsb-25042/
2. Major Attack Campaigns & Data Breaches
2.1 The Washington Post Data Breach Affects Nearly 10,000 Staff
A breach involving Oracle E-Suite systems compromised personal identifiers of almost 9,720 staff.
Key Impact: Delayed detection of over 3 months highlights the importance of real-time threat monitoring and identity theft protections.
2.2 Checkout.com Breach by ShinyHunters
A decommissioned legacy cloud system exposed internal documentation and merchant onboarding materials.
Key Impact: No financial data compromised, but legacy cloud storage mismanagement reinforces the need for secure decommissioning processes.
Reference: https://www.checkout.com/blog/protecting-our-merchants-standing-up-to-extortion
3. Security News & Emerging Threats
3.1 IndonesianFoods NPM Spam Malware Campaign
More than 43,000 spam packages were found in the NPM registry, part of a stealthy two-year campaign generating random package versions every 7–10 seconds.
Threat: Dependency poisoning at scale; potential for future malicious payload delivery.
Mitigation: Enforce lockfile-only installs, heightened package auditing, and npm high-level security alerts.
Reference: https://www.endorlabs.com/learn/the-great-indonesian-tea-theft-analyzing-a-npm-spam-campaign
3.2 CISA Alert on Akira Ransomware — 250+ Organisations Impacted
Akira ransomware continues to evolve with new malware variants targeting Windows, Linux, ESXi, and Nutanix systems.
Key Impact: Victims paid over $244M in ransom, with attackers often exploiting weak VPNs and unpatched systems.
Mitigation: Enforce MFA, patch exploits like CVE-2024-40766, and monitor for file exfiltration tools.
Reference: https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-109a
3.3 “The COM” English-Speaking Cybercrime Group Expands Globally
A long-standing ecosystem of cybercriminals, now highly organized, specializing in vishing, OSINT, and credential theft.
Threat Actors: Groups like Lapsus$ and ShinyHunters demonstrate “leak-and-brag” extortion tactics.
Mitigation: Employee vishing awareness training, MFA enforcement, and strict privilege monitoring.
Conclusion
The increased sophistication of ransomware groups, supply-chain manipulation through package ecosystems, and high-impact enterprise vulnerabilities highlight a critical need for:
Continuous vulnerability scanning
- 24*7 SOC service
- Proactive patch management
- Zero-trust controls
- Strong identity governance
- Advanced threat detection and monitoring
Stay vigilant, stay updated, and strengthen your cybersecurity posture. To know more about our cyber threat management services including 24X7 SOC service, contact: Crowe UAE | [email protected] | +971 542468006