Skip to main content
Meet us at Black Hat USA 2026— Las Vegas, August 1–6Book a Meeting
Mallory
Back to intelligence
breach-disclosure-notificationransomware-group-operationoperational-disruptionactively-exploited-vulnerability

Summary of Major Cybersecurity Incidents and Threat Intelligence Developments

Updated 2d agoFirst seen Nov 19, 20257 sources

Multiple organizations worldwide experienced significant cybersecurity incidents, including ransomware attacks, data breaches, and exploitation of zero-day vulnerabilities. Notable events include a ransomware attack on LG's battery subsidiary by the Akira group, a confirmed breach at Logitech linked to the Clop ransomware group, and a data breach at DoorDash affecting user information. The UK National Health Service (NHS) was compromised via an Oracle EBS zero-day, and Princeton University suffered a data breach impacting alumni, donors, faculty, students, and parents. Additional incidents involved the hacking of Somalia's e-visa system, resulting in the theft of over 35,000 applicants' data, and the disruption of Russian port operator Port Alliance due to a cyberattack. These incidents highlight the ongoing threat posed by ransomware groups, zero-day exploits, and targeted attacks on critical infrastructure and service providers.

Security news roundups and technical digests reported on these incidents alongside broader threat intelligence developments. Updates included new and refined detection rules for cloud environments (AWS, Azure), Linux, and Windows, as well as coverage of phishing campaigns, credential theft, and the abuse of legitimate tools for persistence and lateral movement. The cybersecurity community also discussed the impact of AI on security, the proliferation of rogue npm packages, and the need for improved detection engineering to address evolving threats. These developments underscore the importance of timely patching, robust detection capabilities, and cross-sector collaboration to mitigate the impact of increasingly sophisticated cyberattacks.

Share:
Summary of Major Cybersecurity Incidents and Threat Intelligence Developments
Stay ahead

Get ahead of threats like this

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.

EVENT TIMELINE

How this story unfolded

4 events from the most recent confirmed update back to the earliest known activity.

4 EVENTS
Nov 23, 20257mo ago

Weekly security roundups summarize incidents from November 17–23

A weekly roundup covering November 17–23, 2025 highlighted consumer scams, DoorDash customer data exposure, a Chrome zero-day reportedly under active attack, the DigitStealer macOS infostealer, and the Sneaky 2FA phishing technique. The article aggregates developments from the week rather than documenting one discrete incident timeline.

Nov 18, 20258mo ago

Cloudflare outage and other security topics noted in weekly news segment

A Security Weekly News segment published on November 18 referenced a Cloudflare outage alongside other topics such as Gh0stRAT, rogue npm packages, North Korean IT workers, and a Logitech zero-day. The segment notes do not provide enough detail to separate these into distinct dated events from the source material alone.

Nov 16, 20258mo ago

Weekly security roundups summarize incidents from November 10–16

Security roundups published after the week of November 10–16, 2025, summarized multiple developments including high-profile breaches, ransomware claims, law enforcement actions, malware campaigns, and exploited vulnerabilities. These references are recap articles rather than primary disclosures of a single new incident.

Oct 1, 20259mo ago

Major cyberattacks and breaches occur across October 2025

A range of significant cyber incidents took place during October 2025, including Oracle exploitation, a Red Hat incident, PhantomCaptcha activity, and other major breaches referenced in later monthly reporting. The source material does not provide exact dates for each individual incident.

LINKED ENTITIES

Related entities

Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.

107 LINKEDOpen in app
Affected products
5 linked
DoordashMacosChatgptChatgptGmail
Organizations
63 linked
LogitechNational Health ServiceDoordashLG Energy SolutionPort AlliancePrinceton UniversitySomalia e-visa systemNHS (National Health Service)LG CorporationLG ElectronicsOracleTrend MicroMozillaPypiSamsungAmazonGovernment TechnologyJapan's CERTDutch PoliceGAO (Government Accountability Office)Amazon Web ServicesMalwarebytesTPG Telecom LimitedProxy.vnQihoo 360Victoria Catholic SchoolsAisuruGovernment Accountability OfficeSamsung ElectronicsCISAStarlinkTaiwanese GovernmentGerman ParliamentCloudflareWashingtonMeta PlatformsInternal Revenue ServiceEuropean Court of Human RightsPajemploiFortinetCrowdStrikePython Package IndexTrail of BitsOpenaiSpamhausQuriumXAppleEurofiberBroadcomMicrosoft CorporationKenyan GovernmentProteiHuntressAnyscalenpm, Inc.Danish GovernmentShellyCenter for Strategic ResearchVoid BlizzardAwsGoogleUnder Armour
The operational view lives in Mallory

See the full picture, correlated to your attack surface.

This page covers what’s public. Mallory adds the parts that aren’t — which of your assets are affected, which threat actors are using it right now, which detections to deploy, and what to do next.
Exposure mapping

Map indicators from this story to your assets and identify affected systems in minutes.

Threat actor evidence

Every observed campaign, victim, and pivot linked to actors named in this story.

Associated malware

Malware, exploits, and IOCs connected to the activity described here.

Detection signatures

YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.

Scheduled alerts

Get matching new stories delivered to your team as they break — not the next morning.

AI threads

Ask questions about this story and take action on the answers.