Summary of Major Cybersecurity Incidents and Threat Intelligence Developments
Multiple organizations worldwide experienced significant cybersecurity incidents, including ransomware attacks, data breaches, and exploitation of zero-day vulnerabilities. Notable events include a ransomware attack on LG's battery subsidiary by the Akira group, a confirmed breach at Logitech linked to the Clop ransomware group, and a data breach at DoorDash affecting user information. The UK National Health Service (NHS) was compromised via an Oracle EBS zero-day, and Princeton University suffered a data breach impacting alumni, donors, faculty, students, and parents. Additional incidents involved the hacking of Somalia's e-visa system, resulting in the theft of over 35,000 applicants' data, and the disruption of Russian port operator Port Alliance due to a cyberattack. These incidents highlight the ongoing threat posed by ransomware groups, zero-day exploits, and targeted attacks on critical infrastructure and service providers.
Security news roundups and technical digests reported on these incidents alongside broader threat intelligence developments. Updates included new and refined detection rules for cloud environments (AWS, Azure), Linux, and Windows, as well as coverage of phishing campaigns, credential theft, and the abuse of legitimate tools for persistence and lateral movement. The cybersecurity community also discussed the impact of AI on security, the proliferation of rogue npm packages, and the need for improved detection engineering to address evolving threats. These developments underscore the importance of timely patching, robust detection capabilities, and cross-sector collaboration to mitigate the impact of increasingly sophisticated cyberattacks.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Weekly security roundups summarize incidents from November 17–23
A weekly roundup covering November 17–23, 2025 highlighted consumer scams, DoorDash customer data exposure, a Chrome zero-day reportedly under active attack, the DigitStealer macOS infostealer, and the Sneaky 2FA phishing technique. The article aggregates developments from the week rather than documenting one discrete incident timeline.
Cloudflare outage and other security topics noted in weekly news segment
A Security Weekly News segment published on November 18 referenced a Cloudflare outage alongside other topics such as Gh0stRAT, rogue npm packages, North Korean IT workers, and a Logitech zero-day. The segment notes do not provide enough detail to separate these into distinct dated events from the source material alone.
Weekly security roundups summarize incidents from November 10–16
Security roundups published after the week of November 10–16, 2025, summarized multiple developments including high-profile breaches, ransomware claims, law enforcement actions, malware campaigns, and exploited vulnerabilities. These references are recap articles rather than primary disclosures of a single new incident.
Major cyberattacks and breaches occur across October 2025
A range of significant cyber incidents took place during October 2025, including Oracle exploitation, a Red Hat incident, PhantomCaptcha activity, and other major breaches referenced in later monthly reporting. The source material does not provide exact dates for each individual incident.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
A week in security (November 17 – November 23)
malwarebytes.com
Open sourceOctober 2025: Oracle Exploitation, Red Hat Incident, PhantomCaptcha, and Major Breaches
socradar.io
Open sourceRisky Bulletin: Microsoft will integrate Sysmon into Windows
news.risky.biz
Open sourceCloudflare, Gh0stRAT, npm, North Koreans, Arch, Steam, Documentaries, Aaran Leyland.. – SWN #530
scworld.com
Open sourceA week in security (November 10 - November 16) | Malwarebytes
malwarebytes.com
Open sourceWhat'd I Miss? InfoSec Weekend News Roundup for November 14 - November 16, 2025
sherpaintelligence.substack.com
Open sourceDetections Digest #20251117
detections-digest.rulecheck.io
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


