Global coverage from 05–07 Nov 2025: SonicWall attributes its breach to a state-backed actor, while the Washington Post confirms exposure via Oracle-linked software. Android’s “Landfall” spyware zero-day and Monsta FTP RCE headline new exploits. ENISA warns of DDoS waves on public services as CISA releases fresh ICS advisories and NCSC announces Mail/Web Check retirement.

The past 48 hours saw major movement across global cyber fronts, including AI-enabled backdoors, cargo-theft hacking campaigns, and high-impact data breaches in Japan and Sweden. Actively exploited WordPress and Android vulnerabilities demand immediate patching, while new CISA KEVs and ICS advisories raise urgency for OT environments. Meanwhile, Europol operations disrupted large-scale fraud and crypto-platform crime.

ACSC and CISA released synchronized Exchange Server hardening guidance as new KEV entries and ICS advisories highlight active exploitation across IT and OT systems. Major incidents hit Ribbon Communications and Conduent, while U.S. prosecutions target Conti and insider espionage cases. DFIR teams should prioritize patch validation, supplier risk reviews, and Exchange baseline enforcement.

Qilin ransomware tactics evolve, commercial spyware resurfaces, and municipal services face fresh extortion pressure. A Lanscope zero-day and BIND 9 risks demand swift patching, while Singapore tackles SIM-fraud networks on the ground. New supply-chain ransomware guidance and crypto-finance sanctions signal policy tightening. Plus, standards shifts in ICMPv6 and hashing preview changes coming to defensive stacks.

Qilin ransomware tactics evolve, commercial spyware resurfaces, and municipal services face fresh extortion pressure. A Lanscope zero-day and BIND 9 risks demand swift patching, while Singapore tackles SIM-fraud networks on the ground. New supply-chain ransomware guidance and crypto-finance sanctions signal policy tightening. Plus, standards shifts in ICMPv6 and hashing preview changes coming to defensive stacks.