Cloudflare releases technical root cause update on global outage — Cloudflare published a detailed engineering summary confirming that a malformed oversized configuration file propagated through Quicksilver triggered memory fragmentation and process crash loops across edge nodes (19-11-2025) [Global]. The update provides forensic clarity on how configuration propagation failures can mimic or resemble attack scenarios for IR teams (Source: Cloudflare Engineering Blog, 19-11-2025).

Microsoft issues update on Exchange Online mail-flow degradation — Microsoft reported intermittent mail-delivery delays and message-trace failures caused by a routing-layer regression introduced during a configuration update (19-11-2025) [US]. The incident highlights the need for forensic monitoring when cloud service regressions produce symptoms similar to targeted disruption (Source: Microsoft SHD/BleepingComputer, 19-11-2025).

FBI tracks surge in Russian-linked credential-stuffing attacks — US officials confirmed an uptick in automated credential abuse targeting municipal networks, attributed to Russia-aligned threat actors using large botnet infrastructures (20-11-2025) [US]. Investigators warn that these distributed login attacks increasingly serve as precursors to deeper intrusions requiring coordinated forensic response (Source: Reuters, 20-11-2025).

Australian police investigate coordinated SIM-swap fraud using insider access — The AFP is examining a series of SIM-swap attacks facilitated by suspected telecom insiders who allegedly provided unauthorised access to subscriber records (19-11-2025) [APAC]. The case underscores the difficulty of investigating identity-takeover crime when insider compromise intersects with cyber-enabled social engineering (Source: ABC Australia, 19-11-2025).

Cloudflare outage disrupts major global platforms — A Cloudflare service failure caused widespread outages across X, ChatGPT, Canva, and multiple banking and commercial services after a configuration error caused cascading failure modes (19-11-2025) [Global]. The incident demonstrates the systemic risk of concentrated internet infrastructure relying on uniform configuration propagation (Source: Reuters, 19-11-2025).

Philippines government portals experience suspected DDoS disruption — Several high-visibility Philippine government portals were taken offline following a coordinated traffic-saturation attack that is still under investigation (19-11-2025) [APAC]. The incident highlights the continued use of politically motivated DDoS as a tool to degrade public-sector availability (Source: NCSC-PH advisory, 19-11-2025).

Scanning resurges against Cisco IOS XE CVE-2023-20198 — Researchers observed a renewed wave of scanning and exploitation attempts targeting the previously patched IOS XE vulnerability, largely from botnets probing unpatched edge devices (19-11-2025) [Global]. The continued interest reflects attackers’ belief that older high-severity CVEs remain lucrative entry points (Source: Cisco Talos, 19-11-2025).

PoC bypass emerges for Ivanti EPMM MobileIron CVE-2023-35082 — Unit 42 analysts confirmed a modified proof-of-concept bypass technique being used in targeted APAC intrusions against outdated EPMM deployments (20-11-2025) [APAC]. The exploit resurgence reinforces the need for MobileIron estate audits due to lingering legacy deployments (Source: Palo Alto Networks Unit 42, 20-11-2025).

Google pushes security update amid active Chrome zero-day exploitation — Google released an urgent patch addressing active exploitation of CVE-2024-5274 affecting Windows and Linux builds (20-11-2025) [Global]. Rapid exploitation of browser zero-days continues to require accelerated patch cycles for enterprise fleets (Source: Google Chrome Releases Blog, 20-11-2025).

Europol arrests pair tied to ransomware laundering networks — Europol, the Dutch Police, and the German BKA arrested two individuals accused of laundering €3.6 million in cryptocurrency for multiple ransomware affiliates (19-11-2025) [EU]. The arrests demonstrate growing pressure on the financial infrastructure sustaining major ransomware operations (Source: Europol, 19-11-2025).

US DOJ sentences operator of cyber-enabled VoIP fraud scheme — A California man was sentenced for participating in a large-scale VoIP-spoofing fraud network that leveraged compromised telecom infrastructure to target victims globally (18-11-2025) [US]. The sentencing highlights the convergence between financial crime and cyber-enabled telephony abuse (Source: US DOJ, 18-11-2025).

Japan updates national cybersecurity strategy — Japan’s Cabinet Office issued an updated strategy emphasising AI-enhanced detection, semiconductor supply-chain resilience, and deeper collaboration with private-sector operators (20-11-2025) [APAC]. The update underscores national concern about technology dependencies and the need for resilient digital infrastructure (Source: Nikkei Asia, 20-11-2025).

EU Parliament releases updated election cybersecurity guidelines — The Parliament’s IT Directorate issued revised security recommendations for upcoming regional elections, focusing on disinformation resilience and technical hardening (19-11-2025) [EU]. The advisory highlights the growing political importance of digital defence during election cycles (Source: EU Parliament, 19-11-2025).

NIST issues update to Zero Trust Architecture guidance — NIST released a minor update to SP 800-207A focusing on policy engines, telemetry integration, and identity-centric enforcement (20-11-2025) [US]. The revision signals maturing federal expectations around Zero Trust implementation (Source: NIST CSRC, 20-11-2025).

ISO circulates draft revision of ISO/IEC 27001:2025 — An updated draft revision introduces AI-assurance language and refreshed governance controls to address emerging risks (18-11-2025) [Global]. Certification bodies are preparing for transition requirements that will impact enterprise compliance teams (Source: ISO Liaison Notice, 18-11-2025).