WEEKLY TOP TEN: November 24, 2025, 16:00 GMT
- Cloudflare Global Outage Disrupts Customer Services
Cloudflare reported a widespread service degradation that affected multiple core products (including access, routing, and secure connectivity services). Users worldwide experienced slowdowns and intermittent failures. Cloudflare framed this as an internal incident rather than customer compromise, but the operational impact was still broad because so many companies sit behind Cloudflare for traffic and security. The outage underscores how concentration risk in major internet intermediaries can translate into real-world downtime across thousands of businesses. - Record Aisuru Botnet DDoS Stopped by Microsoft Azure
Microsoft Azure mitigated a massive 15.72 Tbps distributed denial-of-service attack attributed to the Aisuru botnet. The event shows the continuing escalation of volumetric DDoS, fueled by compromised consumer and IoT devices. While Azure absorbed the hit, the scale matters because similar attacks can overwhelm less-resourced networks, disrupt critical services, and serve as cover for parallel intrusions. - AIPAC Reports Third-Party Data Breach
AIPAC disclosed that an external vendor’s systems were accessed without authorization, leading to exposure of information tied to several hundred individuals. The organization said it moved quickly to investigate, coordinate with the vendor, and harden controls. Even though the affected population is smaller than typical mass breaches, the political-advocacy context elevates the risk of targeted harassment, phishing, or influence operations against stakeholders. - Australia Defense Contractor Ikad Engineering Breached
A cyberattack on IKAD Engineering—part of Australia’s defense-industry supply chain—exposed files referencing sensitive weapons and submarine programs. Investigators found evidence of data access/exfiltration, escalating concern about national-security spillover from contractor environments. The incident shows how “softer” industrial partners can become pivots into government-adjacent projects, and why defense ecosystems are now treated as a single attack surface. - Samsung Medison Data Allegedly Stolen via Third-Party Breach
A threat-actor on a criminal forum claimed access to Samsung Medison healthcare data through a compromised contractor. The seller advertised internal files, source code, credentials, and potential patient/employee PII. Samsung Medison—Samsung’s medical-imaging subsidiary—had not validated the claim publicly in the report window. If authentic, the exposure could be leveraged for downstream hospital targeting, fraud, or device-ecosystem compromise. - Pennsylvania Attorney General’s Office Ransomware Breach
The Pennsylvania Attorney General’s Office confirmed a ransomware incident after attackers accessed systems and allegedly stole multiple terabytes of data. The Inc Ransom group took credit and threatened publication. Officials said investigative and operational networks were impacted, raising concerns about sensitive legal records and personal data tied to state cases. The office began incident response and coordination with federal partners; notifications and containment were underway during the period. The breach highlights how state justice institutions remain prime extortion targets. - Brazil’s Petrobras Targeted by Everest Ransomware
The Everest ransomware gang also claimed a separate intrusion into Petrobras, Brazil’s state-run energy giant. Attackers say they exfiltrated more than 180GB of sensitive seismic survey and internal operational data and threatened public release unless contacted via encrypted messenger. Petrobras has not confirmed the claim publicly in the report window, but the allegation fits Everest’s recent double-extortion pattern. If true, the breach could affect competitive intelligence, critical-infrastructure security posture, and future exploration or production planning. - Under Armour Hit by Everest Ransomware Data-Theft Claim
Everest ransomware posted a breach claim against Under Armour, alleging theft of roughly 343GB of internal and customer-related data. The dump reportedly includes customer contact details, purchase history, and product catalog/business records, suggesting compromise of marketing/commerce systems. Under Armour hadn’t publicly confirmed the breach at the time of reporting, so the scale and authenticity remain under investigation. If validated, the incident could expose customers to targeted phishing and credential-stuffing while creating reputational and regulatory risk for the company. - Logitech Confirms Breach Tied to cl0p Oracle E-Business Suite Exploits
Logitech disclosed that attackers used a zero-day in Oracle E-Business Suite to access internal systems and copy data. The incident is part of a wider Cl0p extortion wave against organizations running vulnerable Oracle components. Logitech’s filing emphasized data exfiltration rather than encryption, and the company launched forensic review and legal/regulatory notifications. The event is notable because supply-chain ERP platforms sit at the heart of finance, HR, and procurement workflows. - Fortiweb Customers Hit by Active Takeover Attacks
Fortinet warned that FortiWeb web-application firewalls were under active exploitation via two vulnerabilities, including a critical auth-bypass leading to admin-level control. Real-world attacks were already creating rogue admin accounts and allowing device takeover. This is an incident affecting FortiWeb-using organizations, not just a theoretical CVE: compromise of perimeter security appliances can become a launchpad for internal lateral movement and data theft.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranked by highest risk, and using multiple sources when available: