CyberNews: 12/11/2025 Edition

Published by Dunateo on 2025-11-12

Today’s roundup

  • Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug
  • SAP fixed a maximum severity flaw in SQL Anywhere Monitor
  • Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025
  • Hackers abuse Triofox antivirus feature to deploy remote access tools
  • Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
  • GootLoader Is Back, Using a New Font Trick to Hide Malware on WordPress Sites
  • WhatsApp Malware 'Maverick' Hijacks Browser Sessions to Target Brazil's Biggest Banks
  • Synnovis notifies of data breach after 2024 ransomware attack
  • GlobalLogic warns 10,000 employees of data theft after Oracle breach
  • Microsoft releases KB5068781 — The first Windows 10 extended security update

    • Summary

    Microsoft released its November 2025 Patch Tuesday updates, addressing 63 vulnerabilities including an actively exploited Windows Kernel Elevation of Privilege flaw (CVE-2025-62215, CVSS 7.0) and an Office Remote Code Execution vulnerability (CVE-2025-62199). Concurrently, the first Extended Security Update (ESU) for Windows 10, KB5068781, was released, providing critical security updates for systems that have reached end of support.

    SAP has issued its November security updates, fixing 19 vulnerabilities. Among them are a maximum severity flaw (CVE-2025-42890, CVSS 10.0) in SQL Anywhere Monitor, due to hardcoded credentials allowing arbitrary code execution, and a critical code injection vulnerability (CVE-2025-42887, CVSS 9.9) in SAP Solution Manager. Discontinuation of SQL Anywhere Monitor is advised as a temporary workaround.

    Synology has patched a critical remote code execution (RCE) vulnerability (CVE-2025-12686, CVSS 9.8) in its BeeStation products. The flaw, demonstrated at Pwn2Own Ireland 2025, is caused by improper buffer size checks, allowing remote attackers to execute arbitrary code. Users are advised to upgrade BeeStation OS to version 1.3.2-65648 or above.

    Hackers are exploiting a critical vulnerability in Gladinet's Triofox file-sharing and remote-access platform. The attackers abuse the built-in antivirus feature to achieve remote code execution with SYSTEM privileges, enabling the deployment of remote access tools.

    Zimperium researchers have uncovered "Fantasy Hub," a new Russian Malware-as-a-Service (MaaS) Android Remote Access Trojan (RAT). This RAT offers extensive espionage capabilities, including data collection, device control, and communication interception via Telegram. It targets banks using fake login windows and employs a native dropper with WebRTC streaming for live camera/microphone feeds.

    The GootLoader malware has resurfaced, utilizing a novel font trick for stealth on compromised WordPress sites. Infections observed since late October 2025 led to domain controller compromise within 17 hours.

    A new banking malware named "Maverick" is being propagated via WhatsApp, primarily targeting Brazilian users and their banking institutions. Maverick, which shares similarities with the "Coyote" malware, hijacks browser sessions and features functionality to decrypt, target banking URLs, and monitor banking applications.

    Synnovis, a major UK pathology services provider, has confirmed a data breach following a ransomware attack in June 2024. The incident resulted in the theft of sensitive patient data, and the company is currently notifying affected healthcare providers.

    GlobalLogic, a digital engineering services provider and part of the Hitachi group, is notifying over 10,000 current and former employees about data theft. The breach occurred through an Oracle E-Business Suite (EBS) system, leading to the compromise of personal information.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-62215 High
    CVE-2025-62199 High
    CVE-2025-42890 Critical
    CVE-2025-42887 Critical