Weekly Cybersecurity Recap - 24 November 2025

Introduction

Last week’s cybersecurity landscape delivered a mix of strategic insights, emerging threats, and active exploitation campaigns across cloud platforms, AI infrastructure, and everyday user behavior. From soaring regional cyber investments to fresh compromises in widely used enterprise tools, the developments reinforce how quickly the threat environment is evolving - and how unevenly organizations are keeping up. Below is our deeper weekly breakdown, organized by theme and expanded with added context and analysis.

Vulnerabilities and Exploitation

ShadowRay 2.0 Exploits Unpatched Ray Flaw to Build Self-Spreading GPU Cryptomining Botnet

Cybercriminals are exploiting a long-unpatched Ray framework vulnerability to hijack NVIDIA-powered clusters and deploy a self-spreading cryptomining botnet known as ShadowRay 2.0. The attacks build on earlier waves observed in 2023–2024 and leverage a critical missing-authentication flaw to seize full control of exposed environments.

Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar

The Sneaky 2FA phishing kit has added Browser-in-the-Browser (BitB) simulation, allowing attackers to convincingly mimic legitimate authentication windows. This makes credential harvesting more effective and lowers the barrier of entry for low-skilled cybercriminals adopting PhaaS tools.

Fortinet Woes Continue With Another WAF Zero-Day Flaw

Fortinet disclosed a new OS command injection flaw affecting its FortiWeb WAF line - its second zero-day in under a week. The active exploitation of consecutive vulnerabilities raises questions about internal security processes and transparency practices as customers brace for repeated patch cycles.

Recent 7-Zip Vulnerability Exploited in Attacks

A directory traversal weakness in 7-Zip (CVE-2025-11001) is now being exploited in live attacks despite a recent patch. The flaw allows crafted ZIP files with symbolic links to trigger remote code execution, emphasizing the speed at which threat actors pivot to newly published vulnerabilities.

SonicWall Patches High-Severity Flaws in Firewalls, Email Security Appliance

SonicWall released security fixes for critical bugs across its Gen7 and Gen8 firewalls and its Email Security appliances. The stack-based overflow in SonicOS SSL VPN poses a particularly serious risk, as it can be exploited remotely and without authentication to crash devices or execute arbitrary code.

Cloud, SaaS and Enterprise Security

Salesforce Flags Unauthorized Data Access via Gainsight-Linked OAuth Activity

Salesforce uncovered suspicious OAuth activity associated with Gainsight applications, potentially granting attackers access to customer data. In response, Salesforce revoked all related tokens and temporarily removed the apps from its marketplace. The scale of impact remains undisclosed, but the incident highlights ongoing challenges in third-party SaaS authentication governance.

Cloudflare Outage Throws a Wrench in Global Internet Access

A significant Cloudflare outage disrupted global internet traffic after an oversized automatically generated configuration file triggered system failures. The incident affected numerous services and platforms, highlighting the fragility of critical internet routing infrastructure and the cascading impact of single misconfigurations.

Regional & Awareness

Gulf cybersecurity spend to exceed AED120bn by 2030

A new Gulf-focused report reveals that regional cybersecurity spending is on track to more than double by 2030, underscoring a major shift toward sovereign digital resilience. The study highlights how AI-driven threats and geopolitical pressures are accelerating investment across national infrastructure, public services, and critical industries.

79% travelers are exposed to data breaches because of one simple thing: UAE Cyber Security Council

The UAE Cyber Security Council warns that unsecured public charging ports continue to expose travelers to silent data theft. Attackers hide malware inside these ports, enabling device hijacking, credential theft, and unauthorized media extraction. Alarming statistics show that 68% of firms have already been targeted through compromised charging stations, turning a seemingly harmless habit into a widespread risk.

Industry Trends & Strategic Risks

Cybersecurity trends to 2026: AI threats, supply chains & identity

Global security leaders anticipate significant shifts in priorities as AI accelerates threat automation and supply-chain complexity multiplies attack surfaces. The industry is pivoting toward greater visibility, stronger identity governance, and resilience strategies designed for distributed, multi-cloud environments.

Same Old Security Problems: Cyber Training Still Fails Miserably

Despite years of awareness campaigns and investment in training programs, organizations continue to repeat the same security mistakes. Human behavior remains one of the weakest links, and cultural shortcomings - rather than technology gaps - are driving many avoidable breaches.