Infosec bits for 2025 week 45

Zoya Vilakazi | Nov. 7, 2025, 4:48 p.m.

Cybersecuirty News:

South Africa’s Cybersecurity Market Set to Hit R165 Billion Amid Rising AI and Cloud Security Demand [Jennifer Onyeagoro, TechAfrica News]

We need to build psychological readiness into cyber security [Haris Pylarinos, Computer Weekly]

UPenn Confirms Cyber Attack as Hackers Claim Data on 1.2M People [Susan Snyder, GovTech]

Malware & Attacks:

New Phishing Attack Using Invisible Characters Hidden in Subject Line Using MIME Encoding [Tushar Subhra Dutta, Cyber Security News]

Fake Solidity VSCode extension on Open VSX backdoors developers [Bill Toulas, Bleeping Computer]

LeakyInjector and LeakyStealer Malwares Attacks Users to Steal Crypto’s and Browser History [Abinaya, Cyber Secuirty News]

Tracking a Dragon: Investigating a DragonForce-affiliated ransomware attack with Darktrace [Darktrace, Darktrace]

SonicWall Firewall Backups Stolen by Nation-State Actor [Rob Wright, Dark Reading]

Microsoft Teams’ New “Chat with Anyone” Feature Exposes Users to Phishing and Malware Attacks [Guru Baran, CyberSecurity News]

New Phishing Campaign Targets Travelers via Compromised Hotel Booking.com Accounts [Mayura Kathir, GBHackers News]

Google spots malware in the wild that morphs mid-attack, thanks to AI [Charlie Osborne, ZDNET]

Vulnerabilities and Patches:

Cisco fixes critical UCCX flaws, patch ASAP! (CVE-2025-20358, CVE-2025-20354) [Zeljka Zorz, Help Net Security]

Critical CVE-2025-12779 Vulnerability Exposes Amazon WorkSpaces for Linux Users to Token Theft [Ashish Khaitan, The Cyber Express]

Chrome 142 Update Patches High-Severity Flaws [Ionut Arghire, Security Week]

CISA Issues Alert on Gladinet CentreStack and Triofox Vulnerabilities Under Active Exploitation [Divya, GBHackers News]

Critical Control Web Panel vulnerability is actively exploited (CVE-2025-48703) [Zeljka Zorz, Help Net Security]

NVIDIA NVApp for Windows Vulnerability Let Attackers Execute Malicious Code [Abinaya, Cyber Secuirty News]

HTTP/2 ‘MadeYouReset’ Vulnerability Enable Denial-of-Service (DoS) Attacks [Mayura Kathir, GBHackers News]

Apple patches 50 security flaws—update now [Pieter Arntz, Malwarebytes]