Dior Notifies Customers of Data Breach; Clorox Sues Cognizant for Cyberattack Negligence
Wednesday, November 26, 2025
Top 5 Cybersecurity Stories You Should Know
-
Dior Notifies Customers of Data Breach; Clorox Sues Cognizant for Cyberattack Negligence — tl;dr: Dior has informed U.S. customers of a data breach exposing personal information from a January 2025 incident, including names and Social Security numbers, urging affected individuals to monitor their accounts for suspicious activity. Meanwhile, Clorox is suing IT firm Cognizant for $380 million, claiming negligence in handling a cyberattack that disrupted operations. The lawsuit highlights the importance of robust cybersecurity practices and proper identity verification in preventing such incidents. Customers are advised to enroll in credit monitoring services to protect against potential identity theft.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-30-2025 -
Nippon Steel Solutions Faces Data Breach from Zero-Day Attack — tl;dr: Nippon Steel Solutions, a subsidiary of Nippon Steel Corporation, recently experienced a significant data breach due to a zero-day attack, exploiting an unknown vulnerability. This incident, which has critical implications for the steel manufacturing sector, raises concerns about the security of sensitive data and operational systems. European organizations, especially those connected to Nippon Steel, may face increased risks of supply chain compromise and targeted attacks. To mitigate these threats, companies are advised to enhance threat detection, implement advanced security measures, and update incident response plans to address potential zero-day vulnerabilities.
↪ https://radar.offseq.com/threat/nippon-steel-solutions-suffered-a-data-breach-foll-368a681e -
Exploit Code Released for IngressNightmare Vulnerabilities in NGINX (CVE-2025-1097, CVE-2025-1098) — tl;dr: A proof-of-concept (PoC) exploit has been developed for critical unauthenticated Remote Code Execution (RCE) vulnerabilities in the Ingress NGINX Controller for Kubernetes, identified as CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974. These vulnerabilities can lead to unauthorized access to secrets across namespaces and potential cluster takeovers. Affected users are urged to upgrade to patched versions (1.12.1 or 1.11.5) immediately and restrict access to the admission webhook to enhance security. Temporary disabling of the admission controller is advised if immediate upgrades are not feasible.
↪ https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/ -
WK Kellogg Reports Data Breach Linked to Clop Ransomware via Cleo Software Flaws — tl;dr: WK Kellogg Co has disclosed a data breach affecting employees and vendors, linked to the Clop ransomware gang's exploitation of two zero-day vulnerabilities in Cleo software (CVE-2024-50623 and CVE-2024-55956). The breach, which occurred on December 7, 2024, involved unauthorized access to servers hosting sensitive employee files. Affected individuals are advised to enroll in free identity monitoring services and consider placing fraud alerts on their credit files. This incident follows a trend of attacks on various companies using Cleo's file transfer utility, highlighting the ongoing threat posed by ransomware groups.
↪ https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/ -
Mozilla Patches Critical Firefox 0-Day Flaws CVE-2025-4918 and CVE-2025-4919 — tl;dr: Mozilla has released an urgent update for Firefox to address two critical 0-day vulnerabilities, CVE-2025-4918 and CVE-2025-4919, which could allow remote code execution. Discovered by security researchers from Palo Alto Networks and Trend Micro, these flaws exploit the JavaScript engine's handling of Promise objects and array operations, potentially leading to data leakage or browser crashes. Users are strongly advised to update to Firefox version 138.0.4 immediately to mitigate risks, as active exploitation is likely. For those unable to update, avoiding unfamiliar websites and disabling JavaScript is recommended.
↪ https://gbhackers.com/critical-firefox-0-day-flaws/
Featured LufSec Resource
Cybersecurity Career Guide (Free eBook) — Actionable playbook to land your first role.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
