Mozilla Patches Critical Firefox 0-Day Vulnerabilities CVE-2025-4918 & CVE-2025-4919
Friday, November 14, 2025
Top 5 Cybersecurity Stories You Should Know
-
Mozilla Patches Critical Firefox 0-Day Vulnerabilities CVE-2025-4918 & CVE-2025-4919 — tl;dr: Mozilla has released an urgent update for Firefox to address two critical 0-day vulnerabilities, CVE-2025-4918 and CVE-2025-4919, which allow remote code execution. These flaws, discovered by security researchers, stem from issues in the JavaScript engine related to out-of-bounds access and array index confusion. Users are strongly advised to update to Firefox version 138.0.4 immediately to mitigate the risk of exploitation, as attackers may leverage these vulnerabilities through malicious web pages. For those unable to update, avoiding unfamiliar sites and disabling JavaScript is recommended.
↪ https://gbhackers.com/critical-firefox-0-day-flaws/ -
Orange España Data Breach Triggers Ransomware Surge — tl;dr: Orange España, Spain's second-largest mobile operator, experienced a significant data breach earlier this month, leading to over three hours of disrupted mobile services. The hacking group 'Snow' was identified as the perpetrator, having successfully infiltrated the RIPE Network Coordination Centre associated with Orange. This incident has raised concerns about a potential increase in ransomware attacks targeting similar organizations. Affected users are advised to monitor their accounts for suspicious activity and to implement robust security measures to safeguard against potential threats.
↪ https://www.itsecuritynews.info/orange-espana-data-breach-leads-to-more-ransomware-attacks/ -
WK Kellogg Reports Data Breach Tied to Clop Ransomware via Cleo Software Flaws — tl;dr: WK Kellogg Co has disclosed a data breach resulting from the Clop ransomware gang's exploitation of two zero-day vulnerabilities in Cleo software, identified as CVE-2024-50623 and CVE-2024-55956. The breach, which occurred on December 7, 2024, exposed sensitive employee information, including names and social security numbers. Affected individuals have been notified and offered a year of free identity monitoring services. This incident highlights the ongoing threat posed by ransomware attacks and emphasizes the importance of robust cybersecurity measures for companies handling sensitive data.
↪ https://www.bleepingcomputer.com/news/security/food-giant-wk-kellogg-discloses-data-breach-linked-to-clop-ransomware/ -
Google Fixes Chrome Zero-Day CVE-2023-6345 Exploited in the Wild — tl;dr: Google has addressed the sixth Chrome zero-day vulnerability of 2023, identified as CVE-2023-6345, which involves an integer overflow in the Skia graphics library. This flaw poses significant risks, including arbitrary code execution and crashes. Users are urged to update their Chrome browsers immediately to version 119.0.6045.199 for Mac and Linux, and 119.0.6045.199/.200 for Windows, to mitigate potential exploitation. The update also resolves five other high-severity vulnerabilities, enhancing overall browser security.
↪ https://blog.deurainfosec.com/chrome-zero-day-vulnerability-that-exploited-in-the-wild/ -
Ransomware Activity Peaks with 85 Groups in Q3 2025, LockBit Returns — tl;dr: In Q3 2025, ransomware activity remained high with 85 active extortion groups, marking a record number. The average monthly victim count stabilized at 535, a significant increase from the previous year. Qilin emerged as the most active group, while LockBit made a comeback with its 5.0 version, potentially signaling a re-centralization of affiliates. Manufacturing and business services were the most affected sectors, with South Korea seeing increased attacks. Organizations should enhance their cybersecurity measures, including regular backups and employee training, to mitigate the risks posed by these evolving ransomware threats.
↪ https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025/
Featured LufSec Resource
Car Hacking 101 — From key fob attacks to CAN bus exploitation—safely.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
