Nippon Steel Solutions Data Breach Linked to Zero-Day Vulnerability
Thursday, November 27, 2025
Top 5 Cybersecurity Stories You Should Know
-
Nippon Steel Solutions Data Breach Linked to Zero-Day Vulnerability — tl;dr: Nippon Steel Solutions, a subsidiary of Nippon Steel Corporation, experienced a critical data breach due to a zero-day attack, allowing unauthorized access to sensitive internal systems. The incident highlights the risks associated with unknown vulnerabilities, particularly in the steel manufacturing sector, which could lead to significant data theft and operational disruptions. European organizations, especially those in heavy industry and supply chains, are advised to enhance their security measures, including threat hunting, advanced endpoint detection, and network segmentation, to mitigate risks from similar attacks.
↪ https://radar.offseq.com/threat/nippon-steel-solutions-suffered-a-data-breach-foll-368a681e -
Telecom and Media Industries Targeted by Surge in Cyber Attacks — tl;dr: Recent reports from CYFIRMA reveal a significant increase in cyber attacks targeting the telecommunications and media sectors, with 56% of advanced persistent threat (APT) campaigns focused on these industries in the last quarter. Key threat actors include state-aligned groups from China, North Korea, and Russia, exploiting vulnerabilities in web applications. The report highlights a 32% rise in verified ransomware victims, with the U.S. being the most affected country. Organizations are urged to enhance their cybersecurity measures, particularly in web application security and rapid vulnerability management, to mitigate these escalating threats.
↪ https://gbhackers.com/telecom-and-media-industries/ -
Exploiting IngressNightmare Vulnerabilities in NGINX Controller (CVE-2025-1097, CVE-2025-1098) — tl;dr: The Ingress NGINX Controller for Kubernetes has critical unauthenticated Remote Code Execution vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, CVE-2025-1974) that can lead to unauthorized access to secrets and potential cluster takeover. A proof-of-concept exploit has been released, allowing attackers to upload malicious shared objects and execute reverse shell payloads. Affected users are advised to upgrade to patched versions (1.12.1 or 1.11.5) immediately, restrict admission webhook access, and consider temporarily disabling the admission controller if upgrades are not feasible.
↪ https://darkwebinformer.com/poc-code-to-exploit-the-ingressnightmare-vulnerabilities-cve-2025-1097-cve-2025-1098-cve-2025-24514-and-cve-2025-1974/ -
Workday Confirms Data Breach; Speed Cameras in Netherlands Targeted by Cyber Attack — tl;dr: Workday has confirmed a data breach involving the theft of personal information from a third-party database, potentially affecting customer data used for social engineering scams. Meanwhile, speed cameras across the Netherlands were disabled due to a cyber attack, raising concerns about the security of critical infrastructure. Other incidents include a ransomware attack on Inotiv, exposing 162,000 files, and a significant breach at Allianz Life, impacting 1.1 million customers. Organizations are advised to enhance their cybersecurity measures and monitor for unusual activity to mitigate potential risks from these incidents.
↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-34-2025 -
Washington Post Data Breach Exposes 10,000 Records via Oracle EBS Zero-Day CVE-2025-61884 — tl;dr: The Washington Post has confirmed a data breach affecting nearly 10,000 employees and contractors, linked to a zero-day exploit in Oracle E-Business Suite, identified as CVE-2025-61884. The Clop ransomware group exploited this vulnerability to gain unauthorized access from July 10 to August 22, 2025, exfiltrating sensitive personal and financial information. Affected individuals are being offered 12 months of identity protection services. Organizations are urged to prioritize vulnerability management and monitor their ERP systems to mitigate risks associated with such attacks.
↪ https://freedium.cfd/https://medium.com/p/78191151931a
Featured LufSec Resource
Career Coaching (First Session Free) — Roadmap, portfolio, and interview prep.
Explore →
Connect with LufSec
- YouTube: https://www.youtube.com/@lufsec
- Instagram: https://www.instagram.com/lufsec
