NY Business Council Data Breach Affects 47,329 Individuals

Tuesday, November 18, 2025

Top 5 Cybersecurity Stories You Should Know

1. NY Business Council Data Breach Affects 47,329 Individuals — tl;dr: The Business Council of New York State has reported a data breach impacting approximately 47,329 individuals, detected five months after the intrusion occurred on February 24, 2025. The breach involved unauthorized access to sensitive data, likely due to unpatched vulnerabilities or phishing attacks. Affected individuals may have had their personal identifiable information compromised, raising concerns about identity theft and follow-on attacks. The organization is expected to enhance its cybersecurity measures in response. Individuals are advised to monitor for unusual credit activity and stay vigilant against potential phishing attempts.
   ↪ https://gbhackers.com/47000-individuals-affected-by-data-breach/

2. Senior Citizen Loses ₹1.08 Crore in Digital Arrest Scam; Cyber Crime Surge Reported — tl;dr: An 80-year-old woman in Mumbai was scammed out of ₹1.08 crore by fraudsters posing as police officials, highlighting the growing threat of social engineering scams targeting vulnerable populations. In a related surge, the Philippines reported a rise in online fraud, prompting authorities to enhance enforcement efforts. Victims are urged to remain vigilant against such scams, verify identities before sharing personal information, and utilize multi-factor authentication to protect their accounts. As cyber threats evolve, staying informed and cautious is crucial for safeguarding personal and financial data.
   ↪ https://the420.in/top-10-daily-cybercrime-brief-by-fcrf-click-here-to-know-more-356/

3. European Commission Issues Burner Phones Amid US Cybersecurity Concerns — tl;dr: The European Commission is equipping staff with burner phones and laptops for trips to the US, a measure typically reserved for visits to high-risk countries like China and Russia. This decision highlights growing concerns over cybersecurity threats from the US, particularly following deteriorating relations between the EU and the US. Additionally, a whistleblower has raised alarms about potential misuse of sensitive labor data accessed by DOGE from the National Labor Relations Board. Organizations should review their cybersecurity protocols and remain vigilant during international travel to safeguard sensitive information.
   ↪ https://infosec-mashup.santolaria.net/p/infosec-mashup-16-2025

4. CitrixBleed 2 Vulnerability (CVE-2025-5777) Allows Session Hijacking in NetScaler — tl;dr: A critical vulnerability known as 'CitrixBleed 2' (CVE-2025-5777) has been discovered in Citrix NetScaler ADC and Gateway, enabling unauthenticated attackers to hijack user sessions by exploiting out-of-bounds memory reads. This flaw affects versions prior to 14.1-43.56 and 13.1-58.32. Citrix has urged users to upgrade to the latest versions and terminate all active sessions post-update to mitigate risks. Failure to do so could lead to session token theft and unauthorized access, similar to issues seen with the earlier CitrixBleed vulnerability. Organizations using unsupported versions should upgrade immediately.
   ↪ https://www.bleepingcomputer.com/news/security/new-citrixbleed-2-netscaler-flaw-let-hackers-hijack-sessions/

5. CISA Promotes Cybersecurity Awareness Month 2025 for Critical Infrastructure Protection — tl;dr: October marks Cybersecurity Awareness Month, emphasizing the importance of safeguarding critical infrastructure in the U.S. CISA highlights the need for state, local, tribal, and territorial governments, as well as small and medium businesses, to enhance their cybersecurity measures. The 2025 theme, 'Building a Cyber Strong America,' encourages organizations to take immediate action to mitigate cyber threats. CISA provides resources and a toolkit for businesses and government entities to strengthen their defenses, ensuring the security of essential services and sensitive data. Individuals and families are also urged to adopt safe online practices.
   ↪ https://www.cisa.gov/cybersecurity-awareness-month

Featured LufSec Resource

Career Coaching (First Session Free) — Roadmap, portfolio, and interview prep.
Explore →

Connect with LufSec

• YouTube: https://www.youtube.com/@lufsec
• Instagram: https://www.instagram.com/lufsec