Here are some top Cybersecurity articles from the past week:
🇨🇳 Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Global Target List
A significant data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, resulted in the theft of over 12,000 internal documents. The leak allegedly exposes sophisticated state-sponsored cyber weapons, internal hacking tools capable of compromising major operating systems, and a comprehensive list of global intelligence targets.
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database
📱 CISA Orders Feds to Patch Samsung Zero-Day Exploited by LANDFALL Spyware
The Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-21042 to its Known Exploited Vulnerabilities (KEV) Catalog, ordering federal agencies to patch a critical zero-day flaw in Samsung Mobile Devices. The vulnerability, an out-of-bounds write in an image library, was actively exploited by the LANDFALL spyware via malicious images sent over platforms like WhatsApp.
CISA orders feds to patch Samsung zero-day used in spyware attacks
🏦 Swiss Bank Habib Bank AG Zurich Hit by Qilin Ransomware Group, 2.5TB Stolen
The Qilin ransomware group claimed responsibility for a major attack on Swiss private bank Habib Bank AG Zurich on November 5. The group alleges they stole over 2.5 terabytes of data, including sensitive customer details, transaction records, and internal source code, marking a severe breach in the financial sector.
Swiss Bank Hit by Qilin Ransomware Group in Major Data Theft
📦 runC Container Runtime Flaws Allow Container Escape in Docker and Kubernetes
A trio of critical vulnerabilities (CVE-2025-31133, CVE-2025-52565, and CVE-2025-52881) was patched in the runC container runtime, which is widely used by Docker and Kubernetes. The flaws, dubbed “TARmageddon,” stem from issues in mount handling and symbolic links, potentially allowing a malicious container to escape to the host operating system with root privileges.
Runtime behind Docker and Kubernetes contains three vulnerabilities
🇯🇵 Japanese Retailer Askul Confirms Data Leak After Ransomware Attack Claim
Japanese office and household goods retailer Askul confirmed that customer and supplier data was exposed following a ransomware attack that disrupted its e-commerce and logistics operations. The RansomHouse extortion group claimed responsibility, alleging the theft of 1.1 terabytes of data and leaking contact and inquiry information from users of Askul’s online stores.
Japanese retailer Askul confirms data leak after cyberattack claimed by Russia-linked group
