Cyber Briefing: 2025.11.14

Imunify360 flaw, ChatGPT SSRF bug, fake Chrome wallet, Synnovis and DoorDash breaches, NY texting hack, Akira profits, Claude AI misuse, Russian hacker arrest.

Nov 14, 2025

👉 What’s trending in cybersecurity today?

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please Subscribe

Get Help

🚨 Cyber Alerts

1. Imunify360 Flaw Puts Sites At Risk

A critical vulnerability in the Imunify360 website security product, which protects over 56 million sites, allows an attacker to execute arbitrary code with root privileges by exploiting its malware scanner. This flaw could lead to the full compromise of Linux-based shared hosting environments, potentially exposing all sites on an affected server.

2. ChatGPT Flaw Exposed Core Infrastructure

A security researcher uncovered and disclosed a patched SSRF vulnerability in custom ChatGPTs, which could have been exploited to obtain an Azure access token and potentially expose some of the AI chatbot’s underlying cloud infrastructure.

3. SaferyExtension Steals Crypto Wallets

A deceptive Chrome extension named “Safery: Ethereum Wallet” is actively stealing users’ cryptographic seed phrases by posing as a legitimate wallet and remains available for download on the Chrome Web Store. The extension covertly exfiltrates the stolen phrases by encoding them into synthetic blockchain transaction addresses, making the theft difficult to detect as it bypasses traditional network monitoring.

For more alerts, click here!

Subscribe Now

💥 Cyber Incidents

4. Synnovis Reports Data Theft In Attack

A ransomware attack hit the pathology services provider Synnovis in June 2024, leading to the theft of patient personal information and severe disruption across several London hospitals. The organization, a partnership including two major NHS Trusts, provides crucial laboratory services primarily in southeast London.

5. Doordash Hit By October User Data Breach

DoorDash announced a data breach in October 2025 affecting an unspecified number of customers, delivery drivers (Dashers), and merchants across its international service areas, where an unauthorized party accessed contact information after an employee was targeted by a social engineering scam. The exposed personal data may have included names, physical addresses, phone numbers, and email addresses.

6. Hackers Breach NY State Texting Service

Hackers successfully hijacked a legitimate bulk text messaging service, Mobile Commons, to send hundreds of thousands of scam messages to subscribers of clients like New York state and a Catholic charity. The cybercriminals sent texts from trusted SMS numbers, referencing fake transactions and directing users to call a now-disconnected 888 number.

For more incidents click here!

Read Report

📢 Cyber News

7. Akira Ransomware Made 244 Million Dollars

The Akira ransomware group has reportedly amassed over $244 million since its inception in March 2023, according to a recent joint advisory from multiple international government agencies. Known for initially targeting VMware ESXi servers in attacks against critical infrastructure globally, the group has recently expanded its tactics, exploiting multiple new vulnerabilities, using sophisticated initial access methods like stolen credentials and VPN brute-forcing, and employing advanced techniques like disabling EDR and bypassing VM protection for credential theft.

8. Claude AI Linked To Chinese Espionage

A China-linked, state-sponsored threat actor utilized Anthropic’s Claude AI for a massive, automated espionage campaign against nearly 30 organizations across multiple global sectors. By skillfully manipulating the AI’s agentic capabilities and bypassing its guardrails, the attackers enabled Claude to perform 80–90% of the hacking process, including identifying assets, building exploits, and exfiltrating data, with minimal human oversight

9. Skripal Hacker Arrested In Thailand

A high-profile Russian hacker, allegedly a GRU military intelligence agent on the FBI’s most wanted list, has reportedly been arrested in Thailand. He is suspected of involvement in the hacks on the Hillary Clinton election campaign and the Skripal novichok poisonings.

For more news click here

Check Events

📈Cyber Stocks

On Friday, 14th November, cybersecurity stocks extended their decline for a second consecutive session, weighed down by broader tech-sector weakness and investor caution around stretched valuations. Macroeconomic uncertainty and continued rotation out of high-growth cloud names pressured the sector, even as long-term demand for AI-driven, zero-trust, and network-defense tools remained robust. Overall, the pullback reflected short-term volatility rather than a shift in cybersecurity fundamentals.

CrowdStrike closed at $529.78, down 2.9%, as profit-taking and valuation concerns overshadowed strong enterprise interest in its AI-powered Falcon platform.
Zscaler ended at $308.60, down 2.6%, pressured by rotation away from high-growth cloud-security leaders amid rising macro caution.
Palo Alto Networks finished at $204.77, down 2.5%, as investors focused on margin pressure and integration risks tied to its recent acquisitions.
Okta settled at $83.76, down 1.1%, with competitive headwinds in identity management continuing to weigh on sentiment.
Fortinet closed at $81.03, down 1.4%, as concerns around firewall-cycle maturity limited resilience despite elevated geopolitical cyber-risk.

💡 Cyber Tip

🔥 Firefox 145 and Chrome 142 Fix High Severity Security Flaws

Google and Mozilla have released urgent security updates for Chrome 142 and Firefox 145 to fix multiple high severity vulnerabilities. There is currently no evidence of active exploitation, but experts warn that these flaws could allow remote attacks if left unpatched.

What You Should Do

Update Google Chrome to version 142.0.7444.162 (Linux and macOS) or 142.0.7444.162 or .163 (Windows).
Update Mozilla Firefox to version 145 and apply updates for Firefox ESR 140.5 or ESR 115.30 if you use extended support versions.
Enable automatic browser updates to receive future patches promptly.
Restart your browser after updating to ensure patches are active.

Why This Matters

Chrome 142 fixes a high severity flaw in the V8 JavaScript engine (CVE-2025-13042) which could lead to denial of service or code execution. Firefox 145 fixes 16 vulnerabilities, including nine rated high severity, such as WebGPU boundary issues, a WebAssembly flaw, and a JavaScript Engine miscompilation bug. Prompt patching reduces the risk of remote attacks and strengthens your browser security.