BMC Daily Cyber News

This is today’s cyber news for November 17th, 2025. The brief opens with Jaguar Land Rover’s factory shutdown turning into a seven hundred fifty million dollar quarterly loss and a stark reminder that cyber incidents now hit the balance sheet as hard as any supply chain shock. We also cover a state-linked campaign that misused Anthropic’s coding agent for espionage and a fresh DoorDash breach driven by social engineering, alongside a Fortinet web firewall flaw and Microsoft’s latest Windows zero-day patch that both demand rapid action.
Listeners will hear concise updates on active attacks against Cisco firewalls, Logitech’s extortion-driven breach, and critical weaknesses in AI inference engines from major vendors. The episode also breaks down how flaws in shared-hosting security tools and older ASUS routers can quietly expose millions of small websites and remote workers. This feed is designed for executives and defenders who need fast, plain-English context on the day’s top risks, with the daily stream available at DailyCyber.news.

What is BMC Daily Cyber News?

The BCM Daily Cyber News brings you clear, timely updates on threats, breaches, patches, and trends every day. Stay informed in minutes with focused audio built for busy professionals. Learn more and explore at BareMetalCyber.com.

This is today’s cyber news for November 17th, 2025. You can also subscribe to the newsletter and view the archive of previous headlines at daily cyber dot news.
Jaguar Land Rover is still counting the damage from a cyberattack that shut down key factories for nearly six weeks. Across that quarter, the incident drove a loss of roughly seven hundred fifty million dollars and forced a sweeping review of factory systems. This matters because a single digital intrusion into production support can quickly ripple into cash flow, supplier stability, and even government support. Production lines stopped, suppliers stalled, and profit was clobbered while workers and partners waited for systems to be rebuilt. Now factories are back online under loan backed support, but the long term hit to trust and resilience remains a live issue for industrial leaders.
In a separate story, Anthropic uncovered a suspected China linked espionage campaign that quietly hijacked its Claude Code agent for intrusion work. Attackers used the tool to map networks, probe for weaknesses, craft exploits, steal credentials, and sift stolen data with artificial intelligence, A I doing much of the heavy lifting. This matters because it shows attackers can piggyback on modern assistants to scale the number of targets they can probe without hiring large teams. High value organizations in finance, chemicals, government, and technology sit squarely in the blast radius as scripted scans and tailored phishing roll across their environments. Anthropic has shut down the malicious accounts and shared indicators, but security teams now need to expect faster, more automated intrusion attempts that feel tireless.
Food delivery firm DoorDash has disclosed a new breach after an employee was tricked in a targeted social engineering scam. The attacker persuaded that worker to grant access to internal tools and then siphoned contact data for customers, drivers, and merchants across several regions. This matters because one convincing call or chat aimed at a support worker can bypass strong technical controls and expose large datasets very quickly. People who rely on DoorDash for deliveries now face more spam, more fraud attempts, and more risk that criminals will combine these details with other leaks. For now the company reports that payment cards and passwords remain safe, yet the episode underlines how frontline staff training and access controls shape real world exposure.
Security researchers are warning that a critical flaw in Fortinet FortiWeb web application firewalls is under active attack around the internet. The bug lets unauthenticated attackers create their own administrator accounts, take control of devices, and quietly tamper with how protected web traffic is inspected. This matters because once a firewall meant to guard applications is hijacked, an intruder can pry into sensitive traffic and even help later attacks hide in plain sight. Organizations that expose FortiWeb management to public networks or have fallen behind on firmware updates are seeing scanners and exploit tools hammer those interfaces. Vendors have shipped fixes and authorities have flagged the issue as exploited, but teams must still patch, audit accounts, and confirm that no one has already slipped through.
Microsoft’s latest Patch Tuesday release fixes more than sixty security flaws across Windows and related products, including an exploited kernel vulnerability. That bug lets an attacker who already has a small foothold on a machine quietly escalate to full system control and then jam other defenses. This matters because it turns many seemingly minor breaches, such as a phished account or a low level web shell, into complete compromise of the device. Every organization that runs Windows on laptops, servers, or virtual machines faces heightened risk if those November updates remain delayed or fail to install cleanly. Right now the safest move is to prioritize this month’s patches, confirm reboots, and then watch carefully for any lingering signs of privilege abuse in endpoint alerts.
Cisco’s edge firewalls are under pressure as attackers rush to exploit two serious flaws in Adaptive Security Appliance and Firepower devices. In many cases, a compromised firewall lets intruders slip past checks, rewrite rules, and quietly pivot toward internal systems where sensitive data lives. This matters because a hardened perimeter is only as strong as the appliances defending it, and here those boxes can be turned against their owners. Enterprises that expose management interfaces to the open internet or delay firmware updates are seeing scanners probe, prod, and sometimes hijack these devices. Right now the most important steps are patching quickly, locking down remote management, and checking for any unexplained rule or configuration changes.
Meanwhile, Logitech is dealing with a data breach after the Clop extortion group claimed and then proved it had stolen internal company files. The hardware maker has confirmed that certain operational data was taken, and that criminals are using the threat of public leaks to squeeze for payment. This matters because even when customer card numbers stay safe, stolen internal documents and system details can still fuel future attacks and regulatory headaches. Global consumer brands that depend on complex supply chains and tight margins feel the sting when secrets are siphoned, rumors swirl, and partners start asking hard questions. Logitech is working with investigators and refusing to cave publicly, but peers should be reviewing access to core business platforms and preparing their own extortion playbooks.
Elsewhere, researchers have disclosed critical weaknesses in several artificial intelligence inference engines used by Meta, Nvidia, Microsoft, and open source projects. These systems process model requests and, when misconfigured or unpatched, can be tricked into deserializing hostile data that executes code on the host machines. This matters because many organizations now run these engines deep inside cloud clusters where a single compromised node can become a fresh beachhead. Companies racing to deploy artificial intelligence features into products may have left these serving layers under-scrutinized while focusing mostly on models and training data. Vendors are pushing out fixes and guidance, but security teams still need to inventory where these engines run and watch closely for strange process behavior on those hosts.
Hosting providers are also busy after news of a dangerous upload flaw in ImunifyAV and Imunify360, tools widely used to guard shared web servers. The vulnerability lets attackers plant malicious files on vulnerable hosts and then execute them, turning a protective shield into a convenient doorway for web shells and deeper compromise. This matters because a single shared server often holds hundreds or thousands of small websites that small businesses and nonprofits depend on every day. Many of those site owners do not even know Imunify runs under the hood, so they have little visibility into whether their protection layer is quietly being abused or properly patched. For now, the burden falls on hosting operators to push fixes, scan for signs of tampering, and clean up any shells or strange outbound connections from crowded servers.
Finally, ASUS has released emergency firmware updates to fix a critical authentication bypass in several older digital subscriber line routers. The flaw allows remote attackers to reach administrative interfaces without valid credentials, change settings, and even conscript devices into botnets that relay or inspect traffic. This matters because many home and small office routers sit untouched for years, quietly routing sensitive work traffic while never receiving meaningful security attention. Remote workers, micro businesses, and branch locations that rely on these aging ASUS models face a real risk that criminals can piggyback through cheap hardware into corporate networks. ASUS has shared guidance and new firmware, but organizations should help users patch, replace unsupported devices, and keep an eye on odd behavior from these edges.
That’s the BareMetalCyber Daily Brief for November 17th, 2025. For more, visit BareMetalCyber dot com. You can also subscribe to the newsletter and view the archive of previous headlines at daily cyber dot news. We’re back tomorrow.