United Kingdom
Ernst & Young (EY)
A major cloud misconfiguration has exposed a massive amount of data belonging to British multinational professional services firm Ernst & Young (EY). The exposure has become one of the most talked-about topics in cybersecurity circles this week.
Cybersecurity researchers discovered 4TB of publicly accessible EY data on Microsoft Azure during a routine network and cloud scan. The file carried a .BAK extension, indicating it was a full SQL Server database backup. The exposed backup likely contained sensitive information such as user data, API keys, credentials, authentication tokens and database schemas.
Experts warn that such a large volume of exposed data could have serious consequences. With today’s automated scanning tools, countless threat actors could have easily found and accessed the files.
SourceHow it could affect your business
This incident shows that even elite organizations can fall victim to simple misconfigurations in today’s fast-paced cloud environments. As companies accelerate cloud adoption, securing cloud-based data through proper access controls, configuration management and continuous monitoring is critical to prevent exposure.
United States
U.S. federal agencies
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies about a Linux vulnerability currently being used in active ransomware attacks.
CISA has released a binding operational directive regarding CVE-2024-1086, a Linux Kernel use-after-free vulnerability that allows a normal user to gain administrator (root) access. Once exploited, attackers can alter files, disable security controls or install malware. Agencies have been given until November 20 to apply the required fix or discontinue use of affected systems.
Although the flaw was patched in January 2024, it continues to be exploited in older, unpatched Linux versions. The vulnerability, first reported nearly two years ago, highlights how delayed updates can leave critical systems exposed. You can find the complete list of impacted versions here.
SourceHow it could affect your business
This is a warning not only for federal agencies but for all organizations. Old or unpatched systems remain a prime target for attackers. Businesses must stay vigilant with timely patching, vulnerability scanning and system upgrades to close gaps that ransomware actors are quick to exploit.
United States
LinkedIn users
Hackers are exploiting LinkedIn to target finance executives with direct-message phishing attacks that impersonate invitations to join executive boards. The goal is to steal Microsoft account credentials.
The phishing messages appear to invite recipients to join the executive board of a new “Common Wealth” investment fund. Each message includes a link encouraging the target to learn more about the opportunity. However, clicking the link redirects users to attacker-controlled websites designed to harvest login information.
Experts warn LinkedIn users to verify the sender’s identity and the legitimacy of such offers before responding. Since many phishing campaigns use uncommon top-level domains (TLDs), such as .top, .icu and .xyz, users are advised to treat these links with suspicion and avoid interacting with them whenever possible.
SourceHow it could affect your business
LinkedIn users should stay alert for unsolicited or unexpected messages offering business opportunities or board positions. Executives and employees alike should avoid clicking on links shared in direct messages and verify such invitations through official company channels before engaging.
Latin America & the Caribbean
The Office of the Attorney General of Colombia
A sophisticated phishing campaign targeting Colombian and Spanish-speaking users has recently emerged. Through this operation, threat actors are expanding the deployment of PureHVNC malware into Latin America — a region that had previously seen little to no activity from this threat.
In this phishing campaign, victims receive deceptive emails posing as official communications from Colombia’s Attorney General’s Office. The messages use convincing social engineering tactics, claiming the recipient is involved in a lawsuit filed through a labor court. By clicking links or downloading attachments, victims unknowingly trigger the installation of multiple malware payloads, including PureHVNC.
This campaign highlights how judicial and legal themes remain effective social engineering tactics, especially when targeting government officials and corporate employees in Latin America.
SourceHow it could affect your business
Phishing campaigns often exploit themes of authority and urgency to trick users into taking action. Employees should be trained to recognize suspicious legal or government-themed messages and verify their authenticity before responding. Consistent phishing awareness training can help stop these attacks before they compromise your network.
Australia
Ansell
Clop, the notorious cyber extortion group behind several high-profile breaches, has listed Australian personal protective equipment (PPE) manufacturer Ansell as a victim on its darknet leak site. The claim comes just weeks after Ansell disclosed “unauthorized data access” in an Australian Securities Exchange (ASX) announcement.
On October 14, Ansell confirmed the breach stemmed from vulnerabilities in licensed third-party software. The hackers have now allegedly published a 552GB dataset that is said to have been exfiltrated from Ansell’s network, sharing it via the BitTorrent peer-to-peer protocol. The torrent file, made available on November 3, has already been downloaded multiple times.
So far, the hackers have not disclosed what data is included in the breach, nor have they shared proof of compromise or any ransom demand.
SourceHow it could affect your business
Third-party data breaches are becoming more frequent as attackers exploit vulnerabilities in vendor software and supply chains. Businesses should review vendor security practices, apply updates promptly and limit the data shared with external systems. Regular third-party risk assessments and strict access controls can significantly reduce the impact of such incidents.
United States
Windows and macOS users
Researchers have revealed that cybercriminals are increasingly using artificial intelligence (AI) to develop and scale sophisticated attacks against users on Windows and macOS systems.
The campaigns, active since at least April 2025, include two major operations — GhostCall and GhostHire. In GhostCall, attackers pose as investors offering partnership or funding opportunities. They lure victims to fake Microsoft Teams or Zoom websites to download malicious files that infect their computers. In GhostHire, attackers target crypto developers with fake job offers, sending them malicious links or files.
In some cases, attackers have even used stolen accounts of legitimate entrepreneurs and short clips from real video calls to make their scams more convincing.
SourceHow it could affect your business
AI is making social engineering attacks more convincing and harder to detect. Businesses should train employees to verify the authenticity of messages, meetings and job offers, even when they appear legitimate. Implementing stricter identity verification and educating users on new AI-driven threats can help prevent these scams from succeeding.
