🚨WK 47: Anthropic AI Espionage, Cloudflare’s Outage, EU delays AI Act rules and proposes GDPR changes, US invests in AI-powered offensive cyber teams, Somalia e-Visa Breach...

On 18 November 2025, Cloudflare experienced a major internal outage that began at 11:20 UTC when its network started returning widespread "HTTP 5xx" error pages to users accessing sites protected by Cloudflare. The issue was caused by a configuration change in a database system which generated duplicate entries in a “feature file” used by the Bot-Management module. This file’s size doubled, exceeding preset limits in Cloudflare’s internal proxy software, triggering cascading failures. Full service was restored by 17:06 UTC, but during the outage many web services, login flows, and content delivery functions were disrupted.

Impact: A core Internet-infrastructure provider was temporarily incapacitated, affecting websites, APIs and login services globally; though not caused by attack, the failure disrupted service delivery and underlined the fragility of shared infrastructure.

Key details:

• At ~ 11:05 UTC, Cloudflare changed database permissions, allowing a system query to produce double the normal data.

• This extra data was placed into a configuration file used to distinguish between bots and real users (“Bot Management”).

• The file was pushed out to all Cloudflare servers—but the system was built for a file of a certain size; when size doubled it triggered a failure in the core traffic-routing system.

• The failure showed up as websites returning error pages, login systems failing, and other services being inaccessible.

• Cloudflare initially suspected a large denial-of-service attack (since symptoms matched such disruptions) but ultimately traced it back to the configuration issue.

• Recovery steps: stop propagation of faulty configuration file; roll back to known good version; restart proxy services; by ~14:30 UTC main traffic was flowing, by 17:06 full restoration.

• Cloudflare described this as its “worst outage since 2019” and committed to strengthening safeguards.

💻 Malware and Vulnerabilities

Microsoft Teams update could widen phishing risks: Microsoft’s upcoming feature allowing users to chat with anyone via email—even non-Teams users—could open a new avenue for phishing and malware delivery through unsolicited external chats. LINK

WhatsApp flaw let attackers scrape 3.5B user details: A security issue in WhatsApp’s contact-discovery system exposed metadata—phone numbers, profile images, and statuses—for up to 3.5 billion users, raising concerns about mass-harvesting of “public” data at unprecedented scale. LINK

W3 Total Cache plugin hit by PHP command injection bug: A high-severity flaw in the W3 Total Cache WordPress plugin allows attackers to execute arbitrary PHP via comment fields, putting millions of websites at risk until updated to the latest patched version. LINK

SolarWinds fixes three critical Serv-U RCE vulnerabilities: SolarWinds issued emergency patches for three remote-code-execution flaws impacting Serv-U file-transfer software; unpatched systems could be fully taken over by attackers. LINK

📈 Breaches and Incidents

Cloudflare outage triggers global service disruptions: A configuration error in Cloudflare’s bot-management system caused widespread 5xx failures across major platforms, illustrating the fragility of modern web infrastructure dependencies. LINK

50,000+ ASUS routers hijacked in mass exploitation campaign: Attackers are actively compromising outdated ASUS routers using multiple unpatched vulnerabilities; the devices are being absorbed into large-scale espionage and proxy networks. LINK

Salesforce-connected Gainsight breach exposes customer data: Misused OAuth tokens connected to Gainsight apps allowed unauthorized access to Salesforce customer environments, affecting hundreds of companies and prompting widespread token revocation. LINK

LG Energy Solution hit by ransomware attack: A ransomware incident disrupted operations at the major battery manufacturer and may have exposed proprietary data tied to EV and energy-storage supply chains. LINK

Somalia fires senior immigration official after e-visa breach: A significant data breach in Somalia’s electronic-visa system led to the dismissal of a top official amid concerns over mishandled personal data and systemic security failures. LINK

Kenyan government websites defaced in coordinated hack: Attackers breached multiple Kenyan government portals, defacing content and exposing system weaknesses, prompting emergency response and system takedowns. LINK

Eurofiber France reports cybersecurity incident: Fiber-infrastructure provider Eurofiber confirmed an attack affecting internal systems and potentially service continuity, with investigations ongoing. LINK

EU designates critical ICT providers after increased incidents: European supervisory authorities identified key ICT third-party providers as “critical,” triggering stricter oversight under the Digital Operational Resilience Act (DORA). LINK

Surveillance-tech firm Protei hacked, data stolen, website defaced: Cybercriminals breached telecom-surveillance vendor Protei, stole sensitive internal data, and defaced the company website—raising concerns about exploitation of surveillance-related technologies. LINK

🚨 Threat Intel & Info Sharing

Anthropic warns of rising AI-enabled espionage ops: New research outlines how AI models can be exploited for intelligence gathering and details defensive measures to detect and disrupt AI-driven espionage campaigns. LINK

Google details legal and policy fight against scam networks: Google outlines coordinated legislative and law-enforcement initiatives aimed at dismantling global fraud networks, particularly scammers exploiting online ads and social platforms. LINK

China-linked cyber-espionage operations analysed in new report: A detailed investigation maps how state-aligned groups leverage long-term “strategic access” to global infrastructure, refining techniques rather than relying on novel exploits. LINK

US invests heavily in AI-powered offensive cyber teams: New reporting reveals that the Pentagon is spending millions to develop AI-augmented hacker units capable of autonomous vulnerability discovery and cyber operations. LINK

North Korean threat unit analysis reframed in new research: Chollima Group releases updated intelligence on the group MSAB/“MSMT,” emphasising its disciplined tradecraft, infrastructure evolution, and geopolitical targeting patterns. LINK

South Korea warns of intensified DPRK cyber-recruitment campaigns: Government officials say North Korean espionage units are escalating cyber-talent recruitment schemes aimed at acquiring credentials and infrastructure abroad. LINK

⚖️ Laws, Policies and Regulations

 EU delays key AI Act rules and proposes GDPR changes: The EU plans to push back enforcement of high-risk AI provisions and update GDPR language to account for AI-training challenges, marking the largest regulatory shift since GDPR’s introduction. LINK

US announces strike force to combat Southeast Asian crypto fraud: The DOJ launched a dedicated center targeting large-scale crypto-investment scams run from Southeast Asia, emphasizing international cooperation to dismantle criminal networks. LINK

US takes nationwide enforcement action against North Korean cyber operations: Federal agencies executed coordinated actions to seize infrastructure and disrupt financing tied to North Korea’s cyber-crime and state-sponsored hacking activities. LINK

Europol announces takedown of 1,025-server cybercrime infrastructure: A major coordinated raid across multiple countries dismantled a global network used for ransomware, phishing, and malware hosting. LINK

UK courts order Twitter hacker to repay £41m in Bitcoin: A convicted hacker behind a major Twitter compromise must forfeit £41 million after a court ordered restitution of stolen crypto assets. LINK

Germany advances NIS2 implementation to bolster cyber-resilience: The Bundestag approved new rules expanding reporting obligations, security requirements, and enforcement under the EU’s NIS2 Directive framework. LINK

EU considers curbing Chinese access to critical EU infrastructure: Policymakers are weighing new restrictions on China’s involvement in telecommunications and energy infrastructure as security tensions rise. LINK

📊 Trends, Reports, Analysis

How to security-test Next.js: new bug-bounty guide released: DeepStrike published a detailed playbook for testing Next.js apps, outlining common weaknesses—from SSRF to cache poisoning—reflecting how the framework’s rapid adoption is expanding its security footprint. LINK

Sneaky 2FA phishing kit mimics real login windows: Malwarebytes warns of a new phishing scheme that uses deceptive “browser-in-the-browser” 2FA prompts, creating nearly perfect replicas of legitimate login pop-ups to steal credentials and MFA codes. LINK

Cyber-attacks increasingly weaponized against civilians: A new investigation highlights how adversaries are shifting tactics to disrupt hospitals, energy, municipal services, and other civilian-life systems, blurring the line between digital and physical conflict. LINK

📅 Upcoming Events

Exclusive Executive Cybersecurity Dinner: “The Future of Cyber Resilience in the Middle East”

During Black Hat Middle East & Africa 2025, we invite a select group of cybersecurity leaders and executive decision-makers for an exclusive evening of insight, dialogue, and collaboration.
If you would like to co-sponsor this event then do reach out to [email protected]

Register your interest to join here.

If you would like to sponsor any of our future in person or virtual events then please email us on [email protected] 

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.