28 Nov 2025
Week in review
Greetings,
A new episode of the Share Today, Save Tomorrow podcast is out now! Episode 50: The Economy of Algorithms with Marek Kowalkiewicz
Our host, Ivano Bongiovanni, sits down with Professor Marek Kowalkiewicz, Chair in Digital Economy at QUT and author of The Economy of Algorithms. This episode explores Marek’s RACERS framework, viewing AI as a creative partner, and why experimentation is key to managing risks.
This is a conversation you won’t want to miss, and it’s available now on Spotify, Apple Podcasts, and Soundcloud!
This week, it was reported that OpenAI has severed ties with Mixpanel after a security incident exposed limited data associated with some of its API users. The leak, discovered on November 9 and communicated to OpenAI on November 25, did not involve any breach of OpenAI’s own systems such as chat logs, API requests, API keys, payment information or personal IDs.
However, the compromised data set included account-holder names, email addresses, broad location information, referring websites, and internal user or organisation IDs.
In response, OpenAI removed Mixpanel from its production systems, initiated a full vendor-security audit, and began notifying impacted users and organisations directly. While the company asserted that there is “no evidence of any effect on systems or data outside Mixpanel’s environment,” it cautioned users to watch out for phishing or social-engineering attempts using the exposed information.
OpenAI emphasised that regular users of its consumer products, such as ChatGPT, were not impacted, as the breach pertained only to its API-platform analytics.
Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
Date: 2025-11-23
Author: Hackread
A vulnerability has been found in the very popular, free file-compressing tool 7-Zip. The flaw, tracked as CVE-2025-11001, has a public exploit, leading to a high-risk warning from the UK’s NHS England Digital.
While the NHS confirmed active exploitation has not been observed in the wild, the public PoC means the risk of future attacks is extremely high. The vulnerability was discovered by Ryota Shiga of GMO Flatt Security Inc., with help from their AI tool AppSec Auditor Takumi.
CISA warns Oracle Identity Manager RCE flaw is being actively exploited
Date: 2025-11-21
Author: Bleeping Computer
[Please see AUSCERT bulletin: https://portal.auscert.org.au/bulletins/ASB-2025.0185.2/]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning government agencies to patch an Oracle Identity Manager tracked as CVE-2025-61757 that has been exploited in attacks, potentially as a zero-day.
CVE-2025-61757 is a pre-authentication RCE vulnerability in Oracle Identity Manager, discovered and disclosed by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw.
Popular Forge library gets fix for signature verification bypass flaw
Date: 2025-11-26
Author: Bleeping Computer
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid.
The flaw is tracked as CVE-2025-12816 and received a high severity rating. It arises from the library’s ASN.1 validation mechanism, which allows malformed data to pass checks even when it is cryptographically invalid.
Gainsight Cyber-Attack Affect More Salesforce Customers
Date: 2025-11-26
Author: Infosecurity Magazine
The cyber-attack targeting Gainsight has affected more Salesforce customers than initially expected.
In a customer FAQ, first posted on November 20 and regularly updated since, the customer support platform provider said Salesforce initially provided a list of three customers impacted by the breach.
Microsoft Teams Flaw in Guest Chat Exposes Users to Malware Attacks
Date: 2025-11-26
Author: HackRead
Microsoft Teams has become the main tool for communication in businesses globally. Due to this, security teams spend a lot of time and money on protection services like Microsoft Defender for Office 365 to guard against dangers like phishing emails, malicious links, and malware.
However, new research from the security firm Ontinue, released on Wednesday, November 26, shows a huge security flaw in the standard setup of Microsoft Teams collaboration with outside partners, known as B2B Guest Access, which lets attackers entirely bypass a company’s Microsoft Defender protections.
ASB-2025.0185.2 – Oracle Fusion Middleware: CVSS (Max): 9.8
This Critical Patch Update contains 20 new security patches, plus additional third party patches noted below, for Oracle Fusion Middleware. 17 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without requiring user credentials.
ESB-2025.8534 – F5 BIG-IP DNS: CVSS (Max): 7.5
In specific circumstances, due to a weakness in the Pseudo Random Number Generator (PRNG) that is used, it is possible for an attacker to predict the source port and query ID that BIND will use. This issue affects BIND 9 versions 9.16.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.16.8-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.39-S1, and 9.20.9-S1 through 9.20.13-S1. (CVE-2025-40780).
ESB-2025.8648 – Ubuntu: H2O: CVSS (Max): 7.5
H2O could be made to crash if it received specially crafted network traffic. It was discovered that H2O exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause H2O to crash, resulting in a denial of service.
ESB-2025.8662 – Splunk SOAR: CVSS (Max): 8.8
Splunk remedied common vulnerabilities and exposures (CVEs) in Third Party Packages in Splunk SOAR version 7.0.0, and higher.
ESB-2025.8673 – GitLab Community and Enterprise Edition: CVSS (Max): 7.7
Several GitLab CE/EE vulnerabilities were identified, including high-severity race condition and denial-of-service flaws, along with medium-severity authentication bypass, DoS, and authorization issues. A low-severity information disclosure bug in the Terraform registry was also reported.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
