Top 5 Cybersecurity Headlines to Know this Month

BARR Advisory Senior Consultant Teddy VanGalen has picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what our consulting team has been reading this November—plus, scroll to see Teddy’s CISO Pick of the Month for his top new resource for security and compliance professionals this month.

TOAD Attacks Jump to Microsoft Cloud

A new phishing campaign is leveraging Microsoft Entra guest user invitations to launch sophisticated social engineering attacks that Cyber Security News call “an evolution in TOAD (Telephone Oriented Attack Delivery) tactics.” The attack works by sending an invitation from the legitimate invites@microsoft[.]com address, which bypasses traditional email filters, convincing recipients their Microsoft 365 plan needs renewal. This exploits a critical security gap in Entra’s design, turning a collaboration feature into a delivery mechanism for a scam that instructs users to call a fake “Microsoft Billing Support” number. This novel tactic underscores the need for organizations to educate users on the importance of verifying support requests through official channels.

➡️ Read more

Ransomware Targets AWS S3 Buckets

A new wave of ransomware is specifically targeting Amazon S3 cloud storage environments, exploiting weak access controls and configuration mistakes to lock organizations out of their data. Unlike traditional ransomware, these attacks use native cloud features to encrypt or delete original files, often gaining access through stolen credentials or leaked keys. Researchers identified five distinct variants, including one using SSE-C encryption that makes data permanently unrecoverable without the attacker’s key.

➡️ Read more

AI Agent Executes Large-Scale Attack

A Chinese state-sponsored group successfully used an AI model to execute a highly sophisticated, large-scale cyber espionage campaign targeting roughly 30 global entities. The AI model was manipulated and jailbroken to perform 80-90% of the work, including reconnaissance, code exploitation, and data exfiltration at an impossible speed for human teams. This demonstrates how AI has significantly lowered the barrier for sophisticated cyberattacks.

➡️ Read more

Patch FortiWeb Now, CISA Urges

CISA has issued an urgent warning about a critical vulnerability in Fortinet’s FortiWeb WAF that is actively being exploited. The flaw is a relative path traversal issue enabling unauthenticated attackers to execute arbitrary administrative commands through specially crafted requests. This critical oversight turns a WAF meant for protection into a potential backdoor for complete system compromise. Fortinet urges immediate patching to versions like 7.4.8 or 7.6.6, and federal agencies have a deadline of Nov. 21 to apply mitigations.

➡️ Read more

Brute-Force Attack Hits Palo Alto VPN

A massive brute-force attack campaign has unleashed over 2.3 million malicious sessions against Palo Alto Networks’ GlobalProtect VPN portals since November 14, 2025. The activity, which surged 40-fold in 24 hours, primarily targets the login URI to gain unauthorized access to corporate networks. Threat intelligence suggests the coordinated campaign is linked to previous VPN attacks, with the majority of sessions originating from a single German ASN. This spike serves as a stark reminder for enterprises to audit exposed portals, monitor for indicators of compromise, and strictly enforce multi-factor authentication (MFA).

➡️ Read more

Teddy VanGalen
Senior Consultant, Cybersecurity Consulting

CISO Pick of the Month:

Breaking Down New Requirements in PCI DSS 4.0.1

Earlier this week, BARR Advisory Lead QSA Kyle Kofsky teamed up with cside CEO Simon Wijckmans for a live discussion on PCI DSS requirements 6.4.3 and 11.6.1—including what risks these new requirements aim to mitigate and how to ensure your organization is compliant.

To hear the full discussion, watch the webinar now on-demand. ▶️

Get The Scoop

Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.