This is today’s cyber news for November 21st, 2025. Today’s brief connects front-line cyber operations to real-world impact, from Iran-aligned hackers using ship tracking data to support a failed missile strike to China-linked BadAudio espionage quietly harvesting government and telecom secrets. We spotlight active exploitation of Fortinet’s FortiWeb web application firewall, and a Salesforce–Gainsight integration issue that raises fresh questions about third-party access to core customer data. You will also hear how an unpatched Microsoft Office exploit and a critical Windows image-processing flaw give attackers low-friction ways into fully patched systems. Together, these stories sketch a risk picture where trusted tools, integrations, and everyday documents become powerful attack paths.

Listeners will get concise updates on ten high-impact stories, including a zero-day style Oracle E-Business Suite campaign against enterprise resource planning platforms, ransomware crews locking Amazon Simple Storage Service buckets through cloud misconfigurations, and a surge of hostile scanning against GlobalProtect virtual private network portals that many remote workers rely on. We close with Sturnus, a new Android banking trojan that steals on-screen data from encrypted messengers and enables high-yield mobile fraud. This feed is built for leaders, defenders, and builders who need a fast sense of what matters most today, and every episode is also available at DailyCyber.news.