This is today’s cyber news for November 12th, 2025. A massive credential trove lands in Have I Been Pwned, pushing account takeover risk sharply higher. Microsoft’s monthly patches close sixty-three flaws, including one already exploited in the wild. Triofox is under live attack via a setup-route bypass, SAP fixes hardcoded credentials in SQL Anywhere Monitor, and Samsung’s latest mobile flaw enters the Known Exploited catalog. Ransomware-as-a-service expands with VanHelsing, Synology’s BeeStation faces an unauthenticated zero-day, and Brazil sees WhatsApp-driven bank session hijacking. Rounding out the brief: GootLoader’s stealthy web-font trick and fresh Ivanti Endpoint Manager issues that enable arbitrary file writes.

You’ll hear what changed, why it matters, who is most exposed, and the near-term moves that shrink risk. Leaders get business-impact framing; defenders get plain-English signals to watch and pragmatic steps tied to identity, patching, and endpoint controls. The focus is tight: the Top 10 from today’s newsletter only—no filler. It’s a fast, narrated briefing for students and practitioners alike, available at DailyCyber.news.