H-ISAC TLP Green: Daily Cyber Headlines - November 21, 2025

Today’s Headlines:  

Leading Story

  • Stolen VPN Credentials Emerge as Leading Entry Point for Ransomware Operations

Data Breaches & Data Leaks 

  • Byzfunder Data Breach Affects 15,164 People: SSNs & Names Exposed 

Cyber Crimes & Incidents

  • Over 50,000 Asus Routers Compromised in Operation WrtHug
  • Akira Ransomware Group Strikes Multiple North American Firms

Vulnerabilities & Exploits  

  • Critical Twonky Server Vulnerabilities Let Attackers Bypass Authentication
  • Android Banking Trojan Captures Decrypted Private Messaging from WhatsApp, Telegram, and Signal

Trends & Reports

  • Ransomware Attacks Soar by 41%, Marking Start of Golden Quarter

Privacy, Legal & Regulatory

  • NSA Issues Guidance for ISPs and Network Defenders to Combat Malicious Activity

Upcoming Health-ISAC Events

  • Global Monthly Threat Brief   
    • Americas – November 25, 2025, 12:00-01:00 PM ET
    • European – November 26, 2025, 03:00-04:00 PM CET
    • Fall Americas Summit – Carlsbad, California – December 1-5, 2025

 

View the detailed report below.

For help with Cybersecurity and Risk Advisory Services exclusively for AHA members, contact:

John Riggi

National Advisor for Cybersecurity and Risk, AHA

jriggi@aha.org

(O) +1 202 626 2272

More on John Riggi
Learn more about AHA's Cybersecurity and Risk Advisory Services

Key Resources

Related Resources

Advancing Health Podcast
Cybersecurity on the Health Care Front Lines Against AI and Ransomware
Letter/Comment
AHA Support for Senate Rural Hospital Cybersecurity Enhancement Act
Public
Special Bulletin
Senate Deal Reached to End Government Shutdown
Member
Guides and Reports
Strategies for Cyber Preparedness in Health Care
Advisory
Hospitals That Are Oracle Customers Urged to Take Immediate Action to Address Security Vulnerability
Public
Issue Landing Page
Cybersecurity and Risk Advisory Service