The week of November 17 through November 23 saw significant cybersecurity events, including a major retail data breach, the disclosure of a critical vulnerability in popular networking hardware, and the emergence of a widespread phishing campaign.

Global Outfitters Breach Impacts 15 Million Customers

On November 18, international clothing retailer Global Outfitters announced it had sustained a data breach. The security incident involved unauthorized access to a customer database containing the personal information of approximately 15 million individuals. The exposed data included customer names, email addresses, physical addresses, and order histories.

An investigation revealed the breach was caused by a misconfigured cloud storage server that was left accessible to the public internet. Global Outfitters confirmed that customer financial data, such as credit card numbers, was not compromised in this incident as it is processed and stored on a separate, segregated system. The company has since secured the server, begun notifying all affected customers, and offered them complimentary credit monitoring services.

Critical RCE Flaw Discovered in ConnectLink Routers

Security researchers disclosed a critical vulnerability in two models of ConnectLink routers, the Home CL-4500 and the Office CL-5500. The flaw, tracked as CVE-2025-58291, is a remote code execution (RCE) vulnerability with a CVSS severity score of 9.8 out of 10. The vulnerability exists within the device’s web administration interface and allows an unauthenticated attacker on the local network to execute arbitrary code and gain full control of the router.

In response to the disclosure, ConnectLink released a security patch on November 20. The manufacturer issued firmware version 3.1.5, which remediates the vulnerability. All owners of the affected ConnectLink router models were urged to update their devices immediately to protect against potential exploitation.

Phishing Campaign Distributes FormStealer Malware

Throughout the week, cybersecurity firms observed a large-scale phishing campaign targeting both corporate and individual users. The campaign distributes a new information-stealing malware variant named FormStealer. The attack begins with phishing emails that impersonate shipping notifications from well-known logistics companies. These emails contain a malicious ZIP archive with a VBS script that, when executed, installs the malware. FormStealer is designed to harvest saved credentials, autofill data, and financial information from major web browsers.

Source: https://www.malwarebytes.com/blog/news/2025/11/a-week-in-security-november-17-november-23