Major Incidents or Breaches

  • GlobalLogic, a Hitachi group company, is notifying over 10,000 current and former employees of data theft following a breach of Oracle E-Business Suite (EBS).
  • The Rhadamanthys infostealer malware operation has been disrupted, with operators and customers losing access to their servers.
  • A Chinese national known as the “Bitcoin Queen” was sentenced in London to over 11 years in prison for laundering Bitcoin from a $7.3 billion cryptocurrency investment scam.

Newly Discovered Vulnerabilities

  • Microsoft’s November 2025 Patch Tuesday addressed 63 vulnerabilities, including one actively exploited Windows kernel zero-day and several critical flaws. Emergency and cumulative updates were also released for Windows 10 and Windows 11 to address security vulnerabilities and ESU enrollment issues.
  • Synology patched a critical remote code execution vulnerability in BeeStation products, demonstrated at Pwn2Own Ireland.
  • Gladinet’s Triofox file-sharing and remote-access platform was found to have a critical vulnerability that allowed attackers to exploit the built-in antivirus feature to gain SYSTEM privileges and deploy remote access tools.
  • SAP released patches for multiple vulnerabilities, including a maximum severity flaw in SQL Anywhere Monitor due to hardcoded credentials and a critical code execution issue in Solution Manager.
  • Adobe released security updates addressing 29 vulnerabilities across multiple products, including InDesign, InCopy, Photoshop, Illustrator, Pass, Substance 3D Stager, and Format Plugins.
  • A critical zero-day vulnerability affecting Samsung mobile devices was exploited in the wild to deliver LANDFALL spyware.
  • Mozilla introduced new fingerprinting protections in Firefox, reducing the number of trackable users.
  • A new side-channel attack, dubbed “Whisper Leak,” allows attackers intercepting network traffic to infer user prompt topics in large language model (LLM) conversations, despite end-to-end encryption.

Notable Threat Actor Activity

  • Threat actors are distributing a new banking malware called “Maverick” via WhatsApp, targeting major Brazilian banks. Maverick shares similarities with the Coyote banking malware.
  • GootLoader malware has resurfaced, now using a novel font-based obfuscation technique to hide malicious payloads on compromised WordPress sites.
  • A malicious npm package, “@acitons/artifact”, was discovered typosquatting the legitimate “@actions/artifact” package, targeting GitHub-owned repositories.
  • The Fantasy Hub Android remote access trojan (RAT) is being sold on Russian-speaking Telegram channels as a Malware-as-a-Service (MaaS), turning Telegram into a distribution hub for threat actors.
  • Kimsuky (DPRK-linked) APT group is exploiting Google Find Hub to compromise South Korean Android devices, remotely wiping devices and abusing the KakaoTalk messaging app.
  • RansomHub ransomware was detected during an in-progress attack, initiated via fake browser updates and leading to domain-admin privilege escalation.
  • Scammers are using AI-generated fake faces combined with real body images in extortion scams, and leveraging AI voice cloning and open-source data for social engineering attacks, particularly targeting the elderly.
  • Thieves are increasingly phishing Apple ID credentials through fake “Find My” messages to unlock stolen iPhones.

Trends, Tools, or Tactics of Interest

  • AI-enabled supply chain attacks increased by 156% over the past year, with CISOs advised to reassess traditional defenses.
  • Script-kiddie-level phishing campaigns remain effective at rapidly stealing credentials, even with poorly crafted lures.
  • The use of Telegram as a central hub for malware distribution and MaaS offerings is increasing.
  • Threat actors are exploiting built-in software features (e.g., antivirus in Triofox) to escalate privileges and deploy malware.
  • Fake browser update lures are being used as initial access vectors for ransomware attacks.
  • Social engineering attacks are leveraging AI-generated content and public data to bypass human defences.

Regulatory or Policy Developments

  • The US Department of Defense began enforcement of Cybersecurity Maturity Model Certification (CMMC) requirements for contractors on 10 November 2025.
  • Microsoft announced end of security update support for Windows 11 23H2 Home and Pro editions; extended security updates for Windows 10 are now available.
  • Firefox introduced new privacy protections to reduce user tracking.
  • Tenzai, an Israeli startup, raised $75 million in seed funding to develop an AI-powered penetration testing platform.