MONTHLY WRAP MONTHLY WRAP Overview November saw a significant increase in attacks involving ecosystem-level compromise, SaaS and support-platform targeting, and rapid experimentation with AI-enabled tradecraft. Supply chain attacks escalated from isolated package backdoors to full ecosystem disruption in npm, PyPI, and
Albiriox
TRENDING TOPICS DEC 01, 2025 Albiriox: Rapidly Evolving Android Banking Malware-as-a-Service Albiriox is a newly emerging Android banking malware family operating as a Malware-as-a-Service, first spotted in September 2025 and now actively sold on Russian-language cybercrime forums. It uses staged delivery via SMS phishing to lead victims to fake app
ShadowV2
CVE-2025-59287 Critical Windows Server Update Services UNSAFE DESERIALIZATION A critical vulnerability in Windows Server Update Services (WSUS) stems from unsafe deserialization of untrusted data over the network, allowing remote attackers to execute arbitrary code on WSUS servers without authentication. Mitigation: Immediately apply Microsoft's security update, restrict WSUS exposure
Victim Organization Organization Profile Stark Shipping is a maritime services provider operating in the Black Sea and Azov Sea regions. Services include port agency, cargo chartering and market analysis. Reported Date 15 November 2025 Stark Shipping Maritime Services Black Sea Region Port Agency Cargo Chartering Threat Group Threat Actor Profile
RomCom
TRENDING TOPICS NOV 26, 2025 Russian RomCom Uses SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine Researchers have identified the first confirmed instance of RomCom malware being delivered through the SocGholish framework, marking a significant evolution in the threat landscape. In this case, a U.S.-based
Shai-Hulud
TRENDING TOPICS NOV 25, 2025 Round 2: Shai-Hulud Worm Exploits npm at Massive Scale The Shai-Hulud campaign has resurfaced with a far more aggressive, disruptive operation that has moved well beyond the smaller, account-level compromise seen in September. This round introduced a self-spreading worm that activated during package installation, enabling
DPRK
TRENDING TOPICS NOV 24, 2025 Update: DPRK Expands Contagious Interview Operation With Full Fake Job Platform Targeting U.S. AI Talent Researchers have uncovered a highly polished fake recruitment platform built as part of a new variant of the DPRK-linked Contagious Interview operation. Unlike earlier lures that relied on simple
APT24
CVE-2025-64446 Critical Fortinet FortiWeb 7.0.x - 8.0.x PATH TRAVERSAL A relative path traversal vulnerability impacts Fortinet FortiWeb versions 7.0.x through 8.0.x, enabling attackers to run administrative commands by sending specially crafted HTTP or HTTPS requests. Exploitation may provide elevated control over the
TamperedChef
TRENDING TOPICS NOV 20, 2025 TamperedChef: New Global Malvertising Campaign Using Fake Software Installers to Deliver Stealthy Backdoors The TamperedChef campaign first surfaced earlier this year as security researchers began tracking a rise in fake software installers pushed through manipulated online ads and poisoned search results. The operation has since
Cloudflare
TRENDING TOPICS NOV 19, 2025 Update: Cloudflare Global Network Outage Disrupts Major Online Services Cloudflare previously reported a major outage on November 18 that disrupted core CDN, security, and authentication services across its Global Network, and new findings now clarify that the disruption stemmed from an internal database permissions change
Cloudflare
TRENDING TOPICS NOV 18, 2025 Cloudflare Global Network Outage Disrupts Major Online Services Cloudflare confirmed a significant disruption across its Global Network on November 18, 2025, with outages rippling through major platforms, including X, Canva, Downdetector, and various web services relying on Cloudflare infrastructure. The issue surfaced shortly after the
FortiWeb
TRENDING TOPICS NOV 17, 2025 FortiWeb Zero-Day (CVE-2025-64446) Actively Exploited to Create Admin Accounts and Execute Commands Fortinet has confirmed that a critical FortiWeb zero-day vulnerability (CVE-2025-64446) was silently patched after widespread in-the-wild exploitation began in early October. The flaw, a relative path-traversal weakness in the FortiWeb GUI component, allows