A critical data breach at The Washington Post has compromised sensitive personal and financial information of 9,720 employees and contractors. The breach was facilitated through a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61884).

As of November 2025, Akira ransomware actors have expanded their operations, deploying a new variant—Akira_v2—that features faster encryption speeds and improved mechanisms to inhibit system recovery.

Multiple critical vulnerabilities have been identified in Siemens LOGO! 8 BM and SIPLUS LOGO! programmable logic controller (PLC) devices. These vulnerabilities could allow remote attackers to execute arbitrary code.

Multiple versions of GitHub Enterprise Server are affected by a vulnerability identified as CVE-2025-11892. This issue may have been exploited, prompting urgent action to update to the latest patched versions.

A sophisticated phishing campaign is targeting email users with fake spam filter alerts. These emails impersonate legitimate spam filter notifications and redirect users to spoofed login pages designed to harvest sensitive information.

A large-scale phishing campaign has been uncovered targeting customers of Aruba S.p.A. The campaign aims to steal sensitive login credentials and payment information by impersonating Aruba’s login and payment portals.

DoorDash has disclosed a data breach, involving unauthorized access to user data through a social engineering attack. Notification emails began reaching affected users the evening before the public disclosure, primarily targeting users in Canada.

A sophisticated spyware campaign attributed to the North Korea-linked KONNI APT group has targeted individuals in South Korea using spear phishing, social engineering, and abuse of legitimate services.

A security vulnerability has been identified in Google Chrome for Desktop. Users running versions prior to 142.0.7444.162/.163 on Windows and 142.0.7444.162 on Mac and Linux are affected.

A legacy Remote Access Trojan (RAT), DarkComet, originally developed in 2008 and later discontinued, has resurfaced in a new campaign targeting cryptocurrency users. The malware is being distributed through fake Bitcoin wallet applications.