The Claude Chrome extension, developed by Anthropic, poses significant data exposure risks. This extension allows AI to browse and interact with websites on behalf of users, potentially bypassing traditional web security measures.

A threat actor known as Zestix is actively selling corporate data stolen from cloud file-sharing services such as ShareFile, Nextcloud, and OwnCloud. The data theft is facilitated by info-stealing malware like RedLine, Lumma, and Vidar.

Cybercriminals are abusing Google Cloud's Application Integration service to conduct a sophisticated phishing campaign. The attackers use the email address "noreply-application-integration@google[.]com" to send phishing emails that appear legitimate.

Ongoing cryptocurrency thefts have been traced back to the 2022 LastPass breach, where attackers stole encrypted vaults containing cryptocurrency wallet private keys and seed phrases.

A deceptive social engineering tactic known as “ClickFix” has evolved into a gateway for major ransomware attacks, with researchers uncovering a direct link between these fake verification prompts and the notorious Qilin ransomware group.

Activity dating back to 2023 reveals malicious actors have impersonated senior U.S. state government, White House, and Cabinet level officials, as well as members of Congress to target individuals.

CISA, National Security Agency, and Canadian Centre for Cyber Security have released an update to the Malware Analysis Report BRICKSTORM Backdoor with indicators of compromise (IOCs) and detection signatures for additional BRICKSTORM samples.

A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.

A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.

This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.