Multiple high-severity vulnerabilities have been identified in all versions of Brightpick AI's Mission Control / Internal Logic Control platform. These bugs affect all versions of the product and are exploitable remotely with low attack complexity.

Multiple critical vulnerabilities have been identified in Siemens LOGO! 8 BM and SIPLUS LOGO! programmable logic controller (PLC) devices. These vulnerabilities could allow remote attackers to execute arbitrary code.

Multiple versions of GitHub Enterprise Server are affected by a vulnerability identified as CVE-2025-11892. This issue may have been exploited, prompting urgent action to update to the latest patched versions.

A security vulnerability has been identified in Google Chrome for Desktop. Users running versions prior to 142.0.7444.162/.163 on Windows and 142.0.7444.162 on Mac and Linux are affected.

A legacy Remote Access Trojan (RAT), DarkComet, originally developed in 2008 and later discontinued, has resurfaced in a new campaign targeting cryptocurrency users. The malware is being distributed through fake Bitcoin wallet applications.

A high-severity vulnerability, tracked as CVE-2025-61834, has been identified in Adobe Substance3D Stager versions 3.1.5 and earlier. Exploitation requires user interaction, such as opening a specially crafted malicious file.

Microsoft’s November Patch Tuesday addresses 63 vulnerabilities across 13 product families, including: Windows (38) Office (12), 365 (11), Excel (7), Visual Studio (4) Dynamics 365 (3), Azure (1), Configuration Manager (1) and more.

A major law enforcement operation has reportedly compromised the infrastructure of the Rhadamanthys stealer, a prominent malware-as-a-service platform. The takedown has disrupted access to its command-and-control (C2) servers and control panels.

Fantasy Hub is a sophisticated Android Remote Access Trojan (RAT) sold as a Malware-as-a-Service (MaaS) offering, primarily targeting mobile banking users and BYOD environments.

A high-severity vulnerability has been identified in the Zoom Workplace VDI Client for Windows. This flaw allows authenticated local attackers to escalate privileges due to improper verification of cryptographic signatures in the installer.