The ClickFix attack, a sophisticated social engineering threat, has seen a 517% surge in usage. It involves fake ChatGPT Atlas browser installers that trick users into running password-stealing software.

The ValleyRAT campaign targets job seekers by disguising malicious files as legitimate job-related documents. It leverages Foxit PDF Reader for DLL side-loading, allowing threat actors to gain control of systems and steal sensitive data.

The Water Saci campaign in Brazil leverages AI-enhanced, multi-format attacks via WhatsApp, utilizing a layered infection chain with various file formats and scripting languages.

The Cleveland County Sheriff's Office in Oklahoma has been targeted by the Rhysida ransomware group, which is demanding a ransom of 9 bitcoin (approximately $787,000). The attack was disclosed on November 20, 2025.

The Shai-Hulud 2.0 malware attack has compromised over 800 NPM packages, exposing up to 400,000 developer secrets. This attack has significant implications for software supply chain security.

This advisory provides a detailed overview of critical and high-risk vulnerabilities identified in various WordPress plugins and themes for November 2025. These vulnerabilities pose significant security risks.

The DOJ has successfully dismantled a fraudulent website spoofing the TickMill trading platform, operated by a scam center in Myanmar. The Scam Center Strike Force tracked the fake website back to the Tai Chang scam compound in Kyaukhat, Myanmar.

The "ShadyPanda" campaign is a long-running malware operation involving browser extensions that have amassed over 4.3 million installations. Initially submitted in 2018, the first signs of malicious activity were observed in 2023.

The SmartTube YouTube app for Android TV has been compromised, leading to a malicious update being pushed to users. The breach involved the compromise of the developer's signing keys, affecting version 30.51 of the app.

The Glassworm malware has resurfaced in its third wave, targeting developers using VS Code-compatible editors. This campaign introduces 24 new malicious packages on the OpenVSX and Microsoft Visual Studio marketplaces.