A sophisticated malware distribution campaign has been identified, leveraging the YouTube Ghost Network to deploy GachiLoader, a heavily obfuscated Node.js-based loader. This loader delivers Rhadamanthys infostealer to unsuspecting victims.

The Clop ransomware gang is actively targeting Gladinet CentreStack file servers in a new data theft extortion campaign. This campaign involves scanning for and breaching Internet-exposed CentreStack servers.

Microsoft has released an out-of-band (OOB) update (KB5074976) to address issues with the Message Queuing (MSMQ) functionality in Windows 10, which arose after the December 9, 2025, update.

A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.

The emergence of DIG AI, an uncensored darknet AI assistant, has been identified as a significant threat, with a notable increase of over 200% in mentions and use of malicious AI tools from 2024 to 2025.

A critical vulnerability in the Motors WordPress theme, developed by StylemixThemes, has been identified, potentially allowing logged-in users with minimal privileges to take over affected websites.

The DOJ has announced the takedown of E-Note, an alleged money laundering platform used by cybercriminal groups. This operation marks a significant step in disrupting the financial networks supporting cybercrime activities.

A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.

Amazon has successfully blocked over 1,800 suspected North Korean scammers from securing remote jobs since April 2024. These scammers use fake identities, AI tools, and deepfakes to apply for jobs, funneling their wages to the North Korean regime.

This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.