A sophisticated phishing campaign has been identified, utilizing weaponized PDF documents to steal corporate credentials. The phishing emails contain a PDF attachment named "NEW Purchase Order # 52177236.pdf.

The emergence of DIG AI, an uncensored darknet AI assistant, has been identified as a significant threat, with a notable increase of over 200% in mentions and use of malicious AI tools from 2024 to 2025.

A critical vulnerability in the Motors WordPress theme, developed by StylemixThemes, has been identified, potentially allowing logged-in users with minimal privileges to take over affected websites.

The DOJ has announced the takedown of E-Note, an alleged money laundering platform used by cybercriminal groups. This operation marks a significant step in disrupting the financial networks supporting cybercrime activities.

A China-aligned advanced persistent threat group, LongNosedGoblin, has been identified targeting government institutions in Southeast Asia and Japan. The group exploits Windows Group Policy to deploy malware and conduct long-term surveillance.

Amazon has successfully blocked over 1,800 suspected North Korean scammers from securing remote jobs since April 2024. These scammers use fake identities, AI tools, and deepfakes to apply for jobs, funneling their wages to the North Korean regime.

This advisory provides an overview of phishing email trends observed in November 2025, highlighting the tactics, techniques, and procedures (TTPs) employed by threat actors.

The Kimwolf botnet has emerged as a significant threat, hijacking 1.8 million Android-based devices, including TVs, set-top boxes, and tablets, to conduct large-scale DDoS attacks. This botnet is linked to the AISURU botnet.

Ink Dragon, a sophisticated Chinese threat actor, has been leveraging a custom ShadowPad IIS Listener module to transform compromised servers into distributed relay nodes.

A new spyware, dubbed ResidentBat, has been discovered on a Belarusian journalist's phone. This spyware targets Android devices and can access call logs, SMS, encrypted app messages, microphone recordings, locally stored files, and screen captures.