The Water Saci campaign in Brazil leverages AI-enhanced, multi-format attacks via WhatsApp, utilizing a layered infection chain with various file formats and scripting languages.

The Cleveland County Sheriff's Office in Oklahoma has been targeted by the Rhysida ransomware group, which is demanding a ransom of 9 bitcoin (approximately $787,000). The attack was disclosed on November 20, 2025.

The Shai-Hulud 2.0 malware attack has compromised over 800 NPM packages, exposing up to 400,000 developer secrets. This attack has significant implications for software supply chain security.

This advisory provides a detailed overview of critical and high-risk vulnerabilities identified in various WordPress plugins and themes for November 2025. These vulnerabilities pose significant security risks.

The DOJ has successfully dismantled a fraudulent website spoofing the TickMill trading platform, operated by a scam center in Myanmar. The Scam Center Strike Force tracked the fake website back to the Tai Chang scam compound in Kyaukhat, Myanmar.

The "ShadyPanda" campaign is a long-running malware operation involving browser extensions that have amassed over 4.3 million installations. Initially submitted in 2018, the first signs of malicious activity were observed in 2023.

The SmartTube YouTube app for Android TV has been compromised, leading to a malicious update being pushed to users. The breach involved the compromise of the developer's signing keys, affecting version 30.51 of the app.

The Glassworm malware has resurfaced in its third wave, targeting developers using VS Code-compatible editors. This campaign introduces 24 new malicious packages on the OpenVSX and Microsoft Visual Studio marketplaces.

A recent cyberattack on South Korea's largest cryptocurrency exchange, Upbit, resulted in the theft of $30 million. The attack is attributed to North Korea's Lazarus Group.

Google's December security update for Android addresses 107 vulnerabilities, including two high-severity zero-day vulnerabilities, CVE-2025-48633 and CVE-2025-48572. This update marks the second-highest number of vulnerabilities patched this year.