A medium-severity bug (CVE-2025-10259) has been identified in Mitsubishi Electric's MELSEC iQ-F Series programmable logic controllers (PLCs). The flaw, stemming from improper validation of specified quantity in input, can be exploited remotely.

Threat actors are exploiting the legacy Finger protocol via Windows' built-in finger command to execute remote commands and deploy malware through the ClickFix malware campaign.

Two evolving malware campaigns—Campaign Trio (Feb–Mar 2025) and Campaign Chorus (May 2025)—are distributing variants of the Gh0st remote access trojan (RAT) by impersonating known software applications through massive fake domain infrastructure.

A large-scale supply chain attack has flooded the npm open-source registry with over 150,000 malicious packages in a campaign exploiting the tea.xyz platform to harvest cryptocurrency rewards.

A sophisticated North Korean-backed campaign, dubbed Contagious Interview, has adopted novel tactics by leveraging legitimate JSON storage services—such as JSON Keeper, JSONsilo, and npoint.io—as covert payload delivery platforms.

Two medium-severity vulnerabilities have been identified in Siemens SICAM P850 and P855 devices, which are widely deployed in the Energy sector. Exploitation could allow attackers to impersonate users or perform unauthorized actions remotely.

Multiple high-severity vulnerabilities have been identified in all versions of Brightpick AI's Mission Control / Internal Logic Control platform. These bugs affect all versions of the product and are exploitable remotely with low attack complexity.

A critical data breach at The Washington Post has compromised sensitive personal and financial information of 9,720 employees and contractors. The breach was facilitated through a zero-day vulnerability in Oracle E-Business Suite (CVE-2025-61884).

As of November 2025, Akira ransomware actors have expanded their operations, deploying a new variant—Akira_v2—that features faster encryption speeds and improved mechanisms to inhibit system recovery.

Multiple critical vulnerabilities have been identified in Siemens LOGO! 8 BM and SIPLUS LOGO! programmable logic controller (PLC) devices. These vulnerabilities could allow remote attackers to execute arbitrary code.