Executive Summary Microsoft has recently announced a comprehensive suite of security enhancements targeting identity, defense, and compliance within its cloud and enterprise ecosystems. These advancements are designed to address the evolving threat landscape, streamline compliance management, and empower organizations to better protect their digital assets. This report provides an in-depth analysis of the technical and practical implications of these updates, explores their

Executive Summary The Pennsylvania Attorney General’s Office has confirmed a data breach following a ransomware attack. The incident resulted in unauthorized access to sensitive data held by the office. The breach has been publicly acknowledged by the office, and initial investigations indicate that the attack was part of a broader trend of ransomware campaigns targeting government entities. The office has initiated incident response protocols and is cooperating with law enf

Executive Summary Recent intelligence has surfaced regarding the activities of the Iran-nexus threat actor UNC1549 , which has been observed targeting the global aerospace sector. This actor, believed to be operating with strategic objectives aligned with Iranian state interests, has demonstrated a sophisticated operational playbook, leveraging advanced malware, custom toolsets, and multi-stage intrusion techniques. The campaign is characterized by a focus on espionage, intel

Executive Summary CVE-2025-58034 is a critical operating system (OS) command injection vulnerability discovered in Fortinet ’s FortiWeb web application firewall (WAF) product line. This flaw enables authenticated attackers to execute arbitrary commands on the underlying system, potentially leading to full compromise of the affected device and lateral movement within the network. The vulnerability is being actively exploited in the wild, with thousands of attack attempts det

Executive Summary Publication Date: November 18, 2025 On November 18, 2025, Cloudflare experienced a significant global service disruption beginning at 11:20 UTC, resulting in widespread HTTP 5xx errors and failures across core network services. The incident was not caused by a cyber attack or malicious activity, but rather by an internal change to database permissions that led to the propagation of a malformed configuration file used by the Bot Management system. This rep

Executive Summary Eurofiber France has issued a warning regarding a data breach after a threat actor attempted to sell customer data online. The incident was detected when a hacker advertised what was claimed to be customer information from Eurofiber France on a cybercrime forum. The company has confirmed that unauthorized access to its systems occurred, potentially exposing sensitive customer data. At this stage, the full scope of the breach, including the specific data ty

Executive Summary Recent claims by Anthropic regarding the potential for its Claude AI model to automate cyberattacks have sparked significant debate within the cybersecurity community. While Anthropic has highlighted the risks of advanced language models being used for malicious purposes, many experts have expressed skepticism about the immediacy and practicality of such threats. This report examines the technical and practical aspects of these claims, analyzes the broade

Executive Summary The emergence of the Akira Ransomware-as-a-Service (RaaS) operation has introduced a significant threat to organizations leveraging Nutanix Virtual Machines (VMs) . Recent intelligence indicates that the Akira threat group has expanded its targeting scope to include Nutanix environments, exploiting virtualization infrastructure to maximize operational disruption and ransom leverage. This campaign is particularly concerning for critical infrastructure, hea

Executive Summary The emergence of the RondoDox botnet campaign marks a significant escalation in the exploitation of unpatched XWiki servers, leveraging known vulnerabilities to conscript these systems into a rapidly expanding botnet infrastructure. XWiki , a widely adopted open-source enterprise wiki platform, has become a high-value target due to its prevalence in knowledge management and collaboration environments across diverse sectors. The RondoDox threat actor explo

Executive Summary A critical zero-day vulnerability, CitrixBleed 2 (CVE-2025-5777), is wreaking havoc across global enterprise networks by targeting Citrix NetScaler ADC and Citrix NetScaler Gateway appliances. This pre-authentication memory disclosure flaw enables remote attackers to extract sensitive memory contents from vulnerable devices, potentially leading to session hijacking, credential theft, and lateral movement within affected environments. The attack is highly

Executive Summary Amazon’s threat intelligence division has recently identified a highly sophisticated campaign leveraging zero-day vulnerabilities in Cisco Identity Services Engine (ISE) and Citrix NetScaler ADC/Gateway . These vulnerabilities, tracked as CVE-2025-20337 for Cisco ISE and CVE-2025-5777 for Citrix NetScaler (dubbed “Citrix Bleed 2”), were actively exploited in the wild prior to public disclosure and patch release. The attackers demonstrated advanced techn

Executive Summary Recent intelligence has revealed that North Korean state-sponsored threat actors are leveraging legitimate JSON-based web services as covert channels for malware delivery and command-and-control (C2) operations. This innovative tactic exploits the ubiquity and trust associated with JSON data formats and cloud-based APIs, enabling adversaries to bypass traditional security controls and evade detection. The campaign demonstrates a significant evolution in th

Executive Summary Logitech has confirmed a data breach following an extortion attack attributed to the Clop ransomware group. The incident involved unauthorized access to certain company data, with the attackers leveraging vulnerabilities to exfiltrate sensitive information. Logitech has stated that the breach did not impact its core business operations or compromise customer payment data. The company is actively investigating the scope of the breach and has engaged with r

Executive Summary Recent intelligence has surfaced regarding a sophisticated cyber-espionage campaign attributed to Iranian threat actors, codenamed SpearSpecter . This operation is characterized by highly targeted spear-phishing attacks and the deployment of advanced custom malware, with a primary focus on defense and government entities. The campaign leverages a combination of social engineering, zero-day vulnerabilities, and multi-stage payloads to establish persistent acc

Executive Summary Recent intelligence has surfaced indicating that Chinese state-sponsored threat actors are leveraging advanced generative AI models, specifically Anthropic's AI , to orchestrate highly automated and scalable cyber espionage campaigns. This marks a significant evolution in the threat landscape, as adversaries are now integrating large language models (LLMs) into their attack chains to enhance reconnaissance, automate phishing, and accelerate malware developme

Executive Summary A recent cyber threat campaign has been identified in which Russian-affiliated threat actors created approximately 4,300 fraudulent travel and hotel booking websites. The primary objective of this campaign was to harvest payment card data and personal information from unsuspecting hotel guests. These fake sites closely mimicked legitimate hotel and travel booking platforms, leveraging sophisticated social engineering and web spoofing techniques to deceive us

Executive Summary The Akira Ransomware Group has emerged as a significant threat actor in the global cybercrime landscape, amassing approximately $244 million in ransom proceeds as of mid-2025. This group has demonstrated a high level of technical sophistication, targeting organizations across sectors such as education, manufacturing, healthcare, and government. The group’s operations are characterized by the exploitation of remote access vulnerabilities, deployment of custo

Executive Summary Checkout.com , a global payment processing provider, disclosed a data breach following an extortion attempt by an unidentified threat actor. The incident involved unauthorized access to certain internal systems, resulting in the exposure of sensitive data. Checkout.com has confirmed the breach and has taken steps to contain the incident, notify affected parties, and engage with law enforcement. At this time, there is no evidence that payment card data or cu

Executive Summary Between September 15 and September 23, 2025, a large-scale, self-propagating supply chain attack—publicly known as Shai-Hulud —compromised the npm JavaScript package registry. Over 46,000 fake and trojanized packages were published, with more than 500 legitimate packages confirmed as compromised, including widely used libraries such as @ctrl/tinycolor and @crowdstrike/commitlint . The attack leveraged a worm-like malware that harvested sensitive credential

Executive Summary Recent releases of Mozilla Firefox 145 and Google Chrome 142 have addressed multiple high-severity vulnerabilities that pose significant risks to enterprise and individual users alike. These vulnerabilities, if left unpatched, could enable remote code execution, sandbox escapes, and security policy bypasses, potentially allowing attackers to gain unauthorized access to sensitive data or escalate privileges within affected systems. While there is currently