News – November 2025

  • Threat Landscape of the Building and Construction Sector Part Two: Ransomware

    November 14, 2025

    The construction sector is increasingly vulnerable to ransomware attacks in 2025 due to its complex ecosystem and distinctive operational challenges. Construction projects typically involve a web of contractors, subcontractors, suppliers, and consultants, collaborating through shared digital platforms and exchanging sensitive documents such as blueprints, contracts, and timelines. While essential for project delivery, this interconnectedness creates numerous ...

  • Uncovering a Multi-Stage Phishing Kit Targeting Italy’s Infrastructure

    November 13, 2025

    Phishing remains one of the most persistent and adaptive threats in cybersecurity. It is common and widespread for cybercriminals to impersonate reputable IT companies in phishing campaigns, exploiting the trust these brands have built and thus targeting both affected companies and their customers. What began as simple social engineering has matured into a complex criminal economy ...

  • Increase in Lumma Stealer Activity Coincides with Use of Adaptive Browser Fingerprinting Tactics

    November 13, 2025

    In the wake of a targeted doxxing campaign last month that exposed the alleged core members of Lumma Stealer (which Trend Micro tracks as Water Kurita), the underground infostealer landscape experienced a significant upheaval. As detailed in Trend Research’s previous report, this exposure led to a marked decline in Lumma Stealer’s activity, with many of its ...

  • #StopRansomware: Akira Ransomware

    November 13, 2025

    The United States’ Federal Bureau of Investigation (FBI) and partner organisations are releasing this joint advisory to disseminate known Akira ransomware IOCs and TTPs identified through FBI investigations and trusted third-party reporting as recently as November 2025. Akira ransomware threat actors are associated with other groups known as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, ...

  • 1 million victims, 17,500 fake sites: Google takes on toll-fee scammers

    November 13, 2025

    A Phishing-as-a-Service (PhaaS) platform based in China, known as “Lighthouse,” is the subject of a new Google lawsuit. Lighthouse enables smishing (SMS phishing) campaigns, and if you’re in the US there is a good chance you’ve seen their texts about a small amount you supposedly owe in toll fees. Here’s an example of a toll-fee scam ...

  • Criminals Impersonate US Health Insurance Providers Target Chinese Speakers Residing in the United States

    November 13, 2025

    The Federal Bureau of Investigation (FBI) warns the public about an evolving financial fraud scheme targeting Chinese speaking individuals residing in the United States in which criminals impersonate US health insurance providers and Chinese law enforcement. Targeted individuals receive a call from a spoofed telephone number of a legitimate US health insurance provider’s claims department. The ...

  • CISA: Implementation Guidance for Emergency Directive on Cisco ASA and Firepower Device Vulnerabilities

    November 12, 2025

    CISA has released Emergency Cisco Directive 25-03 Implementation Guidance to assist federal agencies in addressing critical vulnerabilities in Cisco Adaptive Security Appliances (ASA) and Firepower devices. Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices, issued on Sept. 25, identified known vulnerabilities CVE-2025-20333 and CVE-2025-20362, and mandated immediate action to mitigate risks. Threat actors continue to target ...

  • Irish regulator launches investigation into X over handling of reports from users

    November 12, 2025

    Ireland’s media regulator has commenced a formal investigation into X over concerns about how it handles reported content. Coimisiún na Meán suspects the platform, formerly known as Twitter, may not be in compliance with its obligations under Article 20 of the Digital Services Act (DSA), which sets out rules on how complaints should be managed by ...

  • Swedish Authority for Privacy Protection Investigates Data Breach Exposing 1.5 Million People

    November 12, 2025

    The Swedish Authority for Privacy Protection (IMY) is investigating a data breach at major government software supplier Miljödata that has compromised the personal information of 1.5 million people. Miljödata learned of the breach after experiencing system disruptions that affected government services, and a threat actor approached the company demanding 1.5 Bitcoin to avoid leaking the stolen ...

  • Patch Tuesday – November 2025

    November 11, 2025

    Microsoft is publishing 66 new vulnerabilities today, which is far fewer than one would expect in recent months. There’s a lone exploited-in-the-wild zero-day vulnerability, which Microsoft assesses as critical severity, although there’s apparently no public disclosure yet. Three critical remote code execution (RCE) vulnerabilities are patched today; happily, Microsoft currently assesses all three as less likely ...