Risk
-
Researchers: ClickFix social‑engineering used to deliver Amatera stealer and NetSupport RAT
Researchers say operators are using ClickFix social‑engineering to install the Amatera stealer and, conditionally, NetSupport RAT; eSentire and other vendors have published analyses and indicators tied to multiple concurrent phishing campaigns.
-
Logitech discloses data breach tied to zero-day; Cl0p claims responsibility
Logitech disclosed a data breach in which a zero-day in a third-party platform was exploited and certain internal IT data was copied; Cl0p has claimed responsibility and Logitech said it does not expect the incident to materially affect its business.
-
Eurofiber reports data stolen in cyberattack on its French business
Eurofiber said a November 13 cyberattack on its French business exploited a ticketing-platform vulnerability and resulted in stolen data; the company said banking information was not affected, the flaw is patched, and it has notified customers and French authorities.
-
AIPAC discloses data breach affecting 810 people, offers identity protection
AIPAC reported a criminal cyberattack in a November 2025 filing, saying files were accessed between October 2024 and February 2025 and that 810 people were affected; the organisation notified individuals, offered 12 months of identity protection, and said it implemented new security controls.
-
Dragon Breath uses RONINGLOADER to deliver modified Gh0st RAT to Chinese-speaking users
Researchers say the Dragon Breath group used a multi-stage loader called RONINGLOADER to deliver a modified Gh0st RAT to Chinese-speaking users, employing signed drivers, WDAC policy changes, PPL abuse and multi-stage NSIS installers to evade security products and deploy remote access capabilities.
-
Researchers find widespread remote code execution risk in AI inference engines from unsafe ZMQ and pickle use
Researchers found a recurring insecure pattern — pickle deserialization over unauthenticated ZeroMQ sockets — in multiple AI inference frameworks, creating remote code execution risks across projects including vLLM, NVIDIA TensorRT-LLM, Modular Max Server and SGLang; related research also showed browser and IDE injection risks in Cursor.
-
Israel agency says Iran-linked APT42 ran espionage campaign targeting officials and family members
Israel’s National Digital Agency says an Iran-linked threat actor known as APT42 has been running a campaign called SpearSpecter since early September 2025 that uses personalised social engineering to target senior officials and their family members and deploys a PowerShell backdoor for persistent access.
-
ASUS issues firmware to fix critical authentication bypass in DSL routers
ASUS released firmware version 1.1.2.3_1010 to fix a critical authentication bypass (CVE-2025-59367) impacting DSL-AC51, DSL-N16 and DSL-AC750 routers and urged users to install the update or follow mitigation steps to block internet-accessible services.
-
Anthropic says Chinese state-sponsored group used Claude Code AI in espionage campaign
Anthropic reported that a Chinese state-sponsored group used its Claude Code AI and a Model Context Protocol to orchestrate attempted intrusions against about 30 high-profile organizations in mid-September, succeeding in a small number of cases; Anthropic banned accounts, notified victims and said AI hallucinations limited full autonomy.
-
Over 4,300 Domains Used in Mass Phishing Campaign Targeting Hotel Guests
Researchers say a Russian-speaking threat actor registered more than 4,300 domains this year to run a large phishing campaign impersonating hotel booking services and harvesting payment data and credentials.
