This week’s cybersecurity landscape? Let’s just say the supply chain attacks are getting creative, the credential leaks are getting embarrassing, and emergency alert systems proved they’re not immune to ransomware.

From worms named after sci-fi sandworms to threat groups with identity crises, we’ve got breaches affecting everything from real estate finance to your favorite analytics platforms.

Oh, and reminder: those “helpful” code formatting websites? They’ve been collecting your credentials like Pokémon cards. Click through for the full roundup of this week’s digital chaos.

Malware & Vulnerabilities

Critical flaws and malicious software dominated headlines this week, from widely-used tools to emerging threats.

• 🚨 Critical 7-Zip vulnerability CVE-2025-11001 has a public exploit requiring manual update to version 25.01 to protect against high-risk attacks. (Published on 23-Nov-2025, Hackread). Read More

• 🔥 Firefox patched CVE-2025-13016, a critical Wasm memory bug that exposed 180 million users to code execution risks for six months. (Published on 25-Nov-2025, Hackread). Read More

• 📱 RadzaRat Android RAT disguises itself as a file manager with zero detection on VirusTotal, stealing passwords and files through keylogging. (Published on 24-Nov-2025, Hackread). Read More

• 🪱 Sha1-Hulud worm returned in a second wave, infecting nearly 500 npm packages and exposing over 26,000 GitHub repositories within 24 hours. (Published on 24-Nov-2025, CyberScoop). Read More

• 🎣 Shai-Hulud attack compromised 25,000+ repositories through npm preinstall credential theft in a sophisticated supply chain campaign targeting developers. (Published on 24-Nov-2025, The Hacker News). Read More

• ☁️ Five Fluent Bit vulnerabilities expose cloud services to path traversal, remote code execution, denial-of-service, and tag manipulation attacks. (Published on 25-Nov-2025, SecurityWeek). Read More

• 📦 North Korean hackers deployed 197 malicious npm packages with 31,000+ downloads, spreading updated OtterCookie malware combining BeaverTail features. (Published on 28-Nov-2025, The Hacker News). Read More

• 🤖 ShadowV2 botnet malware targets IoT devices from D-Link, TP-Link vendors, exploiting known vulnerabilities and testing during AWS outages. (Published on 26-Nov-2025, BleepingComputer). Read More

Major Cyberattacks & Incidents

Enterprise platforms and service providers faced significant breaches this week, exposing customer data and disrupting critical services.

• 🏢 SitusAMC real-estate finance giant disclosed data breach affecting customer information from banks and lenders served by their back-end platform. (Published on 24-Nov-2025, BleepingComputer). Read More

• 💰 Gainsight expanded impacted customer list beyond initial three customers following Salesforce security alert, with CEO acknowledging broader impact. (Published on 26-Nov-2025, The Hacker News). Read More

• 🚨 Inc Ransom ransomware group targeted OnSolve CodeRED platform, disrupting local emergency alert systems across the US and causing data breach. (Published on 26-Nov-2025, SecurityWeek). Read More

• 📊 Mixpanel hack exposed OpenAI user data along with multiple other customers in cyberattack targeting the product analytics company. (Published on 27-Nov-2025, SecurityWeek). Read More

• 📺 Comcast will pay $1.5 million FCC fine after February 2024 vendor data breach exposed personal information of nearly 275,000 customers. (Published on 26-Nov-2025, BleepingComputer). Read More

Espionage & Data Extraction

Sophisticated threat actors continued targeting organizations through social engineering and supply chain attacks.

• 💼 RomCom threat actors used SocGholish fake JavaScript updates to deliver Mythic Agent malware to US civil engineering company. (Published on 26-Nov-2025, The Hacker News). Read More

• 🎯 Scattered Lapsus$ Hunters deployed 40+ fake Zendesk domains and fraudulent support tickets to steal credentials and install malware. (Published on 28-Nov-2025, CSO Online). Read More

• 👤 Report names 15-year-old Saif Khader from Jordan as Scattered Lapsus$ Hunters admin “Rey,” though group denies the allegation. (Published on 27-Nov-2025, Hackread). Read More

• 📅 Threat actors exploit calendar subscriptions to deliver phishing links, malware, and social engineering attacks through hijacked domains. (Published on 28-Nov-2025, Infosecurity). Read More

Vulnerability Research & Industry Analysis

Years of accumulated security gaps exposed sensitive data across multiple platforms and tools.

• 🔑 JSONFormatter and CodeBeautify leaked 80,000+ files over years, exposing passwords and API keys from governments, telecoms, and infrastructure. (Published on 25-Nov-2025, The Hacker News). Read More

• 🛠️ Code beautifiers expose thousands of credentials from banks, government, and tech organizations in publicly accessible JSON snippets. (Published on 25-Nov-2025, BleepingComputer). Read More

• 🔒 Microsoft Teams B2B Guest Access flaw allows attackers to bypass all Defender for Office 365 protections with single invite. (Published on 26-Nov-2025, Hackread). Read More

Cybersecurity Tools & Techniques

New defensive capabilities and improved security measures provide organizations with better protection options.

• 🔐 Tor upgraded to Counter Galois Onion encryption algorithm, replacing old tor1 relay design for enhanced circuit traffic security. (Published on 25-Nov-2025, BleepingComputer). Read More

• 🔍 GreyNoise launched free IP Check tool to detect if your address appears in malicious botnet or residential proxy scanning operations. (Published on 28-Nov-2025, BleepingComputer). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!