Month: November 2025

Threat Overview Large language models (LLMs) have become a double‑edge sword in the cyber‑security arena. While they enable unprecedented automation, creativity, and efficiency, they also lower the barrier for malicious actors to design, prototype, and deploy

In the latest intelligence update released by AlienVault on 27 November 2025, security researchers uncovered a sprawling network of more than 2,000 counterfeit e‑commerce sites that have been engineered to prey on consumers during the peak

NTLM Abuse in 2025 Cyberattacks: Threat Overview In late 2025, a comprehensive threat report was released by AlienVault detailing the continued exploitation of the NTLM authentication protocol in Windows environments. Despite being a legacy protocol, NTLM

Executive Summary On 26 November 2025, AlienVault released a comprehensive threat report titled "Water APT Multi-Stage Attack Uncovered". The report dissects a sophisticated, multi-stage intrusion campaign attributed to the Water Gamayun APT group. The campaign demonstrates

Executive Summary On 2025-11-25, security researcher PetrP.73 released a detailed threat report on CVE-2025-61757, a critical vulnerability affecting Oracle Identity Manager (OIM) versions 12.2.1.4.0 and 14.1.2.1.0. The flaw, rated CVSS 9.8, enables remote code execution by

Threat Overview On November 20, 2025, security firm Sand‑Storm released a detailed threat report titled Cooking up Trouble: How TamperedChef Uses Signed Apps to Deliver Stealthy Payloads. The report, authored by Acronis, documents a global cyber‑espionage

Executive Summary In October 2025, the Association of Threat Prevention (ATIP) and its sister company, the Security Research Institute (SSI), released a comprehensive report titled “October 2025 Trends Report on Phishing Emails – ASEC.” The study

Overview The latest threat intelligence release from Sand‑Storm, dated 2025‑11‑19, focuses on a sophisticated attack chain that leverages the newly disclosed Windows Server Update Services (WSUS) remote code execution vulnerability identified as CVE‑2025‑59287. The report, titled

UNC1549 Threat Report Executive Summary UNC1549, an Iranian‑linked threat group, has intensified operations against aerospace, aviation, and defense organizations since mid‑2024. The group deploys a sophisticated mix of phishing, supply‑chain exploitation, and custom malware to infiltrate

Threat Overview In a recent publication dated November 15, 2025, security researchers at AlienVault released a detailed report on a sophisticated malware family known as NotDoor. The threat actor behind NotDoor leverages Microsoft Outlook macros as