Daily Digest

CodeRED Emergency Alerts Downed by Ransomware; Major Banks Hit in Supply Chain Breach; Russia & North Korea APTs Collaborate

CodeRED Emergency Alerts Downed by Ransomware; Major Banks Hit in Supply Chain Breach; Russia & North Korea APTs Collaborate

November 26, 2025
6 articles (5 new, 1 updated)
18 min read

Summary

This cybersecurity brief for November 26, 2025, covers several critical incidents. A ransomware attack by the 'Inc Ransom' group has crippled the OnSolve CodeRED emergency alert system across the U.S., disrupting a vital public safety tool. In a major supply chain breach, financial tech vendor SitusAMC exposed sensitive data from top banks like JPMorgan Chase and Citi. Security researchers uncovered an unprecedented collaboration between Russian (Gamaredon) and North Korean (Lazarus) state-sponsored hacking groups using shared infrastructure. Additionally, a new, more destructive version of the 'Shai-Hulud' npm worm is causing widespread compromise, and CISA has issued warnings about spyware targeting Signal/WhatsApp users and multiple vulnerabilities in industrial control systems.

Filter by Category

New Articles (5)

CodeRED Emergency Alert System Crippled by 'Inc Ransom' Attack, Disrupting US Public Safety

HIGH

Inc Ransom Attack on OnSolve Disables CodeRED Emergency Alert System Across the United States

The OnSolve CodeRED emergency alert system, a critical communication tool for hundreds of U.S. municipalities, has been taken offline following a ransomware attack claimed by the 'Inc Ransom' group. The attack, which began on November 1, 2025, resulted in the encryption of systems and the exfiltration of user data, including names, addresses, and contact information. After failed ransom negotiations, the vendor was forced to decommission the legacy platform, causing significant service disruptions for local governments in numerous states and leaving them unable to issue vital public safety notifications.

November 26, 2025
6 min read
RansomwareInc RansomCodeREDOnSolveEmergency Alert System +3 more
CodeRED Emergency Alert System Crippled by 'Inc Ransom' Attack, Disrupting US Public Safety
Ransomware
Cyberattack
Data Breach

Geopolitical Shift: Russian and North Korean State Hackers Found Sharing Attack Infrastructure

HIGH

Researchers Uncover Unprecedented Collaboration Between Russian Gamaredon and North Korean Lazarus APTs

In a rare and alarming discovery, security researchers have found evidence of operational collaboration between two of the world's most prolific state-sponsored hacking groups: Russia's Gamaredon (Pitty Tiger) and North Korea's Lazarus. The evidence centers on a shared command-and-control (C2) server IP address that was used by both groups within days of each other to deliver their respective malware payloads. This convergence of TTPs and infrastructure signals a potential new phase of cyber operations where geopolitical alliances between Moscow and Pyongyang are extending into direct, cooperative attacks, potentially amplifying the threat level for defenders globally.

November 26, 2025
6 min read
Threat ActorAPTGamaredonLazarusRussia +3 more
Geopolitical Shift: Russian and North Korean State Hackers Found Sharing Attack Infrastructure
Threat Actor
Threat Intelligence
Cyberattack

Water Gamayun APT Exploits Novel 'MSC EvilTwin' Windows Flaw in Stealthy Attacks

HIGH

Russia-Aligned Water Gamayun APT Exploits Windows MMC Vulnerability (CVE-2025-26633) in Sophisticated Campaign

The Russia-aligned APT group Water Gamayun is actively exploiting a novel vulnerability in the Windows Microsoft Management Console (MMC), tracked as CVE-2025-26633. The attack, analyzed by Zscaler and dubbed 'MSC EvilTwin,' uses a malicious .msc file to proxy code execution through the trusted mmc.exe binary, making it difficult to detect. The multi-stage campaign begins with a malicious download and uses embedded commands to execute hidden PowerShell payloads. This technique allows the attackers to install backdoors and information stealers while evading traditional security measures, showcasing the group's continued sophistication in developing stealthy intrusion methods.

November 26, 2025
6 min read
Water GamayunAPTCVE-2025-26633MSC EvilTwinMicrosoft Management Console +3 more
Water Gamayun APT Exploits Novel 'MSC EvilTwin' Windows Flaw in Stealthy Attacks
Threat Actor
Vulnerability
Malware

CISA Warns of Critical Flaws in Industrial Control Systems, Including CVSS 10.0 Bug

CRITICAL

CISA Releases Seven Advisories for Vulnerabilities in Rockwell, Opto 22, and Zenitel Industrial Control Systems

On November 25, 2025, CISA issued seven new advisories for vulnerabilities in Industrial Control Systems (ICS) from multiple vendors, including Rockwell Automation, Opto 22, and Zenitel. The flaws affect equipment used globally in critical manufacturing and communications sectors. The most severe vulnerability, CVE-2025-64130, is a critical OS command injection flaw in Zenitel communications equipment with a CVSS score of 10.0, which could allow for remote code execution. Other advisories cover flaws leading to denial-of-service and information exposure, prompting CISA to urge immediate review and mitigation by asset owners.

November 26, 2025
6 min read
ICSOTCISAVulnerabilityCVE-2025-64130 +3 more
CISA Warns of Critical Flaws in Industrial Control Systems, Including CVSS 10.0 Bug
Industrial Control Systems
Vulnerability
Patch Management

NVIDIA AI Toolkit and WordPress Plugins Hit with High-Severity Flaws

HIGH

Vulnerabilities Disclosed in NVIDIA NeMo Agent and WordPress Plugins, Exposing Users to SSRF and XSS Attacks

On November 25, 2025, several new software vulnerabilities were disclosed, including a high-severity Server-Side Request Forgery (SSRF) flaw in NVIDIA's NeMo Agent Toolkit (CVE-2025-33203) used for AI development. This flaw could lead to information disclosure and denial of service. Concurrently, vulnerabilities were found in popular WordPress plugins. The 'Just Highlight' plugin is affected by a stored Cross-Site Scripting (XSS) bug (CVE-2025-13311), while the 'Locker Content' plugin has a sensitive information exposure flaw (CVE-2025-12525) that could allow unauthenticated attackers to bypass content restrictions.

November 26, 2025
6 min read
VulnerabilityNVIDIAWordPressSSRFXSS +3 more
NVIDIA AI Toolkit and WordPress Plugins Hit with High-Severity Flaws
Vulnerability
Patch Management
Cloud Security

Updated Articles (1)

Homeland Security Warns Gov't Shutdown and Lapsed Law Cripple U.S. Cyber Defenses

HIGH

U.S. Homeland Security Committee Warns of Rising Cyber Threats Amidst Government Shutdown

Update:

A draft 2026 budget proposes a 17% cut ($495M) and over 1,000 job eliminations for CISA, exacerbating its 40% vacancy rate. This threatens support for state/local entities and programs like MS-ISAC. Meanwhile, the Cybersecurity Information Sharing Act of 2015 (CISA 2015), previously lapsed, has received a short-term extension until January 30, 2026. These developments further degrade the U.S. national cybersecurity posture, increasing vulnerability to sophisticated threats and ransomware.

November 4, 2025
Updated: November 26, 2025
4 min read
government shutdownpolicyinformation sharingCISAHomeland Security +2 more
Homeland Security Warns Gov't Shutdown and Lapsed Law Cripple U.S. Cyber Defenses
Policy and Compliance
Regulatory
Threat Intelligence

📢 Share This Publication

Help others stay informed about cybersecurity threats