CodeRED Emergency Alerts Downed by Ransomware; Major Banks Hit in Supply Chain Breach; Russia & North Korea APTs Collaborate

Publication Date: November 26, 2025

Summary

This cybersecurity brief for November 26, 2025, covers several critical incidents. A ransomware attack by the 'Inc Ransom' group has crippled the OnSolve CodeRED emergency alert system across the U.S., disrupting a vital public safety tool. In a major supply chain breach, financial tech vendor SitusAMC exposed sensitive data from top banks like JPMorgan Chase and Citi. Security researchers uncovered an unprecedented collaboration between Russian (Gamaredon) and North Korean (Lazarus) state-sponsored hacking groups using shared infrastructure. Additionally, a new, more destructive version of the 'Shai-Hulud' npm worm is causing widespread compromise, and CISA has issued warnings about spyware targeting Signal/WhatsApp users and multiple vulnerabilities in industrial control systems.

Today New Articles

CodeRED Emergency Alert System Crippled by 'Inc Ransom' Attack, Disrupting US Public Safety

The OnSolve CodeRED emergency alert system, a critical communication tool for hundreds of U.S. municipalities, has been taken offline following a ransomware attack claimed by the 'Inc Ransom' group. The attack, which began on November 1, 2025, resulted in the...

Geopolitical Shift: Russian and North Korean State Hackers Found Sharing Attack Infrastructure

In a rare and alarming discovery, security researchers have found evidence of operational collaboration between two of the world's most prolific state-sponsored hacking groups: Russia's Gamaredon (Pitty Tiger) and North Korea's Lazarus. The evidence centers on...

Water Gamayun APT Exploits Novel 'MSC EvilTwin' Windows Flaw in Stealthy Attacks

The Russia-aligned APT group Water Gamayun is actively exploiting a novel vulnerability in the Windows Microsoft Management Console (MMC), tracked as CVE-2025-26633. The attack, analyzed by Zscaler and dubbed 'MSC EvilTwin,' uses a malicious .msc file to proxy...

CISA Warns of Critical Flaws in Industrial Control Systems, Including CVSS 10.0 Bug

On November 25, 2025, CISA issued seven new advisories for vulnerabilities in Industrial Control Systems (ICS) from multiple vendors, including Rockwell Automation, Opto 22, and Zenitel. The flaws affect equipment used globally in critical manufacturing and co...

NVIDIA AI Toolkit and WordPress Plugins Hit with High-Severity Flaws

On November 25, 2025, several new software vulnerabilities were disclosed, including a high-severity Server-Side Request Forgery (SSRF) flaw in NVIDIA's NeMo Agent Toolkit (CVE-2025-33203) used for AI development. This flaw could lead to information disclosure...

Article Updates

Homeland Security Warns Gov't Shutdown and Lapsed Law Cripple U.S. Cyber Defenses

Update:A draft 2026 budget proposes a 17% cut ($495M) and over 1,000 job eliminations for CISA, exacerbating its 40% vacancy rate. This threatens support for state/local entities and programs like MS-ISAC. Meanwhile, the Cybersecurity Information Sharing Act of 2015...