Summary
November saw a pronounced shift in adversary activity, with attackers increasingly targeting both critical infrastructure and broadly deployed software assets. A total of 11 vulnerabilities were added to the CISA Known Exploited Vulnerabilities (KEV) catalog, affecting a diverse range of vendors including Fortinet, Gladinet, Microsoft, WatchGuard, Samsung, CWP, Google, Oracle, and OpenPLC, underscoring persistent exploitation across enterprise, cloud, and application-layer technologies.
Beyond the catalogued CVEs, active attacks were also reported against outdated ASUS routers, the Noo JobMonster WordPress theme, the Sneeit Framework plugin, and 7-Zip, despite the latter having previously released patches.
Ransomware operations continued to escalate, with Qilin, Clop, and Akira leading significant attack activity across the threat landscape. Key sectors such as healthcare, education, and manufacturing remained primary targets, with adversaries weaponizing both existing and emerging vulnerabilities to gain initial access, execute encryption, exfiltrate sensitive data, and disrupt operational continuity.
Subscribe to our Newsletter
