In an increasingly interconnected world, the landscape of cybersecurity is in constant flux, with new threats emerging at an alarming pace. This past month has been no exception, with a series of high-profile cyber incidents affecting organizations of all sizes, from critical infrastructure to small businesses. At the Cyber Grants Alliance, we believe that knowledge is the first line of defense. This monthly summary aims to keep you informed about the most significant cybersecurity events and what they mean for your organization.
The first step to a robust cybersecurity posture is understanding your vulnerabilities. We strongly recommend that all organizations, regardless of size, conduct a Cyber Penetration Test to identify and mitigate potential security risks. The Cyber Grants Alliance offers grants to help organizations access these critical services. Visit our website to learn more and apply for a grant today.
A ransomware attack on the OnSolve CodeRED platform, a widely used emergency alert system, caused significant disruptions across the United States in late November. The “Inc Ransom” group claimed responsibility for the attack, which disrupted the service and resulted in a data breach. This incident underscores the vulnerability of critical infrastructure and the potential for cyberattacks to have real-world consequences for public safety.
While this attack directly targeted the emergency services sector, any organization that relies on third-party vendors for critical services is at risk. The most vulnerable are those in the public sector, healthcare, and education, which often rely on interconnected software for their operations. This incident serves as a stark reminder of the importance of vetting vendors’ security practices and having contingency plans in place for service disruptions.
In a classic supply chain attack, a breach at the residential mortgage company SitusAMC has potentially exposed the data of major US financial institutions, including JPMorgan, Citi, and Morgan Stanley. The FBI is currently investigating the breach, which highlights how a vulnerability in a single vendor can have cascading effects across an entire industry. The full extent of the breach is still being assessed, but it serves as a critical reminder of the interconnectedness of the financial ecosystem.
The FBI issued a stark warning in late November about a massive cyberespionage campaign by a Chinese state-sponsored group known as “Salt Typhoon.” The group has been targeting US telecommunications networks for years, and a former FBI official stated that the campaign has likely impacted every American. This long-term, persistent attack highlights the ongoing threat of nation-state actors and their focus on critical infrastructure for intelligence gathering and potential disruption.
While the primary target of this campaign was the telecommunications industry, the impact is felt across all sectors. Any organization that relies on telecommunications services for its operations could have had its data compromised. This is a national security issue that affects every business and individual in the United States. The most vulnerable are those in the defense, technology, and government sectors, which are high-value targets for foreign intelligence.
The healthcare sector is the most vulnerable to this specific threat, as highlighted in the advisory. However, any organization in a critical infrastructure sector, including energy, transportation, and water, should be on high alert. The Akira group’s tactics are not unique, and any business that uses VPNs or has a large number of employees with network access is a potential target.
Microsoft’s November Patch Tuesday included a fix for a zero-day vulnerability in the Windows Kernel (CVE-2025-62215) that was being actively exploited in the wild. This memory corruption bug could allow an attacker to gain system-level privileges, effectively taking complete control of an affected computer. Given the ubiquity of the Windows operating system, this vulnerability has a massive potential impact, affecting businesses and individuals alike.
Every industry that uses Windows-based computers is affected by this vulnerability. This is a universal threat, not specific to any sector. The most vulnerable are organizations that are slow to apply security patches, leaving their systems exposed to known exploits. This incident highlights the critical importance of timely patch management as a fundamental cybersecurity practice.
A previously unknown zero-day vulnerability in Samsung Galaxy smartphones (CVE-2025-21042) was exploited for nearly a year to deploy a commercial-grade Android spyware called “LANDFALL.” The attack, which was added to CISA’s Known Exploited Vulnerabilities catalog, could be initiated through a zero-click exploit, meaning the user did not have to take any action to be compromised. This incident highlights the growing threat of sophisticated mobile spyware and the vulnerability of even the most popular consumer devices.
This threat is not limited to a specific industry but rather to any individual or organization that uses Samsung Galaxy devices. The most vulnerable are individuals in positions of power or with access to sensitive information, such as journalists, activists, and government officials, who are often the primary targets of spyware. For businesses, this incident underscores the importance of a robust mobile device management (MDM) policy.
The FBI issued a specific warning in late November about the Interlock ransomware group, which is targeting small and medium-sized businesses (SMBs) with a double-extortion strategy. The group not only encrypts the victim’s data but also exfiltrates it, threatening to release it publicly if the ransom is not paid. This tactic puts additional pressure on victims and increases the potential damage from an attack.
This threat targets explicitly small and medium-sized businesses across all industries. These organizations are often seen as soft targets by ransomware groups due to their limited cybersecurity resources. The most vulnerable are those in the professional services, retail, and manufacturing sectors, which often lack dedicated IT security staff to defend against these attacks.
Security researchers continue to warn about ongoing and unending attacks targeting legacy firewalls. Many organizations have not updated their firewall infrastructure, leaving them vulnerable to a wide range of attacks. These legacy devices often have known vulnerabilities that attackers can easily exploit, providing a gateway into the corporate network. This is a persistent and widespread problem affecting many organizations.
Any industry that has been slow to modernize its IT infrastructure is at risk. This is particularly common in the manufacturing, education, and local government sectors, where budget constraints often lead to a reliance on older technology. The most vulnerable are organizations that have not conducted a recent audit of their network security infrastructure and are unaware of the risks posed by their legacy systems.
A novel threat vector has emerged that leverages synced calendars to deliver malware. By compromising or registering expired domains, attackers can push malicious calendar files to millions of devices. These files can contain malicious links or attachments that, when opened, can lead to a full system compromise. This is a new and insidious attack vector that exploits a common, trusted productivity tool.
This is a universal threat that affects any industry that uses synced calendars, which is virtually all of them. The most vulnerable are organizations with a bring-your-own-device (BYOD) policy, as this increases the attack surface and makes it harder to enforce security policies. This incident highlights the need for employee training and awareness about new and emerging threats.
This incident is a reminder that no industry is immune to cyberattacks, regardless of its location. Ransomware groups increasingly target the manufacturing and consumer goods sectors. The most vulnerable are large, multinational corporations with complex supply chains and many employees. This incident highlights the importance of having a global incident response plan in place and the need for robust security measures across all of a company’s operations.
👉 Visit our website and apply for a grant today to strengthen your defenses.
Don’t wait until it’s too late. Take the first step towards a more secure future by running a Cyber Penetration Test and exploring the grant opportunities available through the Cyber Grants Alliance.
