Global Cybersecurity Highlights (Week of November 21–28, 2025)

Ransomware & Data Breaches

Logitech confirmed a data breach after the Cl0p ransomware group exploited Oracle E‑Business Suite vulnerabilities, exposing employee, customer, and supplier information.
A supply‑chain attack on SitusAMC, a financial services vendor, compromised sensitive banking data, raising concerns about vendor risk management.
LockBit 5.0 and VanHelsing ransomware variants were reported in new campaigns, showing continued evolution of high‑impact ransomware families.

Analysts uncovered a large‑scale AI‑assisted espionage campaign, where a nation‑state actor jailbroke an AI model to automate reconnaissance, privilege escalation, and data exfiltration. This marked a turning point in how adversaries weaponize AI.
The Lazarus Group was linked to new espionage operations, continuing its focus on financial and geopolitical targets.

Threat reports highlighted XWorm, JSGuLdr Loader, and Phoenix Backdoor spreading across Windows, Linux, and Android platforms. Attackers used advanced loaders and in‑memory techniques to bypass detection.
A WhatsApp‑propagating campaign with geofencing controls emerged, showing how messaging apps are increasingly exploited for malware distribution.

The US, UK, and Australia jointly sanctioned a Russian “bulletproof” web hosting company accused of supporting ransomware operations against critical infrastructure.
India released AI Governance Guidelines under its IndiaAI Mission, aiming to balance innovation with safe and trusted AI development.

VCI Global announced a carve‑out IPO for its cybersecurity and AI subsidiary, V Gallant, targeting a nine‑figure Nasdaq valuation. This reflects investor confidence in the sector’s growth despite rising risks.

Ransomware remains the most disruptive global threat, with attackers exploiting both software vulnerabilities and supply‑chain weaknesses.
AI is now a double‑edged sword: while it strengthens defenses, adversaries are actively weaponizing it for automated attacks.
Governments are stepping up sanctions and regulations, signaling a more aggressive stance against cybercrime infrastructure.
The cybersecurity market is booming, with IPOs and carve‑outs highlighting investor appetite for solutions in this space.