Threat Intelligence Report – November 2025

30 days of threat data. 7 critical CVEs. 264,000+ threat events from 50 countries. This is what our sensors picked up across enterprise infrastructure worldwide.

What we observed

Exploitation of Fortinet FortiGate, Ivanti Connect Secure, and Citrix NetScaler
Targeted CVEs: CVE-2025-64446, CVE-2024-55591, CVE-2024-21762, CVE-2025-22457, CVE-2025-0282, CVE-2025-5777, CVE-2025-7775
High-confidence TTPs: super_admin impersonation, WebSocket bypass, credential brute force
4 botnets identified including DarkStorm / GoLogin credential stuffing campaign
Threat infrastructure primarily from US-based GCS-AS and Russian GALEON-AS networks
MITRE ATT&CK mapping confirms exploit tactics aligned with real-world attacker playbooks
Organisations relying on these platforms remain exposed to low-friction exploitation, often before patch cycles catch up. Our report captures activity as it happens, not months later.