November 2025 was one of the most active months in recent cyber reporting, with Qilin and Akira driving 675 ransomware disclosures and attackers rapidly exploiting critical flaws in WSUS, Oracle E Business Suite, and SharePoint ToolShell. Supply chain breaches also spiked, led by the Salesforce and Gainsight OAuth compromise and widespread Oracle EBS exploitation. India faced notable exposure through the Dukaan data leak, major ransomware incidents, and investigations into Aadhaar and NHA systems. The month clearly showed a shift toward large scale, multi vector campaigns combining extortion, data theft, and supply chain compromise.
Key Highlights
- 675 ransomware victims, dominated by Qilin and Akira.
- Rapid exploitation of WSUS, Oracle EBS, and SharePoint vulnerabilities.
- Major supply chain breaches affecting hundreds of organizations.
- Significant impact across manufacturing, healthcare, logistics, and finance.
- India saw major leaks and ransomware activity.
Click here to read the full threat report: Complete November 2025 intelligence briefing for in depth insights.