Security briefing: November 2025

In November 2025, the cybersecurity landscape saw several significant developments, including the identification of new and repurposed threats. Three container escape vulnerabilities in the runc container runtime potentially allow root access to host systems, prompting urgent updates. A Linux kernel vulnerability discovered in January 2024 was found to be actively exploited in ransomware campaigns, emphasizing the importance of patching systems. The Shai-Hulud worm resurfaced, compromising numerous packages and leaking credentials, while a breach in the financial sector affected major institutions like Morgan Stanley. Additionally, Coupang, South Korea's largest online retailer, experienced a data breach affecting 33.7 million accounts. A Microsoft zero-day vulnerability was actively exploited, requiring immediate attention. The introduction of the Cyber Security and Resilience Bill in the UK Parliament aims to enhance cybersecurity requirements. Amid these challenges, the Sysdig Threat Research Team has been proactive in providing detection rules and educational resources to strengthen defenses, while expressing gratitude for the ongoing efforts of the security community.