The Monthly Intelligence Insights report provides a summary of top threats curated, monitored, and analyzed by Securonix Threat Labs in November 2025. The report also includes a synopsis of the threats, indicators of compromise (IoCs), tactics, techniques, and procedures (TTPs), and related tags. Each threat has a comprehensive summary from Threat Labs and search queries from the Threat Research team.

A phishing campaign is targeting executives with phony offers for awards, according to researchers at Trustwave SpiderLabs. The attackers first dupe the victims into handing over their credentials, then use the ClickFix social engineering technique to trick them into installing malware. “The campaign uses a high-value executive recognition lure, ‘Cartier Recognition Program,’ to target executives,” the researchers write.

Hybrid work, cloud apps, and constant connectivity have completely reshaped how people get things done. But they've also reshaped how attackers operate. Today, most breaches begin with fundamental issues: stolen credentials, compromised devices, or remote access tools that weren't designed for a world of distributed users. That's why WatchGuard is introducing the Zero Trust Bundle, a unified approach that secures people, devices, and access decisions every time someone connects to your business.

The concept of data loss prevention (DLP) is simple: stop sensitive information from leaving your organization through unauthorized channels. But in practice, traditional DLP solutions struggle to deliver on that promise. They rely on rigid rules, limited visibility, and a shallow understanding of how data is actually used. The result is missed threats, noisy alerts, and frustrated security teams.

‍ ‍AI governance software provides GRC leaders and security and risk managers (SRMs) with a dependable way to understand how AI is being used across the business and whether safeguards are functioning as intended. The software can translate a complex ecosystem of tools and models into concrete insights that stakeholders can evaluate.

Cilium network policies (CNPs) extend Kubernetes’ L3/L4 controls to the application layer (L7). CNPs provide teams with advanced networking capabilities, but they can also introduce new ways for connectivity to fail, especially in environments running thousands of workloads. Many of these issues stem from differences in how Kubernetes and Cilium interpret the same concepts, such as label scoping, IP-based rules, service identities, and how default-deny behavior is applied.

On December 11, 2025, Push Security published research detailing a newly observed browser-based phishing technique called ConsentFix. The name ConsentFix is derived from its similarity to the previously documented ClickFix technique using fake CAPTCHA pages. ConsentFix, enables threat actors to gain cloud account access without capturing passwords, multifactor authentication (MFA) codes, or other credentials by abusing legitimate OAuth authentication and consent flows.