Threat Report 11/13/25

Critical Patches Issued for Microsoft Products 

Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.  

Affected Systems: 

• Many popular Microsoft products including, but not limited to, Windows, Office, and Edge 

Risk: 

• Large and medium business entities: High 

• Small business entities: Medium 

Remediation Recommendations 

• Ensure all Microsoft products have the latest version(s) installed  
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References 

• https://msrc.microsoft.com/update-guide/en-us 
  
• https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov 

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution 

Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution. Depending on the privileges associated with the exploited component, an attacker could then install programs; view, change, or delete data; or create new accounts with full rights.   

 Affected Systems: 

• Android OS patch levels prior to 2025-11-01 

Risk: 

• Large and medium business entities: High 

• Small business entities:  Medium   

Remediation Recommendations 

• Ensure all devices running Android OS have the latest version(s) installed 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References 

• https://source.android.com/docs/security/bulletin/2025-11-01#Versions

Vulnerability in Apple Products Could Allow for Arbitrary Code Execution 

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. 

Affected Systems: 

• Versions prior to Xcode 26.1 

• Versions prior to Safari 26.1 

• Versions prior to visionOS 26.1 

• Versions prior to watchOS 26.1 

• Versions prior to tvOS 26.1 

• Versions prior to macOS Sonoma 14.8.2 

• Versions prior to macOS Sequoia 15.7.2 

• Versions prior to macOS Tahoe 26.1 

• Versions prior to iOS 26.1 and iPadOS 26.1 

• Versions prior to iOS 18.7.2 and iPadOS 18.7.2 

Risk: 

• Large and medium business entities: High 

• Small business entities:  Medium   

Remediation Recommendations 

• Ensure Apple software has the latest version(s) installed
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References 

• https://support.apple.com/en-us/100100
• https://support.apple.com/en-us/125633
• https://support.apple.com/en-us/125632
• https://support.apple.com/en-us/125634
• https://support.apple.com/en-us/125635
• https://support.apple.com/en-us/125636
• https://support.apple.com/en-us/125637
• https://support.apple.com/en-us/125639
• https://support.apple.com/en-us/125638
• https://support.apple.com/en-us/125640
• https://support.apple.com/en-us/125641 

Multiple Vulnerabilities in Cisco Products Could Allow for Remote Code Execution 

Multiple vulnerabilities have been discovered in Cisco products, the most severe of which could allow for remote code execution. Cisco is a leading technology company best known for its networking hardware and software, such as routers and switches, that form the backbone of the internet and enterprise networks. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution as root, which may lead to the complete compromise of the affected device. 

Affected Systems: 

• Cisco Unified Contact Center Express versions 12.5 SU3 and earlier 

Risk: 

• Large and medium business entities: High 

• Small business entities:  Medium   

Remediation Recommendations 

• Ensure all versions of all Cisco products are updated to their latest versions 
• Enact the Principle of Least Privilege (limit higher-level privileges to only the users that need it) 

References 

• https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq36528
• https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwq36573 

New Commercial Spyware Targets
Android Devices 

Palo Alto Networks' Unit 42 is tracking a new strain of Android spyware that appears to have been developed by a commercial vendor. The spyware, which Unit 42 calls "LANDFALL," is "specifically designed against Samsung Galaxy devices, used in targeted intrusion activities within the Middle East." The tool is delivered via malformed DNG image files that exploit CVE-2025-21042, a zero-day flaw in Samsung's image processing library. 

The researchers don't attribute the spyware to any known vendor, but they note some similarities with previous operations by the UAE-linked threat actor Stealth Falcon.