Crossed Wires: A Case Study of Iranian Espionage and Attribution
Proofpoint researchers analyzed an espionage campaign originating from Iran that began with a benign email discussing domestic unrest. The campaign’s tactics overlapped with several Iranian-linked groups, including TA455, TA453, and TA450. Due to the lack of a definitive connection to any specific group, Proofpoint designated the activity as a new temporary cluster, UNK_SmudgedSerpent. The case highlights the complexity of attribution among state-aligned threat actors.
Source: Proofpoint

Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report
Zscaler’s ThreatLabz 2025 report reveals a surge in attacks across mobile, IoT, and OT environments, reflecting their growing interconnection in business infrastructure. Android malware activity increased by 67% year-over-year, with 239 malicious apps downloaded over 42 million times. The Energy, Transportation, and Healthcare sectors saw attack spikes of 387%, 382%, and 224% respectively, driven by advanced spyware and trojans.
Source: Zscaler

LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Palo Alto Networks’ Unit 42 uncovered a new Android spyware family named LANDFALL, exploiting zero-day CVE-2025-21042 in Samsung’s image processing library. The spyware was delivered through malicious DNG image files sent via WhatsApp and was actively exploited in the wild before Samsung issued a patch in April 2025. The attack chain resembles previous Apple and WhatsApp exploits, indicating a broader pattern in cross-platform spyware distribution.
Source: Unit 42 (Palo Alto Networks)

November 2025 Patch Tuesday Forecast: Windows Exchange Server EOL?
HelpNetSecurity’s Patch Tuesday forecast highlights Microsoft’s record number of fixes for October 2025, addressing 250 CVEs across Windows 10 and 11. With end-of-life support ending for several enterprise editions and older Office and Exchange Server versions, Microsoft urges organizations to migrate to supported platforms. The final update for Windows 11 23H2 Professional arrives next week, while Education and Enterprise editions will be supported until November 2026.
Source: HelpNetSecurity

Tracking a Dragon: Investigating a DragonForce-affiliated Ransomware Attack with Darktrace
Darktrace investigated a ransomware attack linked to DragonForce affiliates targeting the manufacturing sector. The attackers used credential brute-forcing, data exfiltration, and file encryption. Analysis of Windows Registry artifacts revealed manipulation of scheduled tasks and WMI security settings, indicating persistence techniques. The findings demonstrate the sophistication of DragonForce-linked ransomware operations.
Source: Darktrace