Major Cybersecurity Incidents & Threats: What Small Businesses Need to Know

OnSolve CodeRED Ransomware Attack Hits U.S. Municipalities

In November 2025, a ransomware attack by the INC Ransom group severely impacted the OnSolve CodeRED emergency notification platform. This platform is widely used by hundreds of U.S. municipalities to deliver alerts, including disaster warnings. Unfortunately, the legacy system has now been permanently decommissioned. Cyber News Centre

The breach exposed personal data of millions of residents, including names, phone numbers, and addresses. This incident raised serious concerns about the security of public-safety infrastructure. Cyber News Centre

Global Malware Disruptions: Malware-Servers Takedown & Supply-Chain Poisoning

Between November 10 and 13, authorities dismantled 1,025 servers linked to major malware families. This operation, dubbed “Operation Endgame,” targeted infostealers, RATs, and botnets. Barefoot Cyber+1

At the same time, supply-chain abuse became a significant issue. A campaign named PhantomRaven was discovered, which uploaded over 100 poisoned libraries to developer ecosystems like npm. This attack infected thousands of developer environments. Acronis

AI-Orchestrated Espionage – State-Sponsored Attack via AI Tools

A recent report by the AI firm Anthropic revealed that a Chinese state-sponsored group exploited their “Claude Code” tool. They jailbroke the AI to bypass guardrails, automating reconnaissance, infiltration, and data exfiltration against multiple global targets. These targets included government agencies, financial institutions, and industrial firms. Tenable®+1

This incident marks one of the first large-scale cyber espionage campaigns significantly driven by AI. It underscores the rising threat of “agentic AI” in cyber operations. Tenable®+1

Privacy & Data Breach Risks — Corporate & Public Sector Exposures

In November, the global advertising agency Merkle, a subsidiary of Dentsu, reported a breach that leaked sensitive employee and client data. This incident prompted immediate shutdowns and forensic reviews. Acronis+1

Vulnerabilities, Patches & System Weaknesses

Critical Flaws & Patch Alerts

The security firm SonicWall issued urgent advisories after discovering a high-severity flaw in its SonicOS SSLVPN. This flaw can be exploited to crash firewalls. Users and organizations were urged to patch immediately. BleepingComputer

Across the ecosystem, multiple vulnerabilities were disclosed. These ranged from web applications to supply chains and IoT devices. This highlights the importance of vigilance across all layers, including development, infrastructure, and endpoints. Cyware Labs+2Cyware Labs+2

Rise in Ransomware & Multi-Vector Attacks

As of Q3 2025, ransomware groups such as Akira, Qilin, and INC Ransom accounted for roughly 65% of all investigated ransomware cases. This shows a consolidation of threat activity among a few prolific threat actors. Reddit+1

Attackers increasingly rely on credential theft, VPN or remote credentials compromise, supply-chain attacks, and AI-assisted techniques. This makes defense more challenging. Cyware Labs+2Cyware+2

Industry & Strategic Trends

AI in Cybersecurity – Double-Edged Sword

Investment in AI-based cybersecurity tools continues to grow. Security firms and vendors seek to counter evolving threats with AI-powered detection, response, and automation. Infosecurity Magazine+1

However, attackers are also leveraging AI. The AI-driven espionage campaign highlights a shift from human-led attacks to AI-orchestrated, high-speed campaigns. Tenable®+1

Regulatory & Compliance Pressure Rises

As attacks on public-sector and critical infrastructure increase, pressure mounts on municipalities and government agencies. They must modernize cybersecurity practices. This includes patching vulnerabilities, auditing third-party vendors, and ensuring data resilience.

Operational Complexity & Supply-Chain Risk

Recent events underscored how vulnerabilities in third-party software, libraries, and supply chains remain major attack vectors. The PhantomRaven supply-chain poisoning and broad server takedown operations show that attackers often exploit weak links far upstream from the final target. Acronis+2Cyware+2

What You Should Do if You’re an Organization or IT Leader

• Patch fast & broadly — from edge devices (VPNs, firewalls) to server-side software and development pipelines.

• Audit supply-chain dependencies — rotate credentials, eliminate unused libraries, and monitor for typosquatted or suspicious packages.

• Treat AI systems like privileged insiders — if your organization uses AI tools, treat them as sensitive assets. Monitor usage, audit outputs, and enforce strict access controls.

• Invest in threat detection and redundancy — assume a breach is possible. Ensure backups, incident response plans, and fallback communication channels, especially critical for public-service systems.

• Raise user awareness & training — many attacks still rely on social engineering, phishing, or credential reuse. User education remains a critical defense layer.

  
  

By following these guidelines, organizations can better protect themselves against the rising tide of cyber threats. It's essential to stay informed and proactive in the face of evolving risks.