November 2025: Tony Anscombe's Security Highlights

As November 2025 wraps up, ESET Chief Security Evangelist Tony Anscombe recaps the month’s standout cybersecurity stories that raised alarms, moved the needle, and delivered lessons.

Key highlights:

• AI development secrets exposed: Wiz reports that several leading AI companies inadvertently left API keys, tokens, and other credentials in public GitHub repos, underscoring the risks of poor developer hygiene and supply chain exposure.
• Akira ransomware’s haul: A joint advisory from authorities in the US, France, Germany, and the Netherlands estimates Akira has amassed $244 million, reinforcing the scale and impact of its operations.
• X’s new location feature: Why expanded location sharing is sparking privacy and safety concerns for users.
• Australia’s under-16 social media ban: How the country plans to enforce the rule and what it could mean for families and platforms.
• Major malware disruption: A coordinated Europol and Eurojust operation disrupted multiple malware families, including the Rhadamanthys infostealer.

For more context and prior developments, revisit the October 2025 edition of Tony’s monthly security roundup. Connect with us on Facebook, X, LinkedIn, and Instagram.

Source: WeLiveSecurity