November’s report highlights urgent vulnerabilities in runc and the Linux kernel, an active worm campaign (Shai-Hulud) compromising NPM packages, and several high‑profile data breaches that demand immediate remediation. Sysdig published detections and guidance while urging organizations to patch affected systems, remove compromised packages, rotate credentials, and hunt for related activity #ShaiHulud #runc
Keypoints
- Three container escape vulnerabilities in runc (CVE-2025-3113, CVE-2025-52565, CVE-2025-52881) were disclosed and can allow root access to the host if exploited.
- A long‑standing Linux kernel vulnerability (CVE-2024-1086) was confirmed by CISA to be actively exploited in ransomware campaigns and grants attackers root privileges.
- The Shai‑Hulud worm resurfaced, first infecting ~200 NPM packages and then a modified variant compromising nearly 1,000 packages and leaking tens of thousands of credentials on GitHub.
- Sysdig published technical analyses, detection rules, and mitigations for affected customers (Sysdig Secure and Falco users) for these incidents and provided threat bulletins.
- High‑impact data breaches were reported in November, including a supply‑chain incident at SitusAMC and unauthorized access affecting 33.7 million Coupang accounts.
- A Windows kernel zero‑day (CVE-2025-62215) was actively exploited and should be patched despite a lower CVSS due to exploitation complexity.
- Organizations are advised to prioritize patching (including legacy systems), remove and replace compromised packages, clear caches, rotate credentials, and conduct targeted threat hunts.
Read more: https://www.sysdig.com/blog/security-briefing-november-2025