November 2025 Cybersecurity Roundup

SSL.com updates on VMCs, C2PA, CABF changes, major breaches, phishing threats, and identity security tips.

Related Content

Want to keep learning?

Subscribe to SSL.com’s newsletter, stay informed and secure.

Copy article link

Updates & Announcements

Important reminders: 

  • SSL.com officially launched BIMI-compliant Verified Mark Certificates (VMCs).  VMCs allow organizations to display their legally trademarked logo directly in email recipients’ inboxes, providing enhanced email authentication and brand protection. Available now in Gmail and soon in Apple Mail trust stores. Learn more about how VMCs can help your organization
  • C2PA sandbox testing environments are now live. Build, test, and validate your C2PA certificate issuance integration and signing workflows before your production launch. Contact our sales team today to learn how to get started with advanced media protection capabilities, end-to-end C2PA infrastructure, and CAWG certificates. 
  • SSL.com has acquired VikingCloud’s digital certificate business, expanding its global CA services. By taking action, VikingCloud customers can transition to the SSL.com portal without service disruption for 24/7 technical support and full access to SSL.com certificate management tools. Existing VikingCloud certificates remain valid until Feb 27, 2026. Customers receive prorated credits, additional custom discounting, and guidance to activate new SSL.com accounts for continued trust and security.
  • Since September 15, 2025, SSL.com has issued TLS server certificates without the Client Authentication EKU, aligning with Google Chrome’s Root Program Policy. Review our guide for Removal of the Client Authentication EKU from TLS Server Certificates.
  • All remaining soft format code signing certificates from SSL.com will expire before June 1, 2026, and replacements in PFX format will no longer be available thereafter. According to CA/Browser Forum rules, private keys must instead be stored on encrypted devices, FIPS-compliant HSMs, or cloud-based HSM services. See our guide for details.

CA/Browser Forum (CABF) Developments & Reminders: 

  • S/MIME Developments: Ballot SMC011 proposes allowing European Unique Identifiers (EUID) for EU/EEA organization validation.
  • SSL/TLS Validity: The trend toward shorter certificate lifespans continues, reinforcing the importance of automation in certificate management. Learn more about how to prepare for 47-day certificate lifespans.
Cybersecurity Industry News:

FBI Warns of $262M Lost in Bank-Support Impersonation Scams

What happened: 

The FBI reports a surge in account takeover (ATO) schemes where criminals impersonate banks or customer support staff. Attackers use phishing, MFA hijacking, and spoofed websites to steal credentials, reset account passwords, and quickly transfer funds into crypto wallets. 

More than 5,100 complaints have been filed since January, affecting individuals, businesses, and organizations across all sectors. (Bleeping Computer)

How to protect your organization: 

  • Train employees to verify unsolicited calls, emails, or texts requesting credentials or MFA codes.
  • Require strong, unique passwords and enforce MFA on all financial and payroll platforms.
  • Monitor financial accounts regularly and escalate suspicious activity immediately.

Why it matters: 

Protecting authentication workflows is critical. SSL.com’s Client Authentication Certificates help ensure only verified users can access sensitive business systems, reducing the risk of credential theft.

 

Strengthen your organization’s identity and access security with SSL.com Client Authentication Certificates

Secure Access Now

CISA Orders Agencies to Patch Oracle Identity Manager Zero-Day

What happened: 

CISA added a critical Oracle Identity Manager vulnerability (CVE-2025-61757) to its Known Exploited Vulnerabilities list after evidence emerged that attackers may have scanned for and abused the flaw months before Oracle released a patch. The bug allows unauthenticated attackers to fully compromise OIM with a single malicious request. Federal agencies are now required to patch by December 12. (The Register)

How to protect your organization: 

  • Review identity-related logs for unusual authentication or configuration-level activity.
  • Implement strict access controls for administrative tools that manage user identities.
  • Maintain a formal patch-management schedule to avoid known vulnerabilities lingering unaddressed.

Why it matters: 

Identity platforms are a prime target for attackers, and a single unpatched vulnerability can enable full system compromise. Leaders should prioritize rapid patching cycles, enforce strict access controls on identity infrastructure, and ensure continuous monitoring to detect and contain weaknesses. Taking proactive measures can prevent vulnerabilities from escalating into widespread breaches.

 

DoorDash Discloses Another Data Breach Affecting User Contact Information

What happened: 

DoorDash announced that an unauthorized actor accessed contact information belonging to some consumers, Dashers, and merchants after an employee fell victim to targeted social engineering. 

While no sensitive financial or government ID data was exposed, the breach highlights recurring issues at the company, which has suffered similar incidents in 2019 and 2022. (Cybernews)

How to protect your organization: 

  • Increase internal phishing-resistance training (especially for employees with system access), and require phishing-resistant multi-factor authentication for all SaaS and workforce accounts.
  • Limit access rights so that compromised credentials cannot expose unnecessary data.
  • Validate vendor and employee access policies regularly.

Why it matters: 

Most of these attacks begin with compromised or spoofed email accounts. SSL.com’s S/MIME Certificates protect your organization from phishing, credential theft, and identity-based attacks by encrypting messages and applying tamper-proof digital signatures. This helps ensure that employees, partners, and clients can verify email authenticity before acting.

 

Secure your organization’s communications with SSL.com S/MIME Certificates

Encrypt Email Today

Massive ClickFix Phishing Campaign Hits Hotels With PureRAT Malware

What happened: 

An extensive hospitality-focused phishing campaign is impersonating Booking.com to lure hotel managers into downloading malware such as PureRAT. Attackers use compromised email accounts, fake reCAPTCHA pages, and malicious PowerShell commands to steal credentials from travel booking platforms such as Booking.com and Expedia. Stolen access is then resold or used to defraud hotel customers directly. (The Hacker News)

How to protect your organization: 

  • Block execution of unauthorized scripts and enforce application-allowlisting policies.
  • Train staff to avoid downloading files or running commands from unexpected email links.
  • Deploy endpoint protection capable of detecting RAT behavior and unauthorized persistence.

Why it matters: 

Phishing campaigns rely heavily on email impersonation. SSL.com’s Verified Mark Certificates (VMCs) help organizations visually authenticate their messages by displaying a validated brand logo beside the sender name—making real communications immediately recognizable and reducing the likelihood that employees or customers will fall for fraudulent booking-related emails.

 

Establish instant email authenticity and protect your brand with SSL.com Verified Mark Certificates

Verify Brand Identity

U.S. Congressional Budget Office Targeted in Suspected Foreign Cyberattack

What happened: 

The CBO confirmed a cybersecurity incident after a suspected foreign attacker breached its network. Officials are investigating whether internal communications, draft economic analyses, or sensitive legislative exchanges were exposed. While the intrusion was detected early, some congressional offices have paused email contact with the agency out of caution. (Bleeping Computer

How to protect your organization: 

  • Encrypt sensitive communications to prevent exposure of internal discussions.
  • Apply continuous monitoring and behavioral analytics to detect early intrusion activity.
  • Segment networks to ensure critical planning and research systems are isolated and conduct regular incident-response drills to shorten containment time.

Why it matters: 

Government agencies must deliver essential services while protecting highly sensitive data. SSL.com’s PKI for Government provides globally trusted certificates, automated lifecycle management (via ACME), and hosted public or private PKI options. These solutions help agencies secure confidential communications, protect mission-critical data, and maintain compliance within budget.

 

Strengthen your agency’s trust infrastructure with SSL.com’s PKI for Government 

Modernize Government Security

Was this article helpful?

Yes
No
Thanks for your feedback!

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.

Take Survey
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

For more information read our Cookie and privacy statement.

3rd Party Cookies

This website uses Google Analytics & Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping these cookies enabled helps us to improve our website.

Show details
Powered by  GDPR Cookie Compliance