Major Cyber Attacks in November 2025: XWorm, JSGuLdr Loader, Phoenix Backdoor, Mobile Threats, and More  

Stealers, loaders, and targeted campaigns dominated November’s activity. ANY.RUN analysts examined cases ranging from PNG-based in-memory loading used to deploy XWorm to JSGuLdr, a three-stage JavaScript-to-PowerShell loader pushing PhantomStealer.  Alongside these public cases, three Threat Intelligence Reports detailed new activity across Windows, Linux, and Android, including loader-enabled hijackers, Tor-based cryptotrojan communication, Linux ransomware in Go, MaaS stealers, and a WhatsApp-propagating campaign
The post Major Cyber Attacks in November 2025: XWorm, JSGuLdr Loader, Phoenix Backdoor, Mobile Threats, and More  appeared first on ANY.RUN’s Cybersecurity Blog.ANY.RUN’s Cybersecurity BlogRead More