Good morning. This is your security briefing for Friday, November 28, 2025, covering one critical article analyzed overnight. All attribution is by the article authors, and all article analysis is automated.
Kaspersky Lab reports on a sophisticated 2025 Tomiris campaign targeting Russian-speaking users and government entities across Central Asia. The advanced persistent threat operation utilizes multi-language malware written in C, C++, Rust, Python, Go, C#, and PowerShell, combined with open-source frameworks including Havoc and AdaptixC2.
The attackers are using spear-phishing for initial access and have weaponized popular platforms Discord and Telegram for command and control communications. Their arsenal includes reverse shells, downloaders, file grabbers, and backdoors specifically designed to compromise organizations in Russia, Turkmenistan, Kyrgyzstan, Tajikistan, and Uzbekistan.
This concludes today's security briefing. Stay vigilant and ensure your teams are aware of these emerging threats.