Litany Of The Hacked: November 2025 Wrap-Up

Did your November cybersecurity process pile up like a mulch stack?

We started a series named the litany of the hacked. It's a monthly list of entities that have been successfully hacked.

The point of these litany posts is to note that this sort of thing happens and it has consequences. Pretending that you can whistle past the graveyard in cyberspace is foolish and delusional.

And so, the litany of the hacked, November 2025 edition. The litany now includes:

US Congressional Budget Office...Manassas City, Virginia Public Schools...Logitech...Mobile Commons and OnSolve CodeRED (two text alert system providers)...Asus...Protie...SitusAMC (banking mortgage loan servicer)...Harvard University's Alumni Affairs and Development Office systems...Princeton University's alumni affairs and development systems...University of Pennsylvania's alumni affairs and development systems...Google's Antigravity platform...KFNC (Houston's ESPN radio station)...

That's quite a variety! 

These attacks indicate that the gangs perpetrating them -- and make no mistake these are gangs (or state-level actors, take your pick) -- are getting better at doing cyber-crime. They have found that manipulating human insiders, even really smart and unsuspecting ones, works great for their purposes. It's inexpensive, it can be improved, it can happen quickly, and it can be deployed at scale -- talk about better, cheaper, and faster! Just remember: not all cybercrime is the same.

There are four questions for you as you think about these events.

Question 1: when the opposition improves their game, that means you're now also improving yours -- right?

Question 2: you see that it's not only -- sorry but certainly -- less-cybersecurity-sophisticated entities such as Manassas Public Schools but also tech companies that get hacked -- right?

You cannot assume you are not a target or that you're safe because you're Google or because "nothing happened" or that your company was not attacked because the audit committee didn't mention it. 

"Nothing happened" in the year 2025 from a cybersecurity perspective means either you don't know it happened or you are paying attention and can prove your systems worked. If you can't prove you were not successfully breached then you have been successfully attacked.

Not upping your cybersecurity defense strategy means you might be the next to join the litany. 

It boils down to two more questions:

Wrong question: "Why would they attack us?"

Right question: "When and how will they attack us?"

If you got this far you noticed that we did not include the Anthropic situation. First, that incident -- an AI platform attacking an AI platform -- is not strictly cybersecurity-related. Second, there is some doubt about whether that really was an attack. Third, as per Axios, Anthropic's leadership will testify before Congress about it (O Joy! O Rapture!). But fourth, what is about cybersecurity and is important is how the model reacted. That will shape AI-based cybersecurity platforms moving forward. We'll see.

See you in December? Ho Ho Ho!

Ask us how you can avoid joining the litany.