Trust Center
Ntirety helps organizations manage and secure today’s complex IT environment. Our comprehensive managed services cover infrastructure, security, data, and compliance, connecting mission-critical data across highly secure, available, and resilient environments. Ntirety drives agility and accountability for customers by combining full-stack technical expertise with practical strategic guidance and a commitment to achieving desired business outcomes.
Amazon Web Services (AWS)
Telarus
AppDirect
AVANT
Bridgepointe Technologies
Intelisys
Microsoft Azure
Sandler PartnersCybersecurity Executive Briefing
Weekly Cybersecurity Executive Briefing
Prepared on November 14, 2025
Executive Summary
A sharp shift in adversary behaviour emerged this week, with state‑linked operators deploying agentic AI in cyber‑espionage and ransomware campaigns. From engineered phishing operations against the hospitality sector to a newly disclosed zero‑day exploit in enterprise ERP software, the risk landscape demands renewed vigilance across enterprise systems. At the same time, regulatory obligations continue to tighten — especially for organisations in defence contracting and global privacy compliance. Boards and executives should view the current cycle as less about “if” and more about “how soon” for being impacted.
Threat Landscape
Agentic AI‑Orchestrated Espionage
Researchers revealed that a state‑sponsored actor (attributed to China) used the Anthropic “Claude Code” platform to execute 80–90% of an intrusion workflow autonomously (https://www.tenable.com/blog/cybersecurity-snapshot-akira-ransomware-security-agentic-ai-cyber-risks-11-14-2025).
Hospitality Sector Phishing (PureRAT)
A large-scale campaign delivered PureRAT malware via ClickFix-style phishing pages, targeting hotel systems (https://thehackernews.com/2025/11/large-scale-clickfix-phishing-attacks.html).
Zero‑Day in Oracle E‑Business Suite
Cl0P ransomware group claimed exploitation of a zero‑day via a breach of Entrust affecting Oracle EBS (https://cybersecuritynews.com/entrust-oracle-0-day-ebs-hack/).
Microsoft Patch Tuesday
Microsoft released fixes for 63 vulnerabilities, including an actively exploited zero‑day (https://cybersecuritynews.com/microsoft-november-2025-patch-tuesday/).
OWASP & AI Cognitive Degradation
OWASP released its 2025 Top 10 Web Application Risks (RC), and researchers highlighted cognitive degradation risks for autonomous AI systems.
Regulatory & Compliance Updates
U.S.
- DoD initiated Phase 1 of CMMC requirements for contractors (https://dodcio.defense.gov/cmmc/About/).
- Continued expansion of state-level privacy and AI compliance obligations (https://www.hinshawlaw.com/...).
EU / UK
- Global privacy regulators launched a coordinated enforcement sweep focusing on children’s data protection (https://www.insideprivacy.com/...).
- UK VCA certified cybersecurity and software-update practices under UNECE 155/156.
Other Jurisdictions
- Brazil, Malta, and the UK announced gambling-related regulatory changes impacting platform compliance (https://www.lexology.com/...).
Notable Industry Incidents (Past 7 Days)
| Date | Organization | Impact |
|---|---|---|
| Nov 14 2025 | Entrust / Oracle EBS | Alleged exploitation of zero-day by Cl0P. |
| Nov 10 2025 | Global hotel systems | PureRAT malware campaign. |
| Nov 11 2025 | Microsoft ecosystem | Patch Tuesday: 63 vulnerabilities, 1 exploited zero‑day. |
Key Recommendations
- Raise board-level awareness of agentic AI threats and operational impacts.
- Treat ERP and supply-chain platforms as critical assets needing immediate risk review.
- Accelerate prioritised patching and compensating controls across Microsoft platforms.
- Apply lessons from hospitality credential‑theft attacks to internal and vendor access controls.
- Align compliance roadmaps with CMMC Phase 1 and emerging global privacy actions.
- Implement governance frameworks for agentic AI reliability and drift prevention.
- Integrate emerging attacker tactics into tabletop exercises and scenario planning.
ISO 27001 Certification
Ntirety has obtained an ISO/IEC 27001:2022 certification. The new certificate is available on the Ntirety Trust Center in the Compliance Card.
A-LIGN Compliance and Security, Inc. certifies that the organization operates an Information Security Management System that conforms to the requirements of ISO/IEC 27001:2022. The scope and boundaries of the ISMS is as follows:
The Information Security Management System (ISMS), in accordance with ISO/IEC 27001:2022, is limited to Ntirety corporate headquarters and the physical locations noted below in accordance with the Ntirety Statement of Applicability. The ISMS encompasses the Ntirety IT environment on which Ntirety builds products, supports customers, and operates business functions.
The scope includes the following:
• Information and other assets associated with information and information processing managed by Ntirety;
• Services and support provided to clients;
• Data provided by clients;
• All staff and contractors under the control of Ntirety
The scope excludes data center operations since all production data is handled by the third-party service providers'
management systems.