IR playbook: RMM abuse in trucking/logistics, plus Apple and Android patch priorities (Nov 2025)
SANS ISC’s Stormcast on November 5, 2025 highlighted three items responders should act on: Apple’s latest cross-portfolio security updates, Google’s November Android security bulletin with a critical System RCE, and active criminal use of legitimate remote management tools (RMM) against trucking and logistics firms. Patch scheduling and RMM governance should be on the same ticket for this week’s change window. (SANS Stormcast 2025-11-05, Android Nov 2025 bulletin).
Apple shipped Safari 26.1 on November 3 with multiple WebKit memory-safety fixes, and broader OS updates (iOS/iPadOS 26.1, watchOS/tvOS/visionOS 26.1) that include additional WebKit issues; SANS notes Apple’s set also includes memory-corruption bugs in ImageIO and FontParser-classes historically associated with code-execution vectors-so prioritize roll-out. (Apple Safari 26.1, visionOS 26.1 WebKit entries, SANS diary summary). Google’s November 2025 Android bulletin calls out a critical RCE in the System component requiring no additional privileges and no user interaction; push devices to security patch level 2025-11-01 or later. (Android Nov 2025 bulletin).