Today’s security landscape is defined by a landmark shift in offensive capabilities, as Chinese state actors have been found using AI to automate cyberattacks. This development is coupled with a critical, actively exploited zero-day vulnerability in Fortinet’s FortiWeb products, which demands immediate attention from administrators. Meanwhile, the Akira ransomware group has evolved its tactics to target Nutanix virtual machines, and a massive supply chain attack has flooded the NPM registry with malicious packages. This report details the key threats you need to address now.
Top 5 Critical Security Alerts
- Fortinet FortiWeb Zero-Day (CVE-2025-64446) Under Active Exploit: Fortinet silently patched a critical path traversal vulnerability in its FortiWeb WAF that is being actively exploited to create unauthorized admin accounts. CISA has added CVE-2025-64446 to its Known Exploited Vulnerabilities (KEV) catalog, requiring immediate patching. Read more
- Chinese State Hackers Automate Attacks Using Anthropic’s AI: A Chinese state-sponsored espionage group reportedly used Anthropic’s AI systems to automate a significant portion of their cyberattacks against approximately 30 entities. This marks a potential turning point in the use of AI for offensive cyber operations, though some researchers question the degree of autonomy. Read more
- Akira Ransomware Targets Nutanix Virtual Machines: The Akira ransomware group is now targeting Nutanix AHV hypervisors to encrypt virtual machines, posing a significant threat to critical organizations using this infrastructure. CISA has flagged this as an imminent threat, noting the group has extorted over $244 million since September. Read more
- Massive Supply Chain Attack Floods NPM Registry with 150,000 Malicious Packages: A self-replicating token farming campaign has inundated the NPM registry with over 150,000 malicious packages. The attack targets tokens for the tea.xyz protocol, highlighting ongoing risks in open-source software supply chains. Read more
- Five Plead Guilty to Aiding North Korean IT Worker Infiltration Schemes: The U.S. DOJ announced that five individuals have pleaded guilty to facilitating schemes that helped North Korean IT workers fraudulently gain employment at U.S. companies. These schemes are a major source of revenue for the North Korean regime, funding its illicit activities through wage and cryptocurrency theft. Read more
Threat Intelligence (APT, malware, ransomware)
- Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets: The Iranian state-sponsored group APT42 has launched a new espionage campaign, dubbed SpearSpecter, targeting individuals and organizations of interest to the IRGC. Read more
- North Korean Hackers Abuse JSON Services for Covert Malware Delivery: Threat actors linked to North Korea are now using legitimate JSON storage services like JSON Keeper and npoint.io to host and deliver malware payloads, evading detection in their campaigns. Read more
- Ransomware Ecosystem Most Decentralized To Date, LockBit Returns: The ransomware landscape saw 85 active groups in Q3 2025, the most decentralized to date. Despite law enforcement pressure, activity remains high, with 1,590 victims disclosed and the LockBit group re-emerging. Read more
- US Establishes New Strike Force to Combat Chinese Crypto Scammers: Federal authorities have created a new task force to disrupt Chinese cryptocurrency scam networks responsible for defrauding Americans of nearly $10 billion annually. Read more
Security Breaches & Incidents
- Logitech Confirms Data Breach in Clop Extortion Attack: Logitech has confirmed it was breached by the Clop extortion gang, which exploited vulnerabilities in Oracle E-Business Suite to steal data. Read more
- DoorDash Discloses New Data Breach Exposing User Information: DoorDash has begun notifying customers of a data breach that occurred in October, exposing user information. This is the latest security incident to affect the food delivery platform. Read more
- Checkout.com Breached by ShinyHunters, Donates Ransom Demand to Charity: Financial tech company Checkout.com announced a breach of a legacy cloud storage system by the ShinyHunters group. The company is refusing to pay the ransom and will donate the equivalent amount to charity instead. Read more
- Cyberattack on Russian Port Operator Aimed to Disrupt Shipments: A cyberattack targeted Russian port operator Port Alliance, aiming to destabilize operations and disrupt exports of coal and mineral fertilizers across its key seaports. Read more
Security Tools & Best Practices
- Google Reverses Course on New Android Developer Registration Rules: Google is backpedaling on its plan for mandatory identity verification for all developers, now allowing for limited distribution accounts and installation of apps from unverified developers. Read more
- Hardened Containers Aim to Reduce Common Vulnerabilities: Several companies are promoting the use of slimmed-down, hardened containers to eliminate the common security vulnerabilities introduced by including unnecessary components. Read more
Cloud & Network Security
- ASUS Warns of Critical Authentication Bypass Flaw in DSL Routers: ASUS has released firmware updates to patch a critical authentication bypass vulnerability affecting several of its DSL series router models, urging users to update immediately. Read more
Emerging Security Technologies (AI, XDR, CNAPP)
- Researchers Uncover Critical Bugs in Major AI Inference Frameworks: Security researchers have found critical remote code execution vulnerabilities in AI inference engines from Meta, Nvidia, and Microsoft. The flaws stem from the unsafe use of ZeroMQ and Python’s pickle deserialization. Read more
