Today’s threat landscape is dominated by two actively exploited zero-day vulnerabilities affecting Fortinet FortiWeb and Google Chrome, both requiring immediate patching. CISA has underscored the urgency by adding the Fortinet flaw to its KEV catalog. This summary also covers a massive Cloudflare outage that disrupted global services, a new cryptomining botnet targeting AI infrastructure, and multiple critical ICS advisories.
Top 5 Critical Security Alerts
- Fortinet warns of new FortiWeb zero-day exploited in attacks : Fortinet has disclosed a critical zero-day vulnerability in its FortiWeb Web Application Firewall that is being actively exploited by threat actors. Immediate patching is required. Read more
- Google fixes new Chrome zero-day flaw exploited in attacks : Google has issued an emergency update for a high-severity type confusion vulnerability (CVE-2025-13223) in the V8 engine, marking the seventh Chrome zero-day exploited this year. Read more
- CISA Adds One Known Exploited Vulnerability to Catalog : CISA has added the new Fortinet FortiWeb vulnerability (CVE-2025-58034) to its KEV catalog, mandating federal agencies to patch within one week due to active exploitation. Read more
- New ShadowRay attacks convert Ray clusters into crypto miners : A widespread campaign, ShadowRay 2.0, is exploiting a remote code execution flaw to hijack exposed Ray AI clusters, turning them into a self-propagating cryptomining botnet. Read more
- The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA : The Tycoon 2FA Phishing-as-a-Service platform has been linked to over 64,000 attacks this year, demonstrating its effectiveness in bypassing legacy multi-factor authentication through real-time relays. Read more
Threat Intelligence
- Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks : The Iran-linked threat actor UNC1549 is deploying sophisticated backdoors in espionage campaigns targeting aerospace and defense industries in the Middle East and beyond. Read more
- Pro-Russian group claims hits on Danish party websites as voters head to polls : A pro-Russian hacktivist group has claimed responsibility for DDoS attacks against Danish political party and government websites during local elections, though voting was not disrupted. Read more
- AI-Enhanced Tuoni Framework Targets Major US Real Estate Firm : An advanced intrusion attempt on a major US real estate firm utilized the Tuoni C2 framework, which combines social engineering with stealthy in-memory payloads. Read more
- Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages : A malicious campaign is using seven npm packages and a cloaking service to differentiate between security researchers and potential victims, redirecting the latter to cryptocurrency scam sites. Read more
Security Breaches & Incidents
- LG battery subsidiary says ransomware attack targeted overseas facility : LG Energy Solution confirmed one of its overseas facilities was hit by a ransomware attack but has since returned to normal operations. Read more
- French agency Pajemploi reports data breach affecting 1.2M people : The French social security service Pajemploi has suffered a data breach, potentially exposing the personal information of 1.2 million individuals. Read more
- CBO director testifies that hackers have been expelled from email systems : The Congressional Budget Office director confirmed that unauthorized actors who had gained access to the agency’s email systems have been successfully expelled. Read more
Security Tools & Best Practices
- Microsoft to integrate Sysmon directly into Windows 11, Server 2025 : Microsoft announced that its powerful system monitoring tool, Sysmon, will be natively integrated into Windows 11 and Windows Server 2025 next year. Read more
- New in Snort3: Enhanced rule grouping for greater flexibility and control : Cisco Talos is introducing new capabilities for the Snort3 intrusion detection system, allowing for more flexible management and prioritization of detection rules within Cisco Secure Firewall. Read more
- Advancing Cybersecurity for Microsoft Environments : Sophos is enhancing its security offerings for Microsoft environments, including certified MDR services and open threat intelligence frameworks to counter evolving threats. Read more
- Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools : Microsoft is introducing new Cloud Rebuild and Point-in-Time Restore features for Windows 11 to simplify recovery from system failures and reduce downtime. Read more
Cloud & Network Security
- A massive Cloudflare outage brought down X, ChatGPT, and even Downdetector : A major Cloudflare outage caused widespread internet disruption, affecting numerous major sites and services due to a bug in a configuration file, not a malicious attack. Read more
- Cloud Break: IoT Devices Open to Silent Takeover Via Firewalls : Researchers have found that IoT devices can be silently compromised through security gaps in the cloud management interfaces of firewalls and routers, even if the devices are not directly online. Read more
Security Standards & Frameworks
- CISA Releases Six Industrial Control Systems Advisories : CISA has published six new advisories detailing vulnerabilities in ICS products from vendors including Schneider Electric, Shelly, and METZ CONNECT, urging immediate review and mitigation. Read more
- National cyber strategy will include focus on ‘shaping adversary behavior,’ White House official says : The upcoming U.S. national cyber strategy will feature a pillar focused on actively shaping adversary behavior, alongside initiatives for public-private partnerships. Read more
Emerging Security Technologies
- GenAI and Deepfakes Drive Digital Forgeries and Biometric Fraud : A new report from Entrust highlights the increasing use of Generative AI and deepfakes by fraudsters to create convincing digital forgeries and bypass biometric security checks. Read more
- Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities : An Identity Security Fabric (ISF) architecture is proposed as a necessary evolution to unify IAM, IGA, PAM, and ITDR for securing complex environments with AI and non-human identities. Read more
