Today’s threat landscape is highlighted by the active exploitation of a critical remote code execution vulnerability in XWiki servers (CVSS 9.8) by the RondoDox botnet. Security teams are also responding to a novel malware campaign abusing the legacy ‘Finger’ protocol and the massive $220 million financial fallout from the Jaguar Land Rover cyberattack. This report details the key threats and defensive actions required.
Top 5 Critical Security Alerts
- RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet; The RondoDox botnet is actively exploiting a critical RCE vulnerability (CVE-2025-24893, CVSS 9.8) in unpatched XWiki servers. Read more
- Honeypot: FortiWeb CVE-2025-64446 Exploits: Active exploitation attempts for the FortiWeb vulnerability CVE-2025-64446 are being widely observed in security honeypots. Read more
- Decades-old ‘Finger’ protocol abused in ClickFix malware attacks: Threat actors are abusing the legacy ‘Finger’ protocol to remotely issue commands and deploy the ClickFix malware on Windows systems. Read more
- Jaguar Land Rover cyberattack cost the company over $220 million: A recent cyberattack cost Jaguar Land Rover over $220 million in a single quarter, highlighting the severe financial impact of security incidents. Read more
- Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors: Microsoft is investigating a bug causing a critical Windows 10 extended security update to fail on corporate devices, posing a patching risk. Read more
Threat Intelligence
- RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet; The RondoDox botnet is actively exploiting a critical RCE vulnerability (CVE-2025-24893, CVSS 9.8) in unpatched XWiki servers. Read more
- Honeypot: FortiWeb CVE-2025-64446 Exploits: Active exploitation attempts for the FortiWeb vulnerability CVE-2025-64446 are being widely observed in security honeypots. Read more
- Decades-old ‘Finger’ protocol abused in ClickFix malware attacks: Threat actors are abusing the legacy ‘Finger’ protocol to remotely issue commands and deploy the ClickFix malware on Windows systems. Read more
Security Breaches & Incidents
- Jaguar Land Rover cyberattack cost the company over $220 million: A recent cyberattack cost Jaguar Land Rover over $220 million in a single quarter, highlighting the severe financial impact of security incidents. Read more
- Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies: Five individuals have pleaded guilty to aiding North Korean IT workers in a fraudulent scheme to infiltrate U.S. companies and generate illicit revenue. Read more
Security Tools & Best Practices
- Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors: Microsoft is investigating a bug causing a critical Windows 10 extended security update to fail on corporate devices, posing a patching risk. Read more
Emerging Security Technologies
- LeCun accuses Anthropic of exploiting AI cyberattack fears for regulatory capture: AI pioneer Yann LeCun claims AI company Anthropic is exaggerating AI cyberattack risks to influence regulation in its favor. Read more
