Weekly Exploit Roundup
Generated 2025-11-18T08:00:14.178444+00:00 (UTC)
- Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Source: The Hacker News | Published: 2025-11-18T04:44:00+00:00 | Score: 27.503Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.
"Type - Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack
Source: The Hacker News | Published: 2025-11-12T10:21:00+00:00 | Score: 21.884Microsoft on Tuesday released patches for 63 new security vulnerabilities identified in its software, including one that has come under active exploitation in the wild.
Of the 63 flaws, four are rated Critical and 59 are rated Important in severity. Twenty-nine of these vulnerabilities are related to privilege escalation, followed by 16 remote code execution, 11 information disclosure, three - RondoDox botnet malware now hacks servers using XWiki flaw
Source: BleepingComputer | Published: 2025-11-17T22:41:30+00:00 | Score: 20.923The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. […]
- RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
Source: The Hacker News | Published: 2025-11-15T16:35:00+00:00 | Score: 19.212The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.
The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the "/bin/get/Main/ - Frontline Intelligence: Analysis of UNC1549 TTPs, Custom Tools, and Malware Targeting the Aerospace and Defense Ecosystem
Source: Threat Intelligence | Published: 2025-11-17T14:00:00+00:00 | Score: 18.264Written by: Mohamed El-Banna, Daniel Lee, Mike Stokkel, Josh Goddard Overview Last year, Mandiant published a blog post highlighting suspected Iran-nexus espionage activity targeting the aerospace, aviation, and defense industries in the Middle East. In this follow-up post, Mandiant discusses additional tactics, techniques, and procedures (TTPs) observed in incidents Mandiant has responded to. Since mid-2024, Mandiant has responded to targeted campaigns by the threat group UNC1549 against the aerospace, aviation and defense industries. To gain initial access into these environments, UNC1549 employed a dual approach: deploying well-crafted phishing campaigns designed to steal credentials or deliver malware and exploiting trusted connections with third-party suppliers and partners. The latter technique is particularly strategic when targeting organizations with high security maturity, such as defense contractors. While these primary targets often invest heavily in robust defenses, their
- Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability
Source: SecurityWeek | Published: 2025-11-14T20:17:24+00:00 | Score: 15.009Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog. The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek .
- Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Source: The Hacker News | Published: 2025-11-14T15:20:00+00:00 | Score: 14.961Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang.
"These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python's pickle deserialization," - CISA Flags Critical WatchGuard Fireware Flaw Exposing 54,000 Fireboxes to No-Login Attacks
Source: The Hacker News | Published: 2025-11-13T07:23:00+00:00 | Score: 14.01The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting WatchGuard Fireware to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-9242 (CVSS score: 9.3), an out-of-bounds write vulnerability affecting Fireware OS 11.10.2 up to and including - Amazon Uncovers Attacks Exploited Cisco ISE and Citrix NetScaler as Zero-Day Flaws
Source: The Hacker News | Published: 2025-11-12T14:00:00+00:00 | Score: 13.993Amazon's threat intelligence team on Wednesday disclosed that it observed an advanced threat actor exploiting two then-zero-day security flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC products as part of attacks designed to deliver custom malware.
"This discovery highlights the trend of threat actors focusing on critical identity and network access control infrastructure – - CISA and Partners Release Advisory Update on Akira Ransomware
Source: Alerts | Published: 2025-11-13T12:00:00+00:00 | Score: 13.548Today, Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation, Department of Defense Cyber Crime Center, Department of Health and Human Services, and international partners, released an updated joint Cybersecurity Advisory, #StopRansomware: Akira Ransomware , to provide network defenders with the latest indicators of compromise, tactics, techniques, and procedures, and detection methods associated with Akira ransomware activity. This advisory reflects new findings as of Nov. 13, 2025, highlighting Akira ransomware’s evolution and continued threat to critical infrastructure sectors. Akira ransomware threat actors, associated with groups such as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, have expanded their capabilities, targeting small and medium-sized businesses as well as larger organizations across sectors including Manufacturing, Educational Institutions, Information Technology, Healthcare, Financial, and F
End of report.
