Weekly Exploit Roundup

Generated 2025-11-25T08:00:13.672750+00:00 (UTC)

1. CISA Warns of Actively Exploited Critical Oracle Identity Manager Zero-Day Vulnerability
   Source: The Hacker News | Published: 2025-11-22T06:45:00+00:00 | Score: 25.22
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
   The vulnerability in question is CVE-2025-61757 (CVSS score: 9.8), a case of missing authentication for a critical function that can result in pre-authenticated
2. ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
   Source: The Hacker News | Published: 2025-11-24T07:18:00+00:00 | Score: 17.865
   A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad.
   "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Center (ASEC) said in a report published last week. "They then used PowerCat, an open-source
3. CISA Adds One Known Exploited Vulnerability to Catalog
   Source: Alerts | Published: 2025-11-21T12:00:00+00:00 | Score: 16.062
   CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2025-61757 Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information. Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing
4. CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability
   Source: SecurityWeek | Published: 2025-11-24T15:37:51+00:00 | Score: 16.013
   CISA has added CVE-2025-61757 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Confirms Exploitation of Recent Oracle Identity Manager Vulnerability appeared first on SecurityWeek .
5. NHS Warns of PoC Exploit for 7-Zip Symbolic Link–Based RCE Vulnerability
   Source: The Hacker News | Published: 2025-11-19T16:27:00+00:00 | Score: 14.566
   Update: The NHS England Digital, in an updated advisory on November 20, 2025, said it has not observed in-the-wild exploitation of CVE-2025-11001, but noted that it's "aware of a public proof-of-concept exploit." It has since removed what it said were "erroneous references" to active exploitation.The original story follows below –

   A recently disclosed security flaw impacting 7-Zip has come

6. Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
   Source: The Hacker News | Published: 2025-11-19T04:20:00+00:00 | Score: 13.705
   Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
   The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
   "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
7. New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
   Source: The Hacker News | Published: 2025-11-24T15:03:00+00:00 | Score: 13.095
   Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures.
   The security defects "allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags," Oligo Security said in
8. ⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More
   Source: The Hacker News | Published: 2025-11-24T12:32:00+00:00 | Score: 12.521
   This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.
   Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI
9. Grafana Patches CVSS 10.0 SCIM Flaw Enabling Impersonation and Privilege Escalation
   Source: The Hacker News | Published: 2025-11-21T15:40:00+00:00 | Score: 12.471
   Grafana has released security updates to address a maximum severity security flaw that could allow privilege escalation or user impersonation under certain configurations.
   The vulnerability, tracked as CVE-2025-41115, carries a CVSS score of 10.0. It resides in the System for Cross-domain Identity Management (SCIM) component that allows automated user provisioning and management. First
10. ​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​
    Source: Alerts | Published: 2025-11-24T12:00:00+00:00 | Score: 11.905
    CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications (apps). 1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app, facilitating the deployment of additional malicious payloads that can further compromise the victim’s mobile device. These cyber actors use tactics such as: Phishing and malicious device-linking QR codes to compromise victim accounts and link them to actor-controlled devices. Zero-click exploits, 2 which require no direct action from the device user. Impersonation 3 of messaging app platforms, such as Signal and WhatsApp. While current targeting remains opportunistic, evidence suggests these cyber actors focus on high-value individuals, such as current and former high-ranking government, military, and political officials, 4 as well as civil society organizations (CSOs) and individuals acro

End of report.