Today’s roundup
U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
Researchers Find Serious AI Bugs Exposing Meta, Nvidia, and Microsoft Inference Frameworks
Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely
150,000 Packages Flood NPM Registry in Token Farming Campaign
A Major Leak Spills a Chinese Hacking Contractor’s Tools and Targets
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets
Five U.S. Citizens Plead Guilty to Helping North Korean IT Workers Infiltrate 136 Companies
Checkout.com snubs hackers after data breach, to donate ransom instead
Logitech confirms data breach after Clop extortion attack
Cyberattack on Russian port operator aimed to disrupt coal, fertilizer shipments
Summary
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the critical Fortinet FortiWeb zero-day vulnerability, CVE-2025-64446 (CVSS 9.1), to its KEV Catalog, mandating federal agencies to patch by November 21, 2025. Actively exploited via path traversal and authentication bypass, the flaw allows unauthenticated command execution and full device compromise.
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities in major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects like vLLM and SGLang. These flaws, rooted in unsafe ZeroMQ and Python pickle deserialization, pose significant risks to AI infrastructure.
ASUS has patched a critical authentication bypass flaw, CVE-2025-59367 (CVSS 9.3), in its DSL-AC51, DSL-N16, and DSL-AC750 router families. The vulnerability allows remote, unauthenticated attackers to gain easy device access, requiring firmware update 1.1.2.3_1010.
A self-replicating attack has flooded the NPM registry with 150,000 malicious packages. This large-scale supply chain incident specifically targets tokens for the tea.xyz protocol, aiming to farm authentication tokens from developers.
A major intelligence leak has exposed the internal tools and operational targets of a Chinese state-sponsored hacking contractor. The breach provides significant insights into the capabilities and priorities of state-backed cyber operations.
Iranian state-sponsored APT42 (Charming Kitten) launched ‘SpearSpecter’, a new espionage campaign detected in September 2025 and currently ongoing. It targets individuals and organizations vital to the Islamic Revolutionary Guard Corps (IRGC) within defense and government sectors.
Five U.S. citizens pleaded guilty to aiding North Korea's illicit revenue generation through remote IT worker fraud. They facilitated infiltration of 136 U.S. companies, enabling an estimated $2 million in earnings, in violation of international sanctions.
UK fintech Checkout.com confirmed a data breach by ShinyHunters, who extorted for ransom after breaching a legacy cloud system. The company refused payment, opting instead to donate the equivalent sum to charity.
Logitech confirmed a data breach following a cyberattack claimed by the Clop extortion gang. The incident is linked to data theft operations exploiting Oracle E-Business Suite vulnerabilities in July.
A cyberattack against Russian port operator Port Alliance aimed to destabilize operations and disrupt shipments of coal and mineral fertilizers. The attack targeted seaports across the Baltic, Azov–Black Sea, Far Eastern, and Arctic regions.
Want to dig deeper?
Vulnerabilities
Cyber Groups
| APT42 | |
| Magic Hound | TA453, COBALT ILLUSION, Charming Kitten, ITG18, Phosphorus, Newscaster, APT35, Mint Sandstorm |
IP Address Details