CyberNews: 19/11/2025 Edition

Published by Dunateo on 2025-11-19

Today’s roundup

  • U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog
  • Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)
  • W3 Total Cache WordPress plugin vulnerable to PHP command injection
  • EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates
  • WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide
  • The Cloudflare Outage May Be a Security Roadmap
  • Critical Railway Braking Systems Open to Tampering
  • Russian bulletproof hosting provider sanctioned over ransomware ties
  • DoorDash data breach exposes personal info after social engineering attack
  • European Commission ‘simplification’ proposal would weaken GDPR, AI regulations

    • Summary

    Fortinet has patched actively exploited zero-day vulnerabilities in FortiWeb. CVE-2025-58034 (OS Command Injection) and CVE-2025-64446 (Path Traversal) are being used in attacks. CISA has added CVE-2025-58034 to its KEV catalog, mandating federal agencies to patch by November 25, 2025. Immediate updates are crucial for all users.

    A remote code execution flaw, CVE-2025-11001 (CVSS 7.0), in 7-Zip is being actively exploited in the wild. The vulnerability, which allows arbitrary code execution, was addressed in 7-Zip version 25.00, released in July 2025. Users are urged to update to the patched version.

    A critical PHP command injection vulnerability in the W3 Total Cache (W3TC) WordPress plugin allows attackers to execute PHP commands via malicious comments. This flaw poses a significant risk to websites utilizing the widely adopted plugin.

    The China-aligned APT 'PlushDaemon' is employing a new Go-based backdoor, EdgeStepper, to facilitate adversary-in-the-middle attacks. This malware hijacks software update traffic by rerouting DNS queries to malicious infrastructure, enabling the delivery of payloads for cyberespionage.

    Operation WrtHug has compromised tens of thousands of end-of-life ASUS WRT routers globally, predominantly in Taiwan, the U.S., and Russia. The campaign exploits six vulnerabilities to integrate affected devices into a large botnet, as reported by SecurityScorecard's STRIKE team.

    A major Cloudflare outage on November 18, 2025, caused by an internal database configuration error, highlighted critical security implications for organizations. The disruption served as a live stress test, revealing potential dependencies and weaknesses when core protections were bypassed. Cybersecurity experts recommend reviewing logs for post-outage persistence and diversifying security controls.

    Critical railway braking systems have been found vulnerable to tampering through simple, low-cost physical gadgets. This exposes operational technology (OT) to significant risks, potentially allowing malicious actors to manipulate train operations and endanger public safety.

    The U.S., UK, and Australia have sanctioned Media Land, a Russian bulletproof hosting provider, for its alleged support of ransomware gangs and other cybercrime. This international effort aims to dismantle key infrastructure used by cybercriminals.

    DoorDash confirmed an October 2025 data breach exposing customer, Dasher, and merchant names, phone numbers, addresses, and emails. The incident resulted from a social engineering attack on an employee. No sensitive financial or identification data was compromised, and there's no evidence of misuse.

    A European Commission proposal for "simplification" threatens to dilute GDPR and delay AI regulations. It would permit companies to use personal data for AI training without consent in many cases, prompting concerns among privacy and AI governance advocates.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-58034 High
    CVE-2025-64446 Critical