Latest Cybersecurity News & Insights
20 November 2025
A proof-of-concept (PoC) exploit targeting the high-severity remote code execution (RCE) bug exists.
The post Recent 7-Zip Vulnerability Exploited in Attacks appeared first on SecurityWeek.
19 November 2025
A recently disclosed security flaw impacting 7-Zip has come under active exploitation in the wild, according to an advisory issued by the U.K. NHS England Digital on Tuesday.
The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0), which allows remote attackers to execute arbitrary code. It has been addressed in 7-Zip version 25.00 released in July 2025.
"The specific flaw exists
19 November 2025
Threat actors are exploiting a two-year-old vulnerability in the Ray AI framework in a fresh campaign that hit numerous clusters, Oligo reports. Maintained by Anyscale, Ray is an open source framework for scaling Python-based AI and ML applications. Ray clusters can be deployed into the cloud to scale workloads, and should be secured and isolated […]
The post Two-Year-Old Ray AI Framework Flaw Exploited in Ongoing Campaign appeared first on SecurityWeek.
19 November 2025
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes significantly to the half-trillion-dollar annual cost of cybercrime.
Zero Trust fundamentally shifts
19 November 2025
An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.
The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
18 November 2025
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
"An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
18 November 2025
A threat actor exploited a vulnerability, exfiltrated data, and attempted to extort Eurofiber.
The post Data Stolen in Eurofiber France Hack appeared first on SecurityWeek.
18 November 2025
The flaw was reported by Google's Threat Analysis Group and was likely exploited by a commercial spyware vendor.
The post Chrome 142 Update Patches Exploited Zero-Day appeared first on SecurityWeek.
17 November 2025
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.
"Type
17 November 2025
The exploitation of the recent XWiki vulnerability has expanded to botnets, cryptocurrency miners, scanners, and custom tools.
The post Widespread Exploitation of XWiki Vulnerability Observed appeared first on SecurityWeek.
17 November 2025
Google has disclosed that the company's continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% for the first time.
"We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C and C++ code. But the biggest surprise was Rust's impact on
16 November 2025
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.
15 November 2025
The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.
The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the "/bin/get/Main/
14 November 2025
Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog.
The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek.
14 November 2025
Other noteworthy stories that might have slipped under the radar: EchoGram attack undermines AI guardrails, Asahi brewer still crippled after ransomware attack, Sora 2 system prompt uncovered.
The post In Other News: Deepwatch Layoffs, macOS Vulnerability, Amazon AI Bug Bounty appeared first on SecurityWeek.
14 November 2025
Cybersecurity researchers have uncovered critical remote code execution vulnerabilities impacting major artificial intelligence (AI) inference engines, including those from Meta, Nvidia, Microsoft, and open-source PyTorch projects such as vLLM and SGLang.
"These vulnerabilities all traced back to the same root cause: the overlooked unsafe use of ZeroMQ (ZMQ) and Python's pickle deserialization,"
14 November 2025
A vulnerability in ImunifyAV can be exploited for arbitrary code execution by uploading a malicious file to shared servers.
The post Imunify360 Vulnerability Could Expose Millions of Sites to Hacking appeared first on SecurityWeek.
14 November 2025
Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device.
"The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what appears to be a silently patched vulnerability in Fortinet's FortiWeb product," Benjamin Harris,
13 November 2025
A researcher found a way to exploit an SSRF vulnerability related to custom GPTs to obtain an Azure access token.
The post ChatGPT Vulnerability Exposed Underlying Cloud Infrastructure appeared first on SecurityWeek.
13 November 2025
Tracked as CVE-2025-9242 (CVSS score of 9.3), the flaw leads to unauthenticated, remote code execution on vulnerable firewalls.
The post Critical WatchGuard Firebox Vulnerability Exploited in Attacks appeared first on SecurityWeek.