Daily Digest

Akira Ransomware Escalates Attacks as Flurry of Zero-Days Hits Microsoft, Fortinet, and Cisco

Akira Ransomware Escalates Attacks as Flurry of Zero-Days Hits Microsoft, Fortinet, and Cisco

November 15, 2025
6 articles (5 new, 1 updated)
18 min read

Summary

For the period of November 14-15, 2025, the cybersecurity landscape was dominated by the escalating threat of the Akira ransomware group, which has now extorted over $244 million and is actively targeting critical infrastructure with new exploits. Simultaneously, a wave of critical, actively exploited zero-day vulnerabilities impacted major enterprise vendors including Microsoft, Fortinet, and Cisco, prompting urgent patching directives from CISA. Other significant developments include a state-sponsored campaign weaponizing AI for espionage, an unverified but high-impact claim by the Clop gang against the UK's NHS, and a massive supply chain attack flooding the NPM registry with over 150,000 malicious packages for a novel token-farming scheme.

Filter by Category

New Articles (5)

150,000+ Malicious NPM Packages Flood Registry in Crypto Token Farming Scheme

MEDIUM

Researchers Uncover Massive Supply Chain Attack on NPM Targeting tea.xyz Cryptocurrency Protocol

Security researchers from Amazon have uncovered one of the largest package flooding incidents in the history of the npm open-source registry, involving over 150,000 malicious packages. In a novel twist, the campaign was not designed for traditional malicious activities like stealing credentials or deploying ransomware. Instead, the attackers aimed to conduct a large-scale token farming operation by exploiting the incentive system of tea.xyz, a decentralized protocol that rewards open-source developers with 'TEA tokens'. The self-replicating packages automatically generated and published new junk packages, each linked to the attackers' blockchain wallets, polluting the ecosystem and abusing the reward mechanism.

November 15, 2025
4 min read
NPMSupply Chain AttackOpen SourceCryptocurrencyToken Farming +2 more
150,000+ Malicious NPM Packages Flood Registry in Crypto Token Farming Scheme
Supply Chain Attack
Malware
Cloud Security

Critical 9.8 CVSS Auth Bypass Flaw in NVIDIA AIStore Disclosed

CRITICAL

ZDI Discloses Critical Hard-Coded Credential Vulnerability (CVE-2025-33186) in NVIDIA AIStore

The Zero Day Initiative (ZDI) has publicly disclosed a critical authentication bypass vulnerability in NVIDIA's AIStore, an open-source object storage platform for AI applications. The flaw, tracked as CVE-2025-33186, carries a CVSS score of 9.8 and is caused by hard-coded credentials within the platform's authentication component. A remote, unauthenticated attacker could exploit this vulnerability to completely bypass authentication and gain unauthorized access to the system, compromising the confidentiality and integrity of AI models and data. A second, high-severity information disclosure flaw (CVE-2025-33185) was also disclosed.

November 15, 2025
4 min read
NVIDIAAIStoreVulnerabilityZDICVE-2025-33186 +3 more
Critical 9.8 CVSS Auth Bypass Flaw in NVIDIA AIStore Disclosed
Vulnerability
Cloud Security
Other

Fortinet Patches Actively Exploited FortiWeb Zero-Day (CVE-2025-64446)

CRITICAL

Fortinet Quietly Patches Critical, Actively Exploited Path Traversal Zero-Day in FortiWeb WAF

Fortinet has released a patch for a critical, actively exploited zero-day vulnerability in its FortiWeb web application firewall (WAF). The flaw, tracked as CVE-2025-64446, is a relative path traversal vulnerability that allows an unauthenticated remote attacker to execute arbitrary administrative commands by sending specially crafted HTTP/S requests. Due to evidence of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, mandating that federal agencies patch it immediately. The flaw affects a wide range of FortiWeb versions, making immediate patching a top priority for all customers.

November 15, 2025
4 min read
FortinetFortiWebZero-DayVulnerabilityCVE-2025-64446 +3 more
Fortinet Patches Actively Exploited FortiWeb Zero-Day (CVE-2025-64446)
Vulnerability
Patch Management
Cyberattack

CISA Warns Cisco ASA Devices Still Under Attack, Issues New Patch Guidance

CRITICAL

CISA Releases Follow-Up Guidance for Exploited Cisco ASA Flaws (CVE-2025-20333, CVE-2025-20362) Amid Continued Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued follow-up implementation guidance for its September Emergency Directive 25-03, which addresses two critical, actively exploited vulnerabilities in Cisco ASA and Firepower devices. The flaws, a remote code execution bug (CVE-2025-20333) and a privilege escalation bug (CVE-2025-20362), are still being targeted by threat actors, including the China-linked group Storm-1849 (ArcaneDoor). CISA warns that many organizations incorrectly applied patches, leaving them vulnerable. The new guidance provides corrective actions and recommends further mitigation for devices that were not updated properly.

November 15, 2025
4 min read
CISACiscoCisco ASAVulnerabilityZero-Day +5 more
CISA Warns Cisco ASA Devices Still Under Attack, Issues New Patch Guidance
Vulnerability
Policy and Compliance
Threat Actor

Search Guard FLX Vulnerability (CVE-2025-12149) Allows DLS Bypass

MEDIUM

Information Disclosure Flaw in Search Guard FLX Allows Bypass of Document-Level Security

A medium-severity information disclosure vulnerability, CVE-2025-12149, has been disclosed in floragunn's Search Guard FLX, a security plugin for Elasticsearch. The flaw, affecting versions up to 3.1.2, allows an attacker to bypass Document-Level Security (DLS) rules. This occurs specifically when a search is triggered from a Signals watch, an alerting component of the plugin. A low-privileged user who can create or trigger a watch could exploit this to access all documents in queried indices, exposing sensitive data that should be protected by DLS permissions.

November 15, 2025
3 min read
Search GuardElasticsearchVulnerabilityCVE-2025-12149DLS Bypass +1 more
Search Guard FLX Vulnerability (CVE-2025-12149) Allows DLS Bypass
Vulnerability
Data Breach
Security Operations

Updated Articles (1)

AWS Outage in us-east-1 Knocks Major Global Services Offline

HIGH

Widespread Internet Outage Linked to AWS us-east-1 Infrastructure Failure

Update:

New analysis reveals the October 20, 2025, AWS outage caused an estimated $75 million per hour in losses, totaling tens of billions, significantly increasing the perceived economic impact. The incident has sparked a fierce debate among policymakers about the systemic risk posed by concentrated cloud infrastructure, leading to calls for new regulatory oversight, resilience funds, and mandated multi-cloud strategies. Furthermore, AWS has reportedly disclaimed liability for the losses, a new development not covered in the initial report, shifting the financial burden to affected businesses and highlighting a critical policy gap.

October 20, 2025
Updated: November 15, 2025
6 min read
AWSOutageCloud SecurityResilienceBusiness Continuity +2 more
AWS Outage in us-east-1 Knocks Major Global Services Offline
Cloud Security
Incident Response

📢 Share This Publication

Help others stay informed about cybersecurity threats