Akira Ransomware Escalates Attacks as Flurry of Zero-Days Hits Microsoft, Fortinet, and Cisco

Publication Date: November 15, 2025

Summary

For the period of November 14-15, 2025, the cybersecurity landscape was dominated by the escalating threat of the Akira ransomware group, which has now extorted over $244 million and is actively targeting critical infrastructure with new exploits. Simultaneously, a wave of critical, actively exploited zero-day vulnerabilities impacted major enterprise vendors including Microsoft, Fortinet, and Cisco, prompting urgent patching directives from CISA. Other significant developments include a state-sponsored campaign weaponizing AI for espionage, an unverified but high-impact claim by the Clop gang against the UK's NHS, and a massive supply chain attack flooding the NPM registry with over 150,000 malicious packages for a novel token-farming scheme.

Today New Articles

150,000+ Malicious NPM Packages Flood Registry in Crypto Token Farming Scheme

Security researchers from Amazon have uncovered one of the largest package flooding incidents in the history of the npm open-source registry, involving over 150,000 malicious packages. In a novel twist, the campaign was not designed for traditional malicious a...

Critical 9.8 CVSS Auth Bypass Flaw in NVIDIA AIStore Disclosed

The Zero Day Initiative (ZDI) has publicly disclosed a critical authentication bypass vulnerability in NVIDIA's AIStore, an open-source object storage platform for AI applications. The flaw, tracked as CVE-2025-33186, carries a CVSS score of 9.8 and is caused...

Fortinet Patches Actively Exploited FortiWeb Zero-Day (CVE-2025-64446)

Fortinet has released a patch for a critical, actively exploited zero-day vulnerability in its FortiWeb web application firewall (WAF). The flaw, tracked as CVE-2025-64446, is a relative path traversal vulnerability that allows an unauthenticated remote attack...

CISA Warns Cisco ASA Devices Still Under Attack, Issues New Patch Guidance

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued follow-up implementation guidance for its September Emergency Directive 25-03, which addresses two critical, actively exploited vulnerabilities in Cisco ASA and Firepower devices. The...

Search Guard FLX Vulnerability (CVE-2025-12149) Allows DLS Bypass

A medium-severity information disclosure vulnerability, CVE-2025-12149, has been disclosed in floragunn's Search Guard FLX, a security plugin for Elasticsearch. The flaw, affecting versions up to 3.1.2, allows an attacker to bypass Document-Level Security (DLS...

Article Updates

AWS Outage in us-east-1 Knocks Major Global Services Offline

Update:New analysis reveals the October 20, 2025, AWS outage caused an estimated $75 million per hour in losses, totaling tens of billions, significantly increasing the perceived economic impact. The incident has sparked a fierce debate among policymakers about the s...