Daily Digest

CISA Warns of Actively Exploited Fortinet Zero-Day; FBI Details Akira Ransomware's $250M Spree

CISA Warns of Actively Exploited Fortinet Zero-Day; FBI Details Akira Ransomware's $250M Spree

November 16, 2025
7 articles (3 new, 4 updated)
21 min read

Summary

In cybersecurity news for November 15-16, 2025, the landscape is dominated by the active exploitation of a critical zero-day vulnerability (CVE-2025-64446) in Fortinet's FortiWeb WAF, prompting an emergency directive from CISA. Concurrently, the FBI and CISA issued a stark warning about the Akira ransomware gang, which has extorted nearly $250 million from critical infrastructure sectors by exploiting VPNs. Other major developments include the discovery of an APT using two zero-days against Cisco and Citrix systems, a proposed overhaul of UK cybersecurity law, and a documented 30% surge in ransomware attacks in October, highlighting the rise of new groups like Qilin and Sinobi.

Filter by Category

New Articles (3)

Critical RCE Flaws in AI Engines From Meta, NVIDIA, Microsoft Discovered

CRITICAL

Critical RCE Flaws in AI Inference Engines Expose Major Tech Frameworks

Security researchers have discovered critical remote code execution (RCE) vulnerabilities in widely used AI inference servers from major tech companies, including Meta, NVIDIA, and Microsoft, as well as open-source projects like vLLM. The vulnerabilities stem from the unsafe use of Python's 'pickle' module for data deserialization and exposed ZeroMQ (ZMQ) messaging endpoints. Exploitation could allow attackers to take full control of AI models and servers, posing a significant risk to enterprise AI infrastructure. Some flaws, termed 'Shadow Vulnerabilities,' remain unpatched in production environments.

November 16, 2025
6 min read
AIMachine LearningRCEInsecure Deserializationpickle +4 more
Critical RCE Flaws in AI Engines From Meta, NVIDIA, Microsoft Discovered

RansomHouse Hits H&M and Adidas Supplier in Major Fashion Supply Chain Attack

HIGH

RansomHouse Group Hits Fashion Supplier Fulgar in Supply Chain Attack

The RansomHouse ransomware group has attacked Fulgar S.p.A., a major Italian textile manufacturer and a key supplier for global fashion brands like H&M and Adidas. The attack, confirmed on November 3, 2025, resulted in the exfiltration and leak of sensitive corporate data. This incident highlights the significant and growing risk of supply chain attacks in the fashion industry, where a compromise at a single supplier can have cascading impacts on major international retailers.

November 16, 2025
5 min read
RansomHouseRansomwareSupply Chain AttackFashion IndustryData Breach +1 more
RansomHouse Hits H&M and Adidas Supplier in Major Fashion Supply Chain Attack

Pig Butchering Scams Evolve into Global Cybercrime Menace, FBI Warns

MEDIUM

Pig Butchering Scams Evolve into Major Global Cybercrime Threat

A new threat intelligence report, supported by warnings from the FBI, details the rapid evolution of "Pig Butchering" scams into one of the most economically damaging forms of global cybercrime. These sophisticated, long-con investment schemes leverage social engineering, emotional grooming, and fraudulent cryptocurrency trading platforms to defraud victims of massive sums. The scam involves building a relationship of trust over weeks or months before convincing the victim to invest in a fake, high-yield opportunity.

November 16, 2025
6 min read
Pig ButcheringInvestment FraudSocial EngineeringCryptocurrency ScamFBI
Pig Butchering Scams Evolve into Global Cybercrime Menace, FBI Warns

Updated Articles (4)

APT Caught Exploiting Cisco & Citrix Zero-Days in Sophisticated Attack

CRITICAL

Amazon Threat Intelligence Uncovers Advanced Persistent Threat Exploiting Undisclosed Zero-Days in Cisco ISE and Citrix NetScaler

Update:

The Citrix vulnerability, CVE-2025-5777, has been dubbed 'CitrixBleed 2'. Further technical analysis of CVE-2025-20337 in Cisco ISE reveals it is a deserialization flaw in an undocumented API endpoint, exploited via an anomalous payload. The attack chain aligns with MITRE ATT&CK techniques T1190 (Exploit Public-Facing Application), T1210 (Exploitation of Remote Services), and T1068 (Exploitation for Privilege Escalation).

November 13, 2025
Updated: November 16, 2025
6 min read
APTZero-DayCVE-2025-20337CVE-2025-5777Cisco ISE +4 more
APT Caught Exploiting Cisco & Citrix Zero-Days in Sophisticated Attack

Ransomware Attacks Surge 50% in 2025; Qilin Group Takes the Lead

HIGH

Ransomware Landscape Shifts as Attacks Increase 50% in 2025, with Qilin and The Gentlemen Emerging as Dominant Threats

Update:

Ransomware activity saw a significant 30% increase in October 2025, reaching 623 incidents, marking the second-highest monthly total on record. The year-to-date total now exceeds 5,194 incidents, a 50% rise from 2024. The Qilin group continues to lead, claiming 210 victims in October, while Sinobi rose to third place with 69 victims. Threat actors are increasingly exploiting critical vulnerabilities like CVE-2025-61882 in Oracle E-Business Suite for initial access, alongside external remote services and compromised valid accounts. This highlights the ecosystem's resilience and adaptability, with the overall threat level remaining high.

October 25, 2025
Updated: November 16, 2025
5 min read
RansomwareQilinThe GentlemenPowerShellIndustrial Sector +2 more
Ransomware Attacks Surge 50% in 2025; Qilin Group Takes the Lead

Checkout.com Rejects Ransom After ShinyHunters Breach, Donates to Research

HIGH

Payment Processor Checkout.com Breached by ShinyHunters via Legacy Cloud Storage; Refuses Ransom and Donates to Cybersecurity Research

Update:

Further reports confirm Checkout.com's data breach and subsequent extortion attempt. The company continues to assert that no sensitive cardholder or financial data was compromised, reinforcing its initial statements. Checkout.com maintained its refusal to engage with the extortionists, reporting the incident to law enforcement. While the specific threat actor was not named in these follow-up reports, the tactics align with data extortion groups. Technical analysis suggests potential initial access via public-facing application exploits or compromised credentials, leading to data exfiltration from cloud storage. The incident underscores the persistent threat of data theft for extortion against fintech companies, even when core financial systems remain secure.

November 14, 2025
Updated: November 16, 2025
4 min read
ShinyHuntersdata breachCheckout.comcloud securityransom +1 more
Checkout.com Rejects Ransom After ShinyHunters Breach, Donates to Research

Fortinet Patches Actively Exploited FortiWeb Zero-Day (CVE-2025-64446)

CRITICAL

Fortinet Quietly Patches Critical, Actively Exploited Path Traversal Zero-Day in FortiWeb WAF

Update:

New intelligence reveals attackers exploiting CVE-2025-64446 are creating unauthorized administrator accounts on compromised FortiWeb devices to establish persistence. This critical development escalates the threat, as it ensures continued access even after initial exploitation. Furthermore, CISA has issued an emergency directive, mandating federal agencies to apply patches by November 22, 2025, underscoring the urgency of mitigation. Security researchers at watchTowr and Defused observed exploitation dating back to early October 2025.

November 15, 2025
Updated: November 16, 2025
4 min read
FortinetFortiWebZero-DayVulnerabilityCVE-2025-64446 +3 more
Fortinet Patches Actively Exploited FortiWeb Zero-Day (CVE-2025-64446)

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.