Daily Digest

CISA Mandates Urgent Patching for Actively Exploited Fortinet, Chrome, and Windows Zero-Days

CISA Mandates Urgent Patching for Actively Exploited Fortinet, Chrome, and Windows Zero-Days

November 20, 2025
6 articles (6 new)
18 min read

Summary

This cybersecurity brief for November 20, 2025, covers a series of critical zero-day vulnerabilities under active exploitation, prompting emergency directives from CISA. Key advisories include a Fortinet FortiWeb command injection flaw (CVE-2025-58034), a Windows Kernel privilege escalation bug (CVE-2025-62215), and a Google Chrome RCE vulnerability (CVE-2025-13223), all added to the KEV catalog. Additionally, this report details ransomware attacks by the 'sinobi' and 'Inc Ransom' groups, new CISA guidance on bulletproof hosting and drone threats, and research on the surge in AI-driven cyberattacks and a new macOS infostealer.

Filter by Category

New Articles (6)

URGENT: CISA Orders 7-Day Patch for Actively Exploited FortiWeb Zero-Day

CRITICAL

Fortinet Discloses Critical FortiWeb Zero-Day (CVE-2025-58034) Under Active Attack; CISA Issues Emergency Directive

Fortinet has disclosed a critical OS command injection zero-day vulnerability, CVE-2025-58034, in its FortiWeb Web Application Firewall (WAF) that is being actively exploited in the wild. The flaw allows an authenticated attacker to execute arbitrary commands on the underlying system. In response to observed attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog and issued an emergency directive mandating federal agencies apply patches within an accelerated seven-day window, by November 25, 2025. Researchers have detected approximately 2,000 attacks leveraging the flaw and warn it could potentially be chained with a recently disclosed authentication bypass vulnerability (CVE-2025-64446) to achieve unauthenticated remote code execution.

November 20, 2025
5 min read
Zero-DayWAFCommand InjectionCISAKEV +2 more
URGENT: CISA Orders 7-Day Patch for Actively Exploited FortiWeb Zero-Day
Vulnerability
Patch Management
Cyberattack

Sinobi Ransomware Strikes US Manufacturer and Indian Tech Firm

HIGH

'Sinobi' Ransomware Group Claims Attacks on US Manufacturer Croft and Indian Tech Company CHANGEPOND

The 'sinobi' ransomware group has claimed responsibility for two recent cyberattacks targeting organizations in the United States and India. The victims are Croft, a U.S.-based window and door manufacturer, and CHANGEPOND, an enterprise software company headquartered in Chennai, India. Both breaches were discovered on November 19, 2025, occurring within minutes of each other. These incidents underscore the global reach and indiscriminate targeting of ransomware operators, affecting diverse sectors including manufacturing and technology. The attacks highlight the persistent threat posed by ransomware and the importance of robust cybersecurity defenses.

November 20, 2025
4 min read
RansomwaresinobiData BreachManufacturingTechnology
Sinobi Ransomware Strikes US Manufacturer and Indian Tech Firm
Ransomware
Threat Actor
Cyberattack

CISA and Partners Release Guide to Combat Bulletproof Hosting

INFORMATIONAL

CISA, FBI, and NSA Publish Guidance to Mitigate Risks from Malicious Bulletproof Hosting Providers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, NSA, and international partners, has published a comprehensive guide to help network defenders and Internet Service Providers (ISPs) combat the threat of bulletproof hosting (BPH) providers. These services knowingly lease infrastructure to cybercriminals for a wide range of malicious activities, including ransomware, phishing, and malware distribution. The guide, 'Bulletproof Defense,' provides actionable recommendations for filtering malicious traffic, enhancing network monitoring, and improving intelligence sharing to disrupt the criminal ecosystem that relies on BPH for anonymity and resilience.

November 20, 2025
4 min read
CISABulletproof HostingBPHThreat IntelligenceISP +1 more
CISA and Partners Release Guide to Combat Bulletproof Hosting
Policy and Compliance
Threat Intelligence
Security Operations

CISA Issues 6 New ICS Advisories for Schneider Electric, Shelly, METZ CONNECT

MEDIUM

CISA Publishes Six New Advisories for Vulnerabilities in Schneider Electric, Shelly, and METZ CONNECT Industrial Control Systems

On November 19, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released six new Industrial Control Systems (ICS) advisories, highlighting multiple vulnerabilities in products from Schneider Electric, Shelly, and METZ CONNECT. The alerts affect a range of operational technology (OT) products, including SCADA systems and power monitoring devices. Four of the advisories are for Schneider Electric products like EcoStruxure and PowerChute. CISA urges administrators in critical infrastructure and manufacturing sectors to review the advisories and apply the recommended mitigations to prevent potential exploitation.

November 20, 2025
4 min read
ICSSCADAOT SecurityCISASchneider Electric +1 more
CISA Issues 6 New ICS Advisories for Schneider Electric, Shelly, METZ CONNECT
Industrial Control Systems
Vulnerability
Patch Management

CISA Releases "Be Air Aware" Guides to Combat Drone Threats

INFORMATIONAL

CISA Launches "Be Air Aware" Campaign with New Guides to Defend Critical Infrastructure From Drone Threats

As part of Critical Infrastructure Security and Resilience Month, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released three new guides under its "Be Air Aware™" campaign. These resources are designed to help critical infrastructure owners and operators understand, assess, and mitigate the growing security risks posed by Unmanned Aircraft Systems (UAS), or drones. The guides provide actionable information on detecting suspicious drone activity, implementing detection technologies, and safely handling downed aircraft, aiming to integrate aerial threat considerations into existing security plans.

November 20, 2025
4 min read
CISADronesUASCritical InfrastructurePhysical Security +1 more
CISA Releases "Be Air Aware" Guides to Combat Drone Threats
Policy and Compliance
Industrial Control Systems
Security Operations

New 'Nova Stealer' Malware Targets macOS Crypto Wallets

HIGH

Researchers Discover 'Nova Stealer' Malware Targeting macOS Users to Steal Cryptocurrency Wallets and Sensitive Data

A new information-stealing malware, dubbed 'Nova Stealer,' has been discovered actively targeting Apple macOS users. The malware's primary goal is the exfiltration of sensitive data, with a specific focus on cryptocurrency wallets. Nova Stealer operates as a trojan, infecting systems by replacing legitimate, installed applications with malicious versions. When a user launches the compromised application, the malware activates in the background to search for and steal wallet files and other valuable information. This discovery underscores the increasing trend of threat actors developing malware for the macOS platform, challenging the perception of it being inherently more secure than Windows.

November 20, 2025
4 min read
macOSMalwareInfoStealerTrojanCryptocurrency
New 'Nova Stealer' Malware Targets macOS Crypto Wallets
Malware
Threat Intelligence
Mobile Security

📢 Share This Publication

Help others stay informed about cybersecurity threats