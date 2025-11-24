This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates.

Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI risks, and attacks on developers are growing.

Here's what mattered most in security this week.

⚡ Threat of the Week

Fortinet Warns of Another Silently Patched and Actively Exploited FortiWeb Flaw — Fortinet has warned that a new security flaw in FortiWeb has been exploited in the wild. The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0. It has been addressed in version 8.0.2. "An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands," the company said. The development came days after Fortinet confirmed that it silently patched another critical FortiWeb vulnerability (CVE-2025-64446, CVSS score: 9.1) in version 8.0.2. Although the company has not clarified if the exploitation activity is linked, Orange Cyberdefense said it observed "several exploitation campaigns" chaining CVE-2025-58034 with CVE-2025-64446 to facilitate authentication bypass and command injection. Fortinet's handling of the issue has come in for heavy criticism. It's possible that the company was aware but chose not to disclose them to avoid alerting other threat actors to their existence until a majority of its customers had applied the patch. But what's difficult to explain at this stage is why Fortinet opted to disclose the flaws four days apart.

🔔 Top News

Google Patches New Actively Exploited Chrome 0-Day — Google released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild. The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes. Clément Lecigne of Google's Threat Analysis Group (TAG) has been credited with discovering and reporting the flaw on November 12, 2025. Google has not shared any details on who is behind the attacks, who may have been targeted, or the scale of such efforts. However, the tech giant acknowledged that an "exploit for CVE-2025-13223 exists in the wild." With the latest update, Google has addressed seven zero-day flaws in Chrome that have been either actively exploited or demonstrated as a proof-of-concept (PoC) since the start of the year.

‎️‍🔥 Trending CVEs

Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week's most serious security flaws. Check them, fix what matters first, and stay protected.

This week's list includes — CVE-2025-9501 (W3 Total Cache plugin), CVE-2025-62765 (Lynx+ Gateway), CVE-2025-36251, CVE-2025-36250 (IBM AIX), CVE-2025-60672, CVE-2025-60673, CVE-2025-60674, CVE-2025-60676 (D-Link DIR-878 routers), CVE-2025-40547, CVE-2025-40548, CVE-2025-40549 (SolarWinds Serv-U), CVE-2025-40601 (SonicWall SonicOS), CVE-2025-50165 (Windows Graphics), CVE-2025-9316, CVE-2025-11700 (N-able N-central), CVE-2025-13315, CVE-2025-13316 (Twonky Server), CVE-2024-24481, CVE-2025-13207 (Tenda N300 series and Tenda 4G03 Pro), CVE-2025-13051 (ASUSTOR), CVE-2025-49752 (Azure Bastion), CVE-2024-48949, CVE-2024-48948 (elliptic), and a TLS verification bypass vulnerability in GoSign Desktop (no CVE).

📰 Around the Cyber World

Malicious VS Code Extension Taken Down — A malicious Visual Studio Code extension was found attempting to capitalize on the legitimate "Prettier" brand to harvest sensitive data. The extension, named "publishingsofficial.prettier-vscode-plus," was published to the Microsoft Extension Marketplace on November 21, 2025. The extension, once installed, launches a batch script that's responsible for running a Visual Basic Script file designed to execute a stealer malware. "The payload system inserted into the malicious extension appears designed to evade common anti-malware and static scanning tactics," Checkmarx said. "It's a multi-stage attack that ends with deploying and running what appears to be a variant of the Anivia Stealer malware; this malware acquires and exfiltrates credentials, metadata, and private information like WhatsApp chats from Windows machines." The extension has since been taken down.

🔧 Cybersecurity Tools

YAMAGoya — A new free tool from JPCERT/CC. It helps find strange or unsafe actions on Windows in real time. It watches files, programs, and network moves, and checks memory for hidden threats. It uses Sigma and YARA rules made by the security community. You can run it with a window or from the command line. It also saves alerts to Windows logs so other tools can read them.

Metis — A free tool made by Arm's Product Security Team. It uses AI to check code for security problems. It helps find small bugs that normal tools miss. It works with C, C++, Python, Rust, and TypeScript. You can run it on your computer or add it to your build system.

Conclusion

Each week proves that the cyber threat landscape never stands still. From patched vulnerabilities to sprawling botnets and inventive new attack methods, defenders are locked in a constant race to stay ahead. Even small lapses — a missed update or a weak integration — can create major openings for attackers.

Staying ahead demands attention to detail, lessons from every breach, and quick action when alerts appear. As the boundary between software and security continues to blur, awareness remains our strongest line of defense.

Stay tuned for next week's RECAP, where we track the threats, patches, and patterns shaping the digital world.