This week’s intelligence confirms an alarming surge in actively exploited vulnerabilities targeting critical network appliances and end-user software, demanding immediate action across security teams.
We also track the increasing fragility of the Internet’s core infrastructure, highlighted by a major Cloudflare outage and a record breaking DDoS attack.
For strategic and resilient organisations, the lesson is clear that security must be layered, extending from zero day patching to global resilience planning.
1. Active Exploitation & Patching Urgency
Critical Fortinet FortiWeb Flaw Under Active Exploitation
The Irish National Cyber Security Centre (NCSC) has issued a critical advisory for CVE 2025 64446 (CVSS Score 9.1), a relative path traversal vulnerability impacting multiple versions of the Fortinet FortiWeb product. This flaw may allow an unauthenticated attacker to execute administrative commands via crafted requests.
Crucially, reports indicate that this vulnerability is being actively exploited to gain full administrative control over unpatched FortiWeb appliances.
View SourceOur Take: Perimeter Defence is Under Attack.
Immediately apply the vendor patch. Given the active exploitation, organisations should assume compromise if patches were not applied immediately and should launch a forensic investigation.
Google Issues Security Fix for Actively Exploited Chrome V8 Zero Day Vulnerability
Google released urgent security updates for its Chrome browser to address an actively exploited flaw, CVE 2025 13223 (CVSS 8.8), a Type Confusion vulnerability in the V8 JavaScript engine. The flaw could be exploited by a remote attacker via a crafted website to potentially achieve arbitrary code execution or program crashes.
This is the seventh zero day flaw in Chrome addressed this year, underscoring the browser’s status as a high value attack vector.
View SourceOur Take: Browser Patching is Now an Executive Priority.
Since an exploit is confirmed in the wild, organisations must ensure all Chrome and Chromium based browsers are updated immediately to the patched versions.
Failure to do so leaves endpoints vulnerable to compromise simply by visiting a malicious webpage.
Actively Exploited 7-Zip Flaw Allows Remote Code Execution
A recently disclosed security flaw impacting the widely used file archiver 7-Zip has come under active exploitation in the wild, prompting an advisory from the UK’s NHS England Digital.
The vulnerability, tracked as CVE 2025 11001 (CVSS score: 7.0), is a symbolic link based flaw that allows a remote attacker to exploit the directory traversal weakness to execute arbitrary code on the compromised system.
The flaw is primarily observed being exploited on Windows and affects environments where the application runs with elevated privileges.
View SourceOur Take: Patching Third Party Utilities is Crucial.
This highlights that RCE risks extend beyond browsers and operating systems to common utilities. Immediately update 7-Zip to version 25.00 across all endpoints.
2. Identity, Phishing & Data Risk
Sneaky 2FA Phishing Kit Evolves with BitB Deception
A sophisticated Phishing as a Service (PhaaS) kit known as Sneaky 2FA has incorporated the Browser in the Browser (BitB) technique to steal credentials.
The attack mimics a legitimate, in browser authentication pop up by creating a fake browser window that overlays the real page, displaying a legitimate login URL in the simulated address bar.
This deception targets Microsoft account credentials and is evolving to find ways around phishing resistant methods like passkeys.
View SourceOur Take: Advanced Phishing Demands Advanced Training.
Traditional “check the URL” training is ineffective against BitB. Organisations must train employees to recognise unusual pop up behavior and interface overlays and enforce authentication methods that are impervious to session token theft.
WhatsApp Flaw Exposed Data of Over 3.5 Billion Users
Security researchers uncovered a flaw in WhatsApp’s user lookup feature that allowed them to enumerate and collect personal data belonging to over 3.5 billion users.
By generating and inputting vast numbers of phone numbers, the researchers were able to gather user details, including phone numbers, names and profile images, without encountering effective rate limiting.
The scraped data can be used by cybercriminals for large scale spam, phishing and robocall attacks.
View SourceOur Take: Account Enumeration Fuels Mass Attacks.
This incident highlights a vulnerability in large platform design where basic public information can be exploited on an industrial scale.
Advise employees to review their privacy settings on all messaging apps and restrict visible profile information to prevent this data from being used in highly personalised spear phishing campaigns.
3. Resilience & Systemic Risk
Cloudflare Outage Exposes Fragile Centralisation of the Internet
A major outage at Cloudflare on November 18th, 2025, severely disrupted a significant portion of the global internet, exposing the hidden fragility and extreme centralisation of the modern digital economy.
The widespread failure was not caused by a cyberattack but by an internal technical issue in a routine configuration change caused a core traffic management file to grow beyond its expected limits and crash the software system.
The failure instantly impacted major services globally, including ChatGPT, X (Twitter), Spotify and numerous payment processors.
View SourceOur Take: Systemic Risk is Operational Risk.
This incident, following recent outages at other hyperscale providers, highlights the critical risk of single points of failure.
Organisations must adopt multi cloud strategies and modular architecture to ensure operational resilience and mitigate dependence on any single vendor for critical services.
Microsoft Mitigates Record 15.72 Tbps DDoS Attack from AISURU Botnet
Microsoft announced that it successfully detected and neutralised the largest Distributed DDoS (Denial of Service) attack ever observed in the cloud, measuring 15.72 terabits per second (Tbps), launched by the AISURU IoT botnet.
The botnet is powered by nearly 300,000 infected IoT devices, confirming that the potential baseline for high volume DDoS attacks continues to climb due to the proliferation of powerful, vulnerable IoT infrastructure.
View SourceOur Take: DDoS Defence Requires Industrial Scale.
The sheer volume of this attack demonstrates that legacy DDoS mitigation strategies are obsolete.
Organisations must partner with cloud native providers capable of absorbing multi-terabit attacks and implement rigorous security for any IoT devices on their network to prevent them from becoming part of the next botnet.
4. Insider, Supply Chain & Law Enforcement
Wind Farm Manager Sentenced for Secret Crypto-Mining Operation
A technical manager at a Dutch wind farm operator (Nordex) was sentenced after secretly installing three cryptocurrency mining rigs and two Helium network nodes on the company’s internal network between August and November 2022.
The rogue employee’s actions occurred shortly after the company had successfully dealt with a Conti ransomware attack.
This incident is a stark example of a significant insider threat problem, emphasising the risk posed by technical staff with privileged access to critical infrastructure systems and data.
View SourceOur Take: Privileged Access Abuse is a Critical Insider Threat.
This case highlights how privileged technical access, intended for maintenance, can be abused for personal gain, risking OT/ICS operations.
Implement Zero Trust principles for all internal network segments and utilise Penetration Testing to verify that privileged technical accounts cannot establish unauthorised external connections from operational networks.
TamperedChef Malware Spreads via Fake Software Installers in Global Campaign
A long running, global malvertising campaign dubbed TamperedChef is leveraging bogus software installers to trick users into deploying sophisticated malware.
The attackers utilise social engineering, SEO and abused digital certificates to increase user trust and evade security detection.
The campaign targets users searching for common utilities, with a significant concentration of infections observed in sectors like healthcare and manufacturing across Europe.
View SourceOur Take: Educate Against Malvertising.
This industrial scale campaign relies entirely on user trust in search results and signed software.
Enhance security awareness training to warn staff against downloading software from unofficial sources, even if search optimised and implement application control policies to block unauthorised installers.
Strategic Defence Against Next Generation Exploitation
This week’s intelligence confirms that threat actors are strategically operating at the highest levels of privilege, whether exploiting critical zero days in network appliances or using the browser as a tool for unmonitored data exfiltration. The time to upgrade is now.
Secora Consulting’s specialised service pillars are designed to counter the advanced, persistent threats highlighted this week:
-
Proactive Technical Validation: The continuous stream of actively exploited flaws (FortiWeb, Chrome, 7-Zip) and the insider threat risk demand more than just patching. Our Adversary Simulation Testing and Penetration Testing services stress test your environment against these exact TTPs, identifying and closing the most critical blind spots.
-
Risk & Vulnerability Management: To counter the constant stream of flaws and manage systemic risk (Cloudflare, DDoS), our Vulnerability Assessments provide the technical clarity needed for effective remediation prioritisation, while Cybersecurity Maturity Assessments establish a strategic roadmap for holistic defence.
-
Compliance & Supply Chain Resilience: The critical Cloudflare outage and the wind farm insider threat underscore the need for assured processes. Our Third Party Assurance Assessments , ensure your organisation meets mandatory resilience and security standards.
-
People & Process Resilience: The massive success of PhaaS networks and BitB phishing proves human error remains the primary attack vector. Our Simulated Phishing Attacks and Crisis Management Exercises transform your staff into an effective human firewall and ensure your executive team is prepared to respond legally and operationally during a major breach.
Security must be a layered, strategic function. Contact us today to strengthen your security architecture and turn these threats into actionable defence strategy. ⬇️