Since @index only posts on X, here's the vid they posted from exploiting the recent FortiNet issue CVE-2025-64446

> another exploited in-the-wild FortiWeb vuln? It must be Thursday!

CISA Adds One Known Exploited Vulnerability to Catalog. To nobody's surprise at all, it is CVE-2025-64446, last week's Fortinet FortiWeb Path Traversal Vulnerability.
Unfortunately, Fortinet had already checked all the relevant boxes in my Insecurity Appliance #bingo https://cku.gt/appbingo25 - so we're still waiting for a bingo.
Hadn't thought this would take so long.

Deep @caseyjohnellis voice: Patch yo' Fortinets

https://decipher.sc/2025/11/17/fortinet-cve-2025-64446-under-active-attack/

Fortinet confirme avoir patché une faille zero-day dans FortiWeb : CVE-2025-64446 https://www.it-connect.fr/fortinet-confirme-avoir-patche-une-faille-zero-day-dans-fortiweb-cve-2025-64446/ #ActuCybersécurité #Cybersécurité #Vulnérabilité #Fortinet

Security researchers reveal actively exploitation against Fortinet FortiWeb vulnerability

Vulnerability:
CVE-2025-64446 - Authentication bypass

Impact: Allows an attacker to perform actions as a privileged user

Recommendation: Upgrade to 8.0.2 ASAP

#cybersecurity #vulnerabilitymanagement #Fortinet

https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html

https://www.nu11secur1ty.com/2025/11/cve-2025-64446-proxy-record.html

CISA has issued a 7-day patch directive for actively exploited Fortinet FortiWeb vulnerability CVE-2025-64446 (rated 9.1 critical).
Researchers have confirmed exploitation, and reports indicate a zero-day version was being sold on underground forums. Hundreds of vulnerable appliances are visible online.
Is this an example of a necessary emergency directive - or a sign that vendors need more transparent patch timelines?

💬 Share your thoughts.
👍 Follow us for more detailed, unbiased cybersecurity coverage.

#Infosec #CISA #Fortinet #CVE202564446 #ThreatHunting #VulnerabilityManagement #CybersecurityNews

Patch your chromey things, there's another EITW vuln.

https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html

Google is aware that an exploit for CVE-2025-13223 exists in the wild.

Do any shipping products use an ESP32 as a Bluetooth headset + microphone? I’m wondering if CVE-2025-48593 affects ESP32’s Bluedroid stack. According to https://youtu.be/0jR-QNTfydA?t=166, the Bluedroid stack supposedly supports acting as a headset+microphone, but disconnects after a few seconds. Given that the support is broken, does this mean shipping products are unlikely to implement headset profile with ESP32’s Bluedroid stack?

⚠️ CVE-2025-48593: CRITICAL RCE in Android 13–16 Bluetooth HFP client. Remote, no user action needed—potential for full device compromise. Patch promptly & disable HFP if unneeded. No known exploits yet. https://radar.offseq.com/threat/cve-2025-48593-remote-code-execution-in-google-and-3ca254ab #OffSeq #Android #Bluetooth #Vulnerability

🚨 Urgent: The RondoDox botnet is actively exploiting a critical XWiki vulnerability (CVE-2025-24893) to take over servers. Patch immediately if you're running XWiki! #CyberSecurity https://redteamnews.com/red-team/cve/rondodox-botnet-exploits-critical-xwiki-vulnerability-in-widespread-campaign/

Asus rilascia aggiornamento firmware in emergenza per router DSL vulnerabili

Asus ha rilasciato un aggiornamento firmware di emergenza per diversi modelli di router DSL. La patch corregge una vulnerabilità critica che consente agli aggressori di assumere il controllo completo dei dispositivi senza autenticazione.

La vulnerabilità, identificata come CVE-2025-59367, riguarda i router DSL-AC51, DSL-N16 e DSL-AC750. Il problema consente ad aggressori remoti di accedere a dispositivi non protetti accessibili tramite Internet. L’attacco non richiede alcuna preparazione o interazione da parte dell’utente: è sufficiente conoscere l’indirizzo IP del router vulnerabile.

“È stata scoperta una vulnerabilità di bypass dell’autenticazione in alcuni router DSL che potrebbe consentire ad aggressori remoti di ottenere un accesso non autorizzato al dispositivo”, avvertono gli sviluppatori Asus .

L’azienda consiglia vivamente ai proprietari dei dispositivi vulnerabili di installare immediatamente gli aggiornamenti del firmware alla versione 1.1.2.3_1010.

Se per qualche motivo non è possibile aggiornare immediatamente il dispositivo, il produttore offre misure di sicurezza temporanee.

Innanzitutto, disabilita tutti i servizi accessibili da Internet: accesso remoto tramite WAN, port forwarding, DDNS, server VPN, DMZ, trigger di porta e FTP.

ASUS ricorda inoltre agli utenti di utilizzare password complesse per il pannello di amministrazione del router e per le reti Wi-Fi, di controllare regolarmente la disponibilità di aggiornamenti del firmware e di evitare di utilizzare le stesse credenziali di accesso per servizi diversi.

L'articolo Asus rilascia aggiornamento firmware in emergenza per router DSL vulnerabili proviene da Red Hot Cyber.

🚨 Old vuln, fresh damage - attackers hit Oracle EBS again.

Cl0p just listed nearly 30 new victims, from major companies to universities.
They use CVE-2025-61882, a pre-auth RCE in Oracle E-Business Suite (12.2.3 → 12.2.14) with a CVSS ≈ 9.8.

It’s already on CISA’s KEV list and spreading fast.

Here’s what most security teams face:
🚩 Patching doesn’t prove you’re safe.
🚩 Banner scans miss real exposure.
🚩 You need proof of exploitability, not assumptions.

Use Pentest-Tools.com to stay ahead:
✅ Detect Oracle EBS servers exposed to this RCE with the Network Scanner.
✅ Recreate the attack safely in Sniper: Auto-Exploiter to confirm impact.
✅ Verify your fixes and make sure no asset stays vulnerable.

No noise. No guesswork. Just proof.
Old vulns still do new damage - if you let them.

🔎 CVE-2025-61882 specs: https://pentest-tools.com/vulnerabilities-exploits/oracle-e-business-suite-remote-code-execution_28103
🗞️ Read the news: https://www.securityweek.com/nearly-30-alleged-victims-of-oracle-ebs-hack-named-on-cl0p-ransomware-site/

#infosec #cybersecurity #offensivesecurity #ransomware #incidentresponse

Logitech Named As The Latest Victim Of The Oracle’s E-Business Suite Vulnerability

Recently, Logitech disclosed a data breach after it was named a victim of the hacking and extortion campaign targeting customers of Oracle's E-Business Suite (EBS) enterprise resource planning solution. Adrian Culley, Senior Sales Engineer at SafeBreach hd this to say: "The Oracle E-Business Suite zero-day campaign (CVE-2025-61882) is one of the most technically advanced operations we…

https://itnerd.blog/2025/11/17/logitech-named-as-the-latest-victim-of-the-oracles-e-business-suite-vulnerability/

DoS in M-Files Server.

https://product.m-files.com/security-advisories/cve-2025-11681/

D-Link

https://www.cve.org/CVERecord?id=CVE-2025-13304

cc: @Dio9sys @da_667

#internetOfShit

Rust continues to reshape Android’s security posture.

Google reports memory-safety bugs are now under 20%, backed by:
• 1000× reduction in memory-safety bug density vs C/C++
• 4× fewer rollbacks
• Faster reviews + fewer revisions
• Rust moving deeper into kernel, firmware & Android’s security-sensitive apps
A recent “near-miss” RCE (CVE-2025-48530) in unsafe Rust was mitigated by Scudo before reaching public release.

Thoughts from the AppSec community?
Follow @technadu for more unbiased cybersecurity reporting.

#RustLang #MemorySafety #AndroidSecurity #AppSec #InfoSec #DevSecOps #SecureCoding #TechNadu

📰 Eurofiber Breach Exposes Thales, Orange, and French Government Data in Major Supply Chain Incident

Major data breach at Eurofiber France exposes data from 3,600+ clients including Thales, Orange & French ministries. Attackers exploited SQL injection flaws in GLPI software (CVE-2025-24799). 🇫🇷🚨 #DataBreach #SupplyChain #Vulnerability

🔗 https://cyber.netsecops.io/articles/eurofiber-breach-exposes-data-from-thales-orange-and-french-government/?utm_source=mastodon&ut…