Cybersecurity

 Fortinet has issued a crucial security alert about a new vulnerability in its FortiWeb product (a web application firewall), confirming that the flaw is already being actively exploited by attackers. This vulnerability, classified as medium severity, requires immediate action by system administrators. Vulnerability Details (CVE-2025-58034) The security flaw, identified as CVE-2025-58034, has a CVSS score of 6.7. Fortinet describes it as a “Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)” vulnerability (CWE-78). ...

A newly discovered cyberattack campaign, dubbed Operation WrtHug, has compromised tens of thousands of ASUS routers that are end-of-life (EoL) or outdated. The operation has recruited these devices into a vast network of botnets. Over the past six months, SecurityScorecard’s STRIKE team identified more than 50,000 unique IP addresses of compromised devices globally. The most affected regions include Taiwan, the United States and Russia, although infections have also been reported in Southeast Asia and European countries. ...

 The PlushDaemon threat actor has been identified using a new Go-based network backdoor, called EdgeStepper, to facilitate Adversary in the Middle (AitM) attacks. EdgeStepper has the ability to redirect all DNS queries to an external malicious node, diverting traffic from legitimate software update infrastructure to attacker-controlled infrastructure. About Threat Actor PlushDaemon PlushDaemon is a China-aligned threat group, active since at least 2018. It is known for directing attacks against entities in the United States, New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China. ...

 The threat group known as PlushDaemon has been detected using a new Go-based network backdoor, called EdgeStepper, to facilitate Adversary in the Middle (AitM) attacks and hijack software update mechanisms. EdgeStepper, a previously undocumented implant, has been designed to reroute victims’ DNS queries to attacker-controlled infrastructure. This backdoor allows PlushDaemon to redirect legitimate software update traffic to malicious nodes, facilitating the delivery of second-stage payloads. The Threat Actor PlushDaemon and His Objectives PlushDaemon is a China-aligned advanced persistent threat (APT) group, active since at least 2018. It has targeted entities in various regions, including the US, New Zealand, Cambodia, Hong Kong, Taiwan, South Korea, and mainland China. ...

The third quarter of 2025 saw a significant increase in ransomware attacks, with an 11% increase in data breach publications compared to the previous quarter. According to a report from Beazley Security, only three ransomware groups were responsible for the majority of cases (65%), with the primary initial entry route being compromised VPN credentials. Dominant Ransomware Groups The three most prolific ransomware groups in the third quarter were Akira, Qilin, and INC Ransomware. These groups have demonstrated great operational capacity, contributing to the vast majority of reported incidents. ...

The idea of entering into a romantic relationship with an artificial intelligence system, popularized by the movie “Her,” has moved from the realm of science fiction to a tangible reality thanks to the proliferation of generative AI and large-scale language models (LLM). Virtual companion apps, also known as companion apps, are experiencing a significant boom, satisfying psychological and sometimes romantic needs for a growing user base. Platforms like Character.AI, Nomi, and Replika, as well as the foray of big players like OpenAI (with “verified adult erotica” plans) and Elon Musk’s xAI (with flirtatious companions in Grok), demonstrate the market demand for this technology. However, this rapid growth comes with serious security and privacy risks that users should consider before sharing intimate information with their AI peers. ...

Food delivery service DoorDash has confirmed that it suffered a data breach in October 2025, where some customers’ personal information was accessed. The company detailed that the incident was the result of a social engineering scam targeting one of its employees. Details of the Data Breach DoorDash informed customers via email about the incident, providing details about the compromised information: Data affected: Names, phone numbers, physical addresses and email details. Data NOT affected: The company highlighted that confidential information, such as social security numbers, driver’s licenses or bank card and payment information, was not accessed. So far, DoorDash has stated that there is no indication that the data has been misused for fraud or identity theft. ...

Artificial intelligence (AI) technology is increasingly being adopted by fraudsters to commit new account fraud (NAF) and bypass even biometric checks. This is revealed by a new report from Entrust, which analyzed data from more than one billion identity verifications in 30 sectors and 195 countries between September 2024 and September 2025. The report details how Generative AI (GenAI) has democratized the creation of counterfeit ID documents and deepfakes, allowing fraudsters to generate hyper-realistic replicas of documents and impersonate identities to open new fraudulent accounts. ...

The RondoDox botnet malware is actively exploiting unpatched XWiki servers via the critical vulnerability CVE-2025-24893 (CVSS 9.8), allowing arbitrary remote code execution. 🔍 CVE-2025-24893 Evaluation injection bug that allows any guest user to execute remote code via the /bin/get/Main/SolrSearch endpoint. Affected versions: All before XWiki 15.10.11, 16.4.1 or 16.5.0RC1 Patch available from: February 2025 🤖 RondoDox: Expanding Botnet RondoDox incorporates vulnerable devices to: DDoS attacks (HTTP, UDP, TCP) Cryptocurrency mining Persistent access (reverse shells, backdoors) Chronology: March 2025 (first evidence) → Nov 3 (first RondoDox exploitation) → Nov 7 (maximum peak) → Nov 11 (new wave) ...

A recent cybersecurity audit, conducted by our expert team at Comfidentia, revealed critical vulnerabilities in the technological infrastructure of a recognized healthcare organization. This audit, requested following a minor data leak incident, identified failures in network segmentation, deficiencies in internal access control, and the absence of updated backup protocols. The audit included penetration testing, access policy review, and regulatory compliance analysis, revealing results that exposed unnecessary exposure to threats such as ransomware and internal attacks. ...