Daily Security Briefing #074

November 15, 2025 | Read Online

FortiWeb WAF remote takeover, RondoDox botnet exploits XWiki, Jaguar Land Rover hits by costly cyberattack…

Executive Summary

Today’s cybersecurity landscape features an alarming surge in critical vulnerabilities being actively exploited, notably Fortinet’s FortiWeb WAF and unpatched XWiki servers targeted by the RondoDox botnet. Organizations face growing challenges as costly breaches, such as Jaguar Land Rover’s $220 million incident, highlight the financial impact of cyberattacks. Meanwhile, software update failures persist, with Microsoft investigating critical ESU patch installation issues affecting corporate systems. On the threat actor front, law enforcement reports convictions of individuals aiding North Korean cyber operations, underscoring ongoing geopolitical cyber tensions. Legacy protocols like “finger” are also repurposed by malware, signaling attackers’ creative use of older technology.

Top Articles

Critical FortiWeb WAF Vulnerability Exploited in the Wild to Gain Full Control
Fortinet has issued an urgent advisory on a critical zero-day vulnerability (CVE-2025-64446) in its FortiWeb web application firewall that is currently exploited by attackers in the wild. The flaw allows threat actors to create admin accounts and seize complete control of affected appliances, posing a severe risk to organizations relying on FortiWeb for protection. Fortinet rates the vulnerability as critical with a CVSS 9.1 score.
CyberPress

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
The RondoDox botnet is actively targeting unpatched XWiki instances using the critical CVE-2025-24893 remote code execution vulnerability (CVSS 9.8) caused by an eval injection bug. Attackers leverage this to execute arbitrary code via the “/bin/get/Main/” endpoint, expanding their botnet footprint by compromising vulnerable servers. System administrators are urged to patch immediately to avoid infection.
TheHackerNews

Jaguar Land Rover Cyberattack Cost the Company Over $220 Million
Jaguar Land Rover reported that a recent cyberattack incurred costs of approximately £196 million ($220 million) during the July to September quarter. The financial hit underscores the heavy toll cyber incidents can have on large corporations and their operational resilience. Details on the attack vector remain limited, but the impact reinforces the need for enhanced cybersecurity measures in the automotive sector.
BleepingComputer

Microsoft: Windows 10 KB5068781 ESU Update May Fail with 0x800f0922 Errors
Microsoft confirmed an issue with the Windows 10 KB5068781 extended security update failing to install on corporate-licensed devices, returning error 0x800f0922. The glitch hampers patch deployment for critical fixes, emphasizing the continued complexities organizations face in managing legacy Windows environments. Microsoft is currently investigating the root cause and developing a resolution.
BleepingComputer

Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies
The U.S. Department of Justice announced five individuals have pleaded guilty for assisting North Korean IT workers in unauthorized cyber intrusions affecting 136 companies. This case highlights ongoing efforts to disrupt state-sponsored cybercrime networks exploiting global companies and evading international sanctions. The convicted persons include Audricus Phagnasay, Jason Salazar, Alexander Travis, Oleksandr Didenko, and Erick.
TheHackerNews

Decades-old ‘Finger’ Protocol Abused in ClickFix Malware Attacks
Malware operators have revived the decades-old “finger” protocol to retrieve and execute remote commands on compromised Windows devices. This technique, employed by ClickFix malware, exploits an overlooked legacy service to maintain stealthy command and control channels in targeted networks, showcasing attackers’ innovative adaptation of outdated protocols. Organizations are advised to audit and disable unnecessary legacy services.
BleepingComputer

Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
A research team investigated the caloric intake of short-finned pilot whales by combining diverse data sources, including drone body measurements and satellite tag feeding rates. Their findings quantify the significant amount of squid these whales consume daily, illustrating an intricate marine predator-prey relationship. This post provides an interdisciplinary look at biology and ecology rather than cybersecurity.
Schneier

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.