Urgent: FortiWeb Flaw Exploited, Logitech Breach Exposed
▼ Summary
– Five men pleaded guilty to helping North Korean IT workers infiltrate over 100 US companies by bypassing hiring checks and moving money for a sanctioned government.
– Logitech confirmed a data breach involving limited employee and consumer information, but no sensitive personal data like national IDs or credit cards was exposed.
– Google patched an actively exploited Chrome zero-day vulnerability (CVE-2025-13223) and Fortinet stealth-patched a FortiWeb flaw (CVE-2025-58034) now under active exploitation.
– A serious security gap in Perplexity’s Comet browser allowed hidden extensions to issue system-level commands, exposing users to potential attacks by malicious actors.
– Attackers are increasingly using patience and longer conversations to bypass AI guardrails, as shown in studies where open-weight models become less secure over extended interactions.
Recent cybersecurity incidents highlight the persistent threats facing organizations and individuals, from exploited software vulnerabilities to sophisticated data breaches. A critical flaw in FortiWeb (CVE-2025-58034) is now under active attack, despite having been previously patched by Fortinet in a quiet update that did not publicize the fix. This situation underscores the danger of stealth patches, as many administrators remained unaware of the need to apply the update, leaving their systems exposed.
In a separate incident, Logitech has officially confirmed a data breach impacting its operations. The company reports that the incident compromised limited details concerning employees, consumers, customers, and suppliers. Fortunately, the affected IT system is believed not to have contained highly sensitive personal data such as national identification numbers or credit card information.
The technology sector also faced significant instability due to a widespread Cloudflare outage. An undisclosed network problem temporarily crippled a vast portion of the internet, rendering many popular websites and services inaccessible. While services are gradually returning online, the event serves as a stark reminder of the internet’s reliance on core infrastructure providers.
Google moved swiftly to address a dangerous Chrome vulnerability, identified as CVE-2025-13223. The company’s Threat Analysis Group confirmed that this zero-day flaw was being actively exploited, prompting an emergency patch release to protect users.
Legal and national security news saw developments as five individuals admitted guilt in a scheme to infiltrate U.S. companies. These men assisted North Korean IT workers in bypassing hiring checks to secure positions at over one hundred American firms, a operation that also involved moving money for the sanctioned nation.
The software utility 7-Zip is also in the spotlight due to a vulnerability (CVE-2025-11001). NHS England Digital has issued a public warning about the flaw, noting that a functional proof-of-concept exploit is now available, increasing the risk of widespread attacks.
Mac users are the target of a new information-stealing malware dubbed “DigitStealer.” This threat cleverly disguises itself as the legitimate DynamicLake utility and potentially as Google’s Drive for desktop application, specifically aiming to compromise Apple Silicon M2 and M3 devices.
A significant security gap has been identified in Perplexity’s Comet browser. According to researchers at SquareX, the browser’s MCP API permits its hidden, built-in extensions to execute commands directly on a user’s device. This capability could be weaponized by attackers to launch system-level attacks.
Salesforce is currently investigating a new security incident that bears resemblance to the recent Salesloft Drift supply chain compromise. The company detected unusual activity involving Gainsight-published apps connected to its platform and is working to provide early findings and guidance to its customers.
Looking at broader trends, security experts predict that attackers are increasingly focusing on people rather than software flaws to breach networks. The 2025 Shiny Hunters’ attack on Salesforce users exemplifies this shift, where phishing and fraudulent OAuth applications were used to steal data and extort ransoms.
The challenge of security tool sprawl remains a pressing issue for many organizations. As zero-trust architectures introduce more features, teams often accumulate a complex array of tools. There is no universal solution; each company must find a balance that fits its unique needs and policies.
A concerning practice involves employees inadvertently leaking corporate secrets by inputting proprietary information, such as source code, into public AI tools. When these models learn from confidential data, there is a tangible risk they could reproduce similar information for other users, thereby compromising a company’s competitive edge and partner confidentiality.
For security professionals, new open-source tools are emerging. Strix offers autonomous AI agents that mimic human attackers to proactively find and demonstrate application vulnerabilities. Similarly, Metis provides an AI-driven, open-source solution for conducting deep security reviews on code, helping to identify subtle flaws that traditional scanners might miss.
The intersection of AI and security also brings new defensive tools. BlueCodeAgent is designed to help developers secure AI-generated code, addressing the inherent risks that come with the power of automated code creation.
Research continues to shed light on various security aspects. A study on machine learning privacy suggests that fears about models leaking sensitive training data may be overstated. Conversely, research into online scams reveals that fraudsters often engage in long, patient conversations to build trust, a tactic studied at scale using a system called CHATTERBOX.
Threat actors are also evolving their methods. A China-aligned group known as PlushDaemon was found compromising routers to reroute software updates to their own servers, demonstrating how a small network foothold can lead to significant global intrusions.
On the policy and compliance front, questions about GDPR compliance extend to password managers. Given that passwords protect critical systems, any failure in a password manager’s security can lead to serious data protection violations and operational disruption.
User understanding of privacy remains a challenge. Studies indicate that privacy labels on the Google Play Store often confuse Android users, affecting their perception of risk. Furthermore, a new Delinea report indicates that insurers are now closely scrutinizing the maturity and consistency of an organization’s identity controls when assessing coverage.
The global landscape reflects a decline in internet freedom for the fifteenth consecutive year, with increased government-led shutdowns, surveillance, and algorithmic control. Meanwhile, the rapid diffusion of AI technology is creating a new tech divide, placing uneven pressure on governments and industries.
Security readiness is another area of concern. A confidence gap exists where many security leaders feel prepared for incidents, but performance data from practice scenarios shows that teams frequently miss critical steps. This highlights a need for improved training and processes.
Finally, the product landscape continues to evolve with new solutions like SecAlerts, which delivers timely and actionable vulnerability notifications, and Proton Pass, a privacy-focused password manager from the creators of Proton Mail. The cybersecurity job market remains active, offering various roles for professionals at different skill levels. For those pursuing certifications, expert-led webinars provide valuable exam preparation strategies, and the market sees a steady stream of new information security products each week.
(Source: HelpNet Security)