Cyberwarzone

GLOBAL SITUATIONMONITORING
482 published briefsUTCSun, Apr 5 21:15:20
Intelligence Domain

Cyber News & Updates

Breaking news, security alerts, and trending stories from across the cybersecurity landscape.

234 intelligence briefs← Intelligence Hub
  • n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances

    n8n CVE-2025-68613: Expression Injection Enables Arbitrary Code Execution on 103,476 Workflow Automation Instances

    A critical expression injection vulnerability in n8n workflow automation platform (CVSS 9.9) allows authenticated attackers to execute arbitrary code with process privileges. 103,476 exposed instances identified globally, with rapid patching required to prevent credential theft and lateral movement across integrated systems.

    Peter Chofield
    11–16 minutes
  • WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls

    WatchGuard Fireware CVE-2025-14733: Out-of-Bounds Write in iked Enables Unauthenticated RCE on 117,490+ Exposed Firewalls

    A critical out-of-bounds write vulnerability in WatchGuard Fireware OS allows unauthenticated remote attackers to execute arbitrary code on perimeter devices via malicious IKEv2 packets. 117,490 exposed instances globally, 35,600+ in the U.S., with active exploitation confirmed since December 2025.

    Peter Chofield
    11–16 minutes
  • RondoDox Botnet Exploits React2Shell CVSS 10.0 to Hijack 90,300+ IoT Devices and Web Servers

    RondoDox Botnet Exploits React2Shell CVSS 10.0 to Hijack 90,300+ IoT Devices and Web Servers

    A sophisticated botnet campaign spanning nine months has targeted IoT devices and web applications worldwide, exploiting React2Shell CVE-2025-55182 (CVSS 10.0) as its primary initial access vector since December 2025. With 68,400 vulnerable instances in the U.S. alone, RondoDox systematically enrolls victims into cryptocurrency mining and botnet relay infrastructure.

    Peter Chofield
    8–12 minutes
  • Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation

    Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation

    A five-year-old 2FA bypass vulnerability in Fortinet FortiOS continues to plague enterprise perimeter security. Over 9,700 unpatched FortiGate instances remain exposed globally as of January 2026, with active exploitation confirmed. An attacker can bypass two-factor authentication by simply altering username case and exploiting misconfigured LDAP group authentication—a trivial technique that has already been leveraged by…

    Peter Chofield
    7–11 minutes
  • MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation

    MongoDB MongoBleed CVE-2025-14847: Unauthenticated Memory Leak Under Active Exploitation

    A critical pre-authentication memory disclosure vulnerability in MongoDB allows attackers to leak heap memory without credentials. With 87,000+ vulnerable instances globally and active exploitation confirmed, CISA has mandated patches for Federal agencies by January 19, 2026.

    Peter Chofield
    3–5 minutes
  • India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

    India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

    India’s Department of Telecommunications has issued a new directive for messaging apps, mandating they only work with active SIM cards linked to the user’s mobile number. This aims to combat phishing, online scams, and other cyber frauds by preventing anonymous activities and ensuring account traceability.

    Reza Rafati
    2–4 minutes
  • GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

    GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools

    The GlassWorm supply chain campaign has resurfaced, infiltrating the Microsoft Visual Studio Marketplace and Open VSX with 24 malicious extensions. These extensions impersonate popular developer tools and frameworks, stealing credentials and cryptocurrency, and turning developer machines into attacker-controlled nodes. This re-emergence highlights the adaptive nature of the adversary and the persistent challenge in securing developer…

    Lara De Jong
    1–2 minutes
  • Scottish Council Two Years into Ransomware Recovery

    Scottish Council Two Years into Ransomware Recovery

    The Scottish Comhairle nan Eilean Siar, or Council for the Western Isles, is now two years deep into recovering from a major ransomware attack that hit them in early November 2023. The direct financial fallout from this cyber incident has already exceeded 1 million euros. The attack highlighted inadequate continuity plans, unresolved IT infrastructure weaknesses,…

    Peter Chofield
    2–3 minutes
  • AI Brings About a Shift in Video Surveillance

    AI Brings About a Shift in Video Surveillance

    AI is revolutionizing video surveillance, moving beyond simple motion detection to systems that not only see what’s happening but understand why. This shift promises more proactive, reliable, and efficient security through Vision-Language Models (VLM) which combine visual information with language, allowing them to track activities over time and identify cause and effect.

    Lara De Jong
    2–3 minutes
  • Regions Calling: Life With No Internet Is the New Normal

    Regions Calling: Life With No Internet Is the New Normal

    Life without consistent internet is the new norm in many Russian regions. Frequent mobile outages and restrictions are transforming daily life far beyond Moscow, forcing a return to cash and impacting financial aid for soldiers and their families.

    Peter Chofield
    1–2 minutes