Top stories.
- CISA warns of actively exploited FortiWeb flaw.
- Cloudflare outage caused by enlarged configuration file.
- US and allies sanction bulletproof hosting providers.
- Google issues patch for Chrome zero-day.
- New Android infostealer spreads via WhatsApp.
- Former Philippine mayor sentenced to life in prison for scam center human trafficking.
CISA warns of actively exploited FortiWeb flaw.
The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered Federal Civilian Executive Branch (FCEB) to patch an actively exploited flaw (CVE-2025-58034) in Fortinet's FortiWeb web application firewall by Tuesday, November 25th, BleepingComputer reports. According to Fortinet, the vulnerability "may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands."
CISA added the flaw to its Known Exploited Vulnerability catalog on Tuesday, noting that this type of vulnerability "is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."
Cloudflare outage caused by enlarged configuration file.
A major Cloudflare outage disrupted many online services Tuesday morning, including ChatGPT, Claude AI, Spotify, Shopify, Amazon, X, Uber, UPS, Zoom, and New Jersey Transit platforms, Tom's Guide reports. Cloudflare has traced issue to a single configuration file that exceeded its allotted size and crashed the system, Mashable says. Cloudflare said in a statement, "The root cause of the outage was a configuration file that is automatically generated to manage threat traffic. The file grew beyond an expected size of entries and triggered a crash in the software system that handles traffic for a number of Cloudflare's services." Engineers fixed the issue by replacing the file with an earlier version.
Cloudflare added, "To be clear, there is no evidence that this was the result of an attack or caused by malicious activity."
US and allies sanction bulletproof hosting providers.
The US, UK, and Australia have sanctioned two Russian bulletproof hosting providers (BHPs), Media Land and Hypercore, for their alleged roles in supporting ransomware attacks and other types of cybercrime. The US Treasury Department's Office of Foreign Assets Control (OFAC) says St. Petersburg-based Media Land provided infrastructure for ransomware groups, including Lockbit, BlackSuit, and Play, as well as supporting DDoS attacks against US critical infrastructure. OFAC also sanctioned two of Media Land's subsidiaries and three of its employees, including the hosting provider's general director, Aleksandr Volosovik.
OFAC and the United Kingdom also sanctioned Hypercore, a UK-incorporated front company for the Russian BHP Aeza Group. OFAC sanctioned Aeza earlier this year, and Treasury says the group has since attempted to rebrand using front companies.
Google issues patch for Chrome zero-day.
Google has issued an emergency Chrome update to fix two high-severity vulnerabilities in the V8 JavaScript engine, one of which is being actively exploited, Beyond Machines reports. The zero-day (CVE-2025-13223) is a type-confusion flaw that can allow "a remote attacker to potentially exploit heap corruption via a crafted HTML page." Google is withholding technical details until a majority of users have applied the patch. Users should ensure their browsers are updated to the latest version.
New Android infostealer spreads via WhatsApp.
Trustwave has published a report on a new strain of Android malware dubbed "Eternidade" that's targeting Brazil, although most of its infections are in other countries around the world. The malware spreads via WhatsApp using a Python-based worm, extracting victims' contact lists and delivering malicious files.
Trustwave has observed Eternidade implants across thirty-eight countries, with the highest activity in the United States. The researchers note that "although the malware family and delivery vectors are primarily Brazilian, the possible operational footprint and victim exposure are far more global."
Former Philippine mayor sentenced to life in prison for scam center human trafficking.
A Philippine court has sentenced a former mayor of the town of Bamban, Alice Guo, to life in prison after finding her guilty of human trafficking offenses, Reuters reports. The Philippine Senate launched an investigation into Guo last year after police raided a scam center built on land partially owned by Guo. This scam center, like many others across Southeast Asia, was known for using forced labor from trafficked victims.
Philippine law enforcement has identified Guo as a Chinese national, though Guo maintains that she is a natural-born Philippine citizen. Reuters notes that the case has intensified national scrutiny of China-linked criminal activity in the region.
