Fortinet releases patch for actively exploited FortiWeb zero day

Fortinet issued an urgent security updates to address a newly disclosed FortiWeb zero-day vulnerability that attackers are already exploiting. Tracked as CVE-2025-58034, the flaw was discovered by researchers and affects multiple versions of FortiWeb. The vulnerability allows authenticated attackers to execute unauthorised code through crafted HTTP requests or CLI commands, making it a high-risk OS command injection issue. Researchers have already recorded around 2,000 exploitation attempts in live attacks.

Administrators are strongly advised to upgrade immediately to the latest FortiWeb releases issued earlier this week. The update follows Fortinet’s confirmation last week that it had patched another FortiWeb zero day, CVE-2025-64446, which has since been added to CISA’s catalogue of actively exploited vulnerabilities.

The disclosures add to a run of flaws leveraged by espionage and ransomware groups, reinforcing the need for rapid patching across exposed appliances.

French social security data breach exposes data of up to 1.2 million people

Pajemploi, the French social security service used by parents and home-based childcare providers, has confirmed a major data breach affecting as many as 1.2 million individuals. The agency disclosed that attackers accessed personal information belonging to professional caregivers employed by private households and registered through the Pajemploi system, which forms part of URSSAF.

The exposed data includes names, birthplaces, addresses, social security numbers, accreditation details and banking institution names. Crucially, no bank account numbers, email addresses, phone numbers or passwords were accessed. Pajemploi says each affected person will be contacted directly, and core services continue to operate normally.

After detecting the breach on 14 November, the organisation moved quickly to contain the incident and notified CNIL and ANSSI. URSSAF is urging vigilance amid the increased risk of fraud attempts using stolen details. No ransomware group has claimed responsibility, although ANSSI reportedly learned of the breach after data appeared on the dark web.

Cloudflare confirms major outage caused by internal bug, not a cyberattack

Cloudflare has confirmed that Tuesday’s widespread service disruption was not caused by a cyberattack, despite early speculation following a spike in unusual traffic. The outage affected a long list of major online platforms, including ChatGPT, X, Dropbox, Shopify and League of Legends, and also caused issues for several public-sector services such as New Jersey Transit and New York City Emergency Management.

According to Cloudflare CTO Dane Knecht, the outage stemmed from a latent bug within a core service supporting the company’s bot mitigation capability. A routine configuration change triggered the bug, which then cascaded into a broader network degradation. Cloudflare began investigating at 11:48 UTC and deployed a fix shortly before 14:42 UTC, although intermittent errors persisted for some users.

Cloudflare says it will publish a full post-incident analysis. CEO Matthew Prince later described the event as the company’s most significant outage since 2019.

Microsoft blocks record 15.7 Tbps DDoS attack linked to Aisuru botnet

Microsoft has revealed that it successfully mitigated the largest single cloud DDoS attack ever recorded, a 15.72 Tbps surge targeting Azure services in late October. The multivector assault, which also delivered nearly 3.64 billion packets per second, originated from the Aisuru botnet, a rapidly expanding network of compromised home routers and IoT devices.

More than 500,000 source IPs across multiple regions were used to flood a single Australian endpoint. Microsoft and Netscout both observed a spike in Aisuru-related activity during the period, including “demonstration attacks” above 20 Tbps aimed primarily at gaming platforms. Researchers warn that Aisuru and related TurboMirai botnets present a growing risk to global network operators.

Microsoft says rising residential fibre speeds and increasingly powerful connected devices are fuelling ever-larger DDoS campaigns. Azure’s DDoS Protection infrastructure absorbed and redirected the traffic, keeping customer services online throughout the incident.

Researchers issue warning that the boundaries between cyber and kinetic operations are dissolving

Amazon’s threat intelligence team has reported a sharp escalation in cyber activity designed to directly support physical military operations, a trend it labels “cyber-enabled kinetic targeting.” The company says Iranian-aligned threat actors are increasingly using digital reconnaissance to guide real-world attacks, blurring the line between cyber warfare and kinetic action.

One of the most striking examples involves Imperial Kitten, a group linked to Iran’s IRGC. Between late 2021 and early 2024, the group infiltrated maritime systems, including AIS platforms and onboard CCTV, to gather intelligence on specific vessels. Days after Imperial Kitten conducted targeted AIS searches for one ship, Houthi militants attempted a missile strike against that same vessel.

Another Iranian actor, MuddyWater, used compromised CCTV streams in Jerusalem to support missile attacks in June 2025. Amazon says these incidents show how cyber espionage is now feeding directly into battlefield decision-making, with attackers masking their origins through anonymising VPN services. The company warns this represents a fundamental shift in modern conflict.

If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation. 

The Threat Intel Roundup was prepared by Integrity360 summarising threat news as we observe it, current at the date of publishing. It should not be considered to be legal, consulting or any other professional advice. Any recommendations should be considered in the context of your own organisation. Integrity360 does not take any political stance in the information that we share. Moreover, the opinions expressed may not necessarily be the views of Integrity360.