11/12/2025-11/19/2025 New FortiWeb CVE-2025-58034 Vulnerability, New Chrome Zero-Day Flaw Exploited, 7 npm Packages Caught Hiding Crypto Scams And More

1. Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has disclosed a new FortiWeb vulnerability, CVE-2025-58034, which is already being exploited in the wild. Rated medium-severity with a CVSS score of 6.7, the flaw stems from OS command injection (CWE-78) and could allow an authenticated attacker to run unauthorized commands via crafted HTTP requests or CLI inputs. Because exploitation requires prior authentication, attackers must combine this bug with another method to gain access first. Fortinet has released fixes across multiple FortiWeb branches, urging users to upgrade to the latest patched versions. The advisory comes shortly after it emerged that Fortinet had quietly patched another severe FortiWeb flaw, CVE-2025-64446 (CVSS 9.1), without issuing a public warning. The lack of transparency has drawn criticism from security experts, who argue that withholding vulnerability details hinders defenders while giving attackers an advantage.

2. Google Аixes New Chrome Zero-Day Flaw Exploited in Attacks

Google has released an emergency update to patch CVE-2025-13223, the seventh Chrome zero-day vulnerability exploited in attacks this year. This high-severity flaw, a type confusion weakness in the V8 JavaScript engine, was reported by Google’s Threat Analysis Group (TAG), which often uncovers government-backed spyware campaigns targeting journalists and dissidents. The fix is available in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. While the rollout will take weeks, the update was immediately available for manual checking. Users can ensure they are protected by going to Help > About Google Chrome to trigger the update and then relaunching the browser. Google has restricted full bug details to prevent further exploitation until most users are updated. 

3. Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks

Security researchers at Oligo have uncovered “ShadowMQ,” a series of critical Remote Code Execution vulnerabilities in major AI inference servers from Meta, NVIDIA, Microsoft, and open-source projects like vLLM. The flaw stems from the unsafe combination of ZeroMQ and Python’s pickle module, allowing arbitrary code execution on unauthenticated network sockets.

This security issue spread through widespread code reuse; for instance, SGLang’s code was directly adapted from vLLM, which itself copied the vulnerable pattern from Meta’s Llama Stack. The flaw exposed the AI infrastructure of major companies, including xAI, AMD, and cloud providers like Google and Microsoft, with thousands of vulnerable servers found on the public internet. Exploitation could lead to full system compromise, data theft, or cryptomining.

While Meta, NVIDIA, and others have patched their frameworks by replacing pickle with safer alternatives like JSON, some projects, including Microsoft’s Sarathi-Serve, remain vulnerable. Organizations must immediately patch, avoid using pickle with untrusted data, and restrict network access to these services. This incident demonstrates how code reuse can propagate critical security flaws across the entire AI ecosystem.

4. Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Researchers have uncovered a massive spam campaign that has flooded the npm registry with tens of thousands of fake packages since early 2024. The operation, dubbed the IndonesianFoods Worm, has published more than 67,000 junk packages using a worm-like script hidden in each upload. The code only runs when a user manually executes a JavaScript file, which then generates and publishes new packages in an endless loop. This design helps the malware evade automated scanners, allowing it to persist for nearly two years.

The spam packages use consistent naming patterns—often Indonesian names or food terms—and masquerade as Next.js projects. They also reference each other as dependencies, creating a self-replicating network that strains npm infrastructure and pollutes search results. Evidence suggests the campaign aims to earn TEA tokens by inflating package activity metrics. GitHub and AWS have removed many of the malicious packages, but over 150,000 related uploads have been identified, highlighting the scale of the threat and the ease of abusing open-source ecosystems.

5. 7 npm Packages Caught Hiding Crypto Scams

Cybersecurity researchers have identified seven malicious npm packages uploaded by a threat actor known as dino_reborn between September and November 2025. The packages—each downloaded a few hundred times—use a cloaking service called Adspect to differentiate real victims from security researchers. Adspect, marketed as a “bulletproof cloaking” tool for ad campaigns, filters traffic and hides malicious behavior, redirecting victims to crypto-themed scam sites while showing researchers harmless decoy pages.

Six of the packages contain a 39 kB malware component that fingerprints the system, hides itself, and blocks browser developer tools to evade analysis. The code executes immediately via an IIFE. One package, signals-embed, acts as a decoy, sending visitor data to an Adspect proxy before determining whether to show a fake CAPTCHA that leads to crypto scams or a blank page for suspected researchers. The findings surface alongside reports of large-scale npm abuse, including over 150,000 spam packages linked to TEA token farming campaigns.

11/05/2025-11/12/2025 126 Npm Package Targeting GitHub-Owned Repositories, Vibe-Coded Malicious VS Code Extension, Malicious NuGet Packages And More

1. Npm Package Targeting GitHub-Owned Repositories Flagged as Red Team Exercise

Cybersecurity researchers uncovered a malicious npm package, “@acitons/artifact,” that mimics GitHub’s legitimate “@actions/artifact” to target GitHub-owned repositories.The goal was to execute a script during GitHub builds, steal access tokens, and publish malicious artifacts.Six versions (4.0.12–4.0.17) contained a post-install hook that downloaded malware, though the latest npm version (4.0.10) is clean. The package, uploaded on October 29, 2025, had over 47,000 total downloads before the malicious versions were removed. Another similar package, “8jfiesaf83,” was downloaded about 1,000 times before removal. Analysis showed the malware downloaded a “harness” binary and executed “verify.js” to extract GitHub workflow data, sending it in encrypted form to a GitHub subdomain. GitHub later confirmed the incident was part of a Red Team security exercise, stating no systems or data were ever at risk.

2. Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities

Cybersecurity researchers have identified a malicious VS Code extension with basic ransomware capabilities, believed to be AI-generated or “vibe-coded.” Dubbed “susvsex,” the extension was uploaded to the marketplace on November 5, 2025, by “suspublisher18.” It was designed to automatically zip, upload, and encrypt files from a test directory upon activation. Microsoft has since removed it.

Fortunately, its impact was limited by its target directory, but the code could be easily updated. The extension also used a private GitHub repository for command-and-control (C2), polling for new instructions and exfiltrating results.

In a separate incident, Datadog uncovered 17 malicious npm packages posing as legitimate SDKs. These packages, published by now-banned accounts, secretly deployed the Vidar information stealer—marking its first appearance in the npm registry. The attack leveraged postinstall scripts to download and execute the malware from a remote server.

These events highlight the persistent threat of software supply chain attacks, underscoring the need for developers to exercise caution by reviewing packages and their dependencies before use.

3. GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have uncovered three new Visual Studio Code extensions tied to the GlassWorm campaign, showing ongoing attacks on the VS Code ecosystem. The extensions — ai-driven-dev.ai-driven-dev (3,402 downloads), adhamu.history-in-sublime-merge (4,057), and yasuyuky.transient-emacs (2,431) — remain available online. First revealed by Koi Security, GlassWorm spreads through malicious VS Code extensions to steal credentials, drain cryptocurrency wallets, and install remote-access tools. It hides code using invisible Unicode characters, enabling self-replication and wider compromise.

Although Open VSX removed earlier malicious extensions and revoked tokens on October 21, 2025, new variants have reappeared, using blockchain-based command-and-control (C2) mechanisms for persistence. Researchers found the attacker’s exposed server listing victims across the U.S., South America, Europe, and Asia, including a Middle Eastern government entity.

4. Malicious NuGet Packages Drop Disruptive ‘Time Bombs’

Researchers at Socket found nine malicious NuGet packages published under shanhai666 that include sabotage payloads scheduled to trigger between Aug 8, 2027 and Nov 29, 2028, targeting .NET database libraries and Siemens S7 PLCs. The packages (including Sharp7Extend) mix legitimate functionality with a ~20-line malicious payload implemented via C# extension methods so it runs transparently on each DB or PLC operation.

On the trigger dates the code uses a random check (20% chance) to either kill the host process or, for Sharp7Extend, immediately terminate PLC communications or corrupt PLC write operations after a 30–90 minute delay. Corrupted writes can prevent actuators from receiving commands, block safety engagements, and disrupt production. Sharp7Extend also deliberately fails initialization by reading a nonexistent config value.

Socket says the developer page and packages have since been delisted after ~9,500 downloads. Organizations are urged to audit for those nine packages, assume compromise if found, verify PLC/write integrity, and implement write-verification and safety-log checks.

5. Cisco: Actively Exploited Firewall Flaws Now Abused For DoS Attacks

Cisco has warned that two vulnerabilities, CVE-2025-20362 and CVE-2025-20333, are being exploited to force ASA and FTD firewalls into reboot loops. CVE-2025-20362 allows unauthenticated access to restricted URLs, while CVE-2025-20333 enables authenticated remote code execution. When combined, they give attackers full control over unpatched systems. Cisco released fixes on September 25, 2025, and the CISA issued an emergency directive requiring U.S. federal agencies to secure or disconnect affected ASA devices within 24 hours. Shadowserver tracks over 34,000 exposed ASA and FTD firewalls, down from nearly 50,000 in September.

The attacks are linked to the ArcaneDoor campaign and the UAT4356 group (STORM-1849), which previously exploited Cisco zero-days and deployed Line Dancer and Line Runner malware for persistence. Cisco also patched other RCE vulnerabilities, including CVE-2025-20352 and recent flaws in its Contact Center software, urging customers to apply all security updates immediately.

6. Google Uncovers PROMPTFLUX Malware That Uses Gemini AI to Rewrite Its Code Hourly

Google has uncovered a new experimental malware called PROMPTFLUX, a VBScript-based threat that uses Gemini AI’s API to rewrite its own source code for better obfuscation and evasion. According to Google Threat Intelligence Group (GTIG), the malware queries Gemini 1.5 Flash using a hard-coded API key to request code changes aimed at bypassing antivirus detection. PROMPTFLUX stores new versions in the Windows Startup folder for persistence and can spread via removable drives and network shares. Though its self-modifying feature is currently disabled, logs show the author’s intent to create an evolving, metamorphic script.

While still in development and not yet capable of system compromise, the malware reflects a growing trend of AI-assisted attacks. Google also cited other LLM-driven threats like FRUITSHELL, PROMPTLOCK, and PROMPTSTEAL, noting misuse of Gemini by China-, Iran-, and North Korea-linked actors to aid in phishing, malware creation, and data exfiltration.

10/29/2025-11/05/2025 126 Malicious npm Packages, Critical React Native CLI Flaw, Open VSX Registry Patches Security Flaw And More

1. PhantomRaven Attack Involves 126 Malicious npm Packages with Over 86,000 Downloads Hiding Malicious Code

Since August 2025, the sophisticated PhantomRaven campaign has deployed 126 malicious npm packages, amassing over 86,000 downloads. This operation harvests developer credentials like npm and GitHub tokens while evading most security tools. The investigation revealed the attackers adapted after initial removals, successfully publishing 80 more malicious packages that bypassed detection.

The attack’s core innovation involves “Remote Dynamic Dependencies.” The published packages appear benign on npmjs.com. However, their `package.json` files specify dependencies as HTTP URLs pointing to attacker-controlled servers. During installation, npm fetches and executes the hidden malicious payload from these external sources, completely bypassing static analysis tools. Once installed, a preinstall script automatically executes the malware. PhantomRaven then harvests sensitive data from the victim’s system, including environment variables, CI/CD credentials, and comprehensive system information for target profiling.

2. Critical React Native CLI Flaw Exposed Millions of Developers to Remote Attacks

A critical vulnerability in the “@react-native-community/cli” npm package, now patched, could allow attackers to execute malicious OS commands. The flaw, tracked as CVE-2025-11953, has a CVSS score of 9.8/10. It affects versions 4.8.0 through 20.0.0-alpha.2 of both “@react-native-community/cli” and “@react-native-community/cli-server-api,” and was fixed in version 20.0.0 released last month. The package, maintained by Meta, is used to build React Native apps and receives 1.5–2 million weekly downloads. The vulnerability stems from the Metro development server, which binds to external interfaces by default and exposes an “/open-url” endpoint vulnerable to OS command injection.

Attackers could exploit this by sending crafted POST requests, executing commands on Windows fully and on Linux/macOS with limited parameters. The flaw highlights the risks in third-party code and the need for automated, comprehensive security scanning across the software supply chain.

3. Open VSX Registry Patches Security Flaw After Token Leak and Malicious Extensions Found

The Open VSX Registry and Eclipse Foundation reported a security incident involving leaked developer tokens, which attackers used to publish malicious extensions. The issue was contained, with sweeping security improvements implemented. Researchers at Wiz discovered several exposed extension publishing tokens in public repositories. Some belonged to Open VSX developers, allowing attackers to compromise the marketplace. The Eclipse Foundation noted that the exposures stemmed from developer oversights, not infrastructure breaches. Compromised tokens were immediately revoked. Open VSX collaborated with Microsoft Security Response Center to implement a token prefix format for faster detection of exposed tokens. Malware, dubbed “GlassWorm” by Koi Security, exploited these tokens to steal developer credentials and distribute malicious extensions. While serious, the malware required human action to spread and wasn’t a fully self-propagating worm. All malicious extensions were removed, and token security enhanced. New measures include token lifetime limits, automated scanning, streamlined revocation, and collaboration with ecosystem partners to share threat intelligence.

4. CISA Adds Gladinet and CWP Flaws to KEV Catalog Amid Active Exploitation Evidence

CISA has added two security flaws to its KEV catalog after reports of active attacks. CVE-2025-11371 (CVSS 7.5) affects Gladinet CentreStack and Triofox, exposing system files to external access. CVE-2025-48703 (CVSS 9.0) is a command injection flaw in Control Web Panel (CWP), allowing unauthenticated remote code execution via the t_total parameter. Huntress reported active exploitation of CVE-2025-11371, using Base64-encoded payloads to run reconnaissance commands. CVE-2025-48703 was responsibly disclosed and patched in May 2025. Federal Civilian Executive Branch agencies must apply fixes by November 25, 2025. Additionally, WordPress plugins and themes with critical vulnerabilities include WP Freeio (CVE-2025-11533), Noo JobMonster (CVE-2025-5397), and Post SMTP (CVE-2025-11833), all allowing privilege escalation or site takeover. Users should update affected plugins, enforce strong passwords, and audit sites for malicious activity to mitigate risks.