11/12/2025-11/19/2025 New FortiWeb CVE-2025-58034 Vulnerability, New Chrome Zero-Day Flaw Exploited, 7 npm Packages Caught Hiding Crypto Scams And More

1. Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild

Fortinet has disclosed a new FortiWeb vulnerability, CVE-2025-58034, which is already being exploited in the wild. Rated medium-severity with a CVSS score of 6.7, the flaw stems from OS command injection (CWE-78) and could allow an authenticated attacker to run unauthorized commands via crafted HTTP requests or CLI inputs. Because exploitation requires prior authentication, attackers must combine this bug with another method to gain access first. Fortinet has released fixes across multiple FortiWeb branches, urging users to upgrade to the latest patched versions. The advisory comes shortly after it emerged that Fortinet had quietly patched another severe FortiWeb flaw, CVE-2025-64446 (CVSS 9.1), without issuing a public warning. The lack of transparency has drawn criticism from security experts, who argue that withholding vulnerability details hinders defenders while giving attackers an advantage.

2. Google Аixes New Chrome Zero-Day Flaw Exploited in Attacks

Google has released an emergency update to patch CVE-2025-13223, the seventh Chrome zero-day vulnerability exploited in attacks this year. This high-severity flaw, a type confusion weakness in the V8 JavaScript engine, was reported by Google’s Threat Analysis Group (TAG), which often uncovers government-backed spyware campaigns targeting journalists and dissidents. The fix is available in versions 142.0.7444.175/.176 for Windows, 142.0.7444.176 for Mac, and 142.0.7444.175 for Linux. While the rollout will take weeks, the update was immediately available for manual checking. Users can ensure they are protected by going to Help > About Google Chrome to trigger the update and then relaunching the browser. Google has restricted full bug details to prevent further exploitation until most users are updated. 

3. Critical RCE Flaws in AI Inference Engines Expose Meta, Nvidia, and Microsoft Frameworks

Security researchers at Oligo have uncovered “ShadowMQ,” a series of critical Remote Code Execution vulnerabilities in major AI inference servers from Meta, NVIDIA, Microsoft, and open-source projects like vLLM. The flaw stems from the unsafe combination of ZeroMQ and Python’s pickle module, allowing arbitrary code execution on unauthenticated network sockets.

This security issue spread through widespread code reuse; for instance, SGLang’s code was directly adapted from vLLM, which itself copied the vulnerable pattern from Meta’s Llama Stack. The flaw exposed the AI infrastructure of major companies, including xAI, AMD, and cloud providers like Google and Microsoft, with thousands of vulnerable servers found on the public internet. Exploitation could lead to full system compromise, data theft, or cryptomining.

While Meta, NVIDIA, and others have patched their frameworks by replacing pickle with safer alternatives like JSON, some projects, including Microsoft’s Sarathi-Serve, remain vulnerable. Organizations must immediately patch, avoid using pickle with untrusted data, and restrict network access to these services. This incident demonstrates how code reuse can propagate critical security flaws across the entire AI ecosystem.

4. Over 67,000 Fake npm Packages Flood Registry in Worm-Like Spam Attack

Researchers have uncovered a massive spam campaign that has flooded the npm registry with tens of thousands of fake packages since early 2024. The operation, dubbed the IndonesianFoods Worm, has published more than 67,000 junk packages using a worm-like script hidden in each upload. The code only runs when a user manually executes a JavaScript file, which then generates and publishes new packages in an endless loop. This design helps the malware evade automated scanners, allowing it to persist for nearly two years.

The spam packages use consistent naming patterns—often Indonesian names or food terms—and masquerade as Next.js projects. They also reference each other as dependencies, creating a self-replicating network that strains npm infrastructure and pollutes search results. Evidence suggests the campaign aims to earn TEA tokens by inflating package activity metrics. GitHub and AWS have removed many of the malicious packages, but over 150,000 related uploads have been identified, highlighting the scale of the threat and the ease of abusing open-source ecosystems.

5. 7 npm Packages Caught Hiding Crypto Scams

Cybersecurity researchers have identified seven malicious npm packages uploaded by a threat actor known as dino_reborn between September and November 2025. The packages—each downloaded a few hundred times—use a cloaking service called Adspect to differentiate real victims from security researchers. Adspect, marketed as a “bulletproof cloaking” tool for ad campaigns, filters traffic and hides malicious behavior, redirecting victims to crypto-themed scam sites while showing researchers harmless decoy pages.

Six of the packages contain a 39 kB malware component that fingerprints the system, hides itself, and blocks browser developer tools to evade analysis. The code executes immediately via an IIFE. One package, signals-embed, acts as a decoy, sending visitor data to an Adspect proxy before determining whether to show a fake CAPTCHA that leads to crypto scams or a blank page for suspected researchers. The findings surface alongside reports of large-scale npm abuse, including over 150,000 spam packages linked to TEA token farming campaigns.