Threat Round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection highlights the key threat intelligence updates our team publishes daily. Highlights include, Synology issuing critical BeeStation OS updates after a live Pwn2Own exploit demonstration, SAP releasing its November patches with a newly detailed max-severity vulnerability, and Google’s Threat Intelligence Group reporting a surge in adversaries weaponizing AI tools to support real-world cyber operations.

Publicly Disclosed Flaw Enables RCE via Malware Scanning Engine

A critical ImunifyAV flaw allows remote code execution when AI-Bolit performs forced deobfuscation in Imunify360 scans, enabling full server compromise. Researchers showed an exploit using a crafted PHP file, and rated the issue CVSS 8.1. CloudLinux patched the bug and backported fixes to older versions due to widespread deployment. Any Linux server running vulnerable Imunify builds may be exposed.

Keep reading

Synology Updates BeeStation OS Following Pwn2Own Demonstration

Synology patched CVE-2025-12686, a critical buffer overflow in BeeStation OS before 1.3.2-65648 that allowed remote, no-interaction code execution and full device takeover. Although no in-the-wild attacks are known, the public demo increases risk. Upgrade immediately or isolate devices and enforce strict access controls if patching is delayed.

Keep reading

SAP November Patch Day Includes Max-severity Vulnerability

Included in these patches were two critical flaws: CVE-2025-42890, a CVSS 10 issue in SQL Anywhere Monitor’s non-GUI component caused by hardcoded credentials that could enable full remote compromise, and CVE-2025-42887, a CVSS 9.9 vulnerability in Solution Manager allowing authenticated users to inject and run malicious code. SAP recommends discontinuing the affected monitor component and updating all systems.

Keep reading

Critical QNAP NAS Flaws Patched Following Pwn2Own Demonstrations

Multiple QNAP components were found vulnerable, including QTS and QuTS hero OS versions with CGI flaws enabling code execution, HBS backup tools with bugs allowing unauthorized access to remote data, Malware Remover with a code-injection issue, and Hyper Data Protector with hardcoded credentials. All flaws pose high risk, and QNAP urges immediate updates and strong access controls.

Keep reading

Google Threat Intelligence Group Reports on Adversaries Weaponizing AI Tools

Threat actors are using AI to enhance malware, including PROMPTFLUX, which repeatedly rewrites and hides its own code using Gemini, and PROMPTSTEAL, linked to APT28, which uses LLM-generated commands to steal data. GTIG also found China- and Iran-based actors manipulating AI models for phishing, infrastructure setup, and custom malware. AI misuse is lowering barriers and enabling more scalable, adaptive attacks.

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: