Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.
Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.
This week’s curated collection highlights the key threat intelligence updates our team publishes daily. Highlights include, Synology issuing critical BeeStation OS updates after a live Pwn2Own exploit demonstration, SAP releasing its November patches with a newly detailed max-severity vulnerability, and Google’s Threat Intelligence Group reporting a surge in adversaries weaponizing AI tools to support real-world cyber operations.
A critical ImunifyAV flaw allows remote code execution when AI-Bolit performs forced deobfuscation in Imunify360 scans, enabling full server compromise. Researchers showed an exploit using a crafted PHP file, and rated the issue CVSS 8.1. CloudLinux patched the bug and backported fixes to older versions due to widespread deployment. Any Linux server running vulnerable Imunify builds may be exposed.
Synology patched CVE-2025-12686, a critical buffer overflow in BeeStation OS before 1.3.2-65648 that allowed remote, no-interaction code execution and full device takeover. Although no in-the-wild attacks are known, the public demo increases risk. Upgrade immediately or isolate devices and enforce strict access controls if patching is delayed.
Included in these patches were two critical flaws: CVE-2025-42890, a CVSS 10 issue in SQL Anywhere Monitor’s non-GUI component caused by hardcoded credentials that could enable full remote compromise, and CVE-2025-42887, a CVSS 9.9 vulnerability in Solution Manager allowing authenticated users to inject and run malicious code. SAP recommends discontinuing the affected monitor component and updating all systems.
Multiple QNAP components were found vulnerable, including QTS and QuTS hero OS versions with CGI flaws enabling code execution, HBS backup tools with bugs allowing unauthorized access to remote data, Malware Remover with a code-injection issue, and Hyper Data Protector with hardcoded credentials. All flaws pose high risk, and QNAP urges immediate updates and strong access controls.
Threat actors are using AI to enhance malware, including PROMPTFLUX, which repeatedly rewrites and hides its own code using Gemini, and PROMPTSTEAL, linked to APT28, which uses LLM-generated commands to steal data. GTIG also found China- and Iran-based actors manipulating AI models for phishing, infrastructure setup, and custom malware. AI misuse is lowering barriers and enabling more scalable, adaptive attacks.
Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.
Signing up to the newsletter makes you the first to know about: