Threat Round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection highlights the key threat intelligence updates our team publishes daily. Highlights include proof-of-concept releases for unpatched D-Link router RCE flaws, an active exploitation of a vulnerability in Chrome’s V8 engine, and new intelligence showing Akira ransomware expanding its targeting to Nutanix AHV environments.

POCs Published for Unpatched RCE Vulnerabilities in D-Link Routers

D-Link’s SAP10475 advisory reveals four critical flaws in its unsupported DIR-878 060 routers widely used in small office and home setups. Public exploits were released before D-Link disclosed several critical flaws in its DIR-878 060 routers, allowing unauthenticated remote code execution through crafted HTTP requests. No patches are planned as the devices are EOL. A separate high-severity RCE flaw also affects the unsupported DIR-816L. These issues are easily exploited, so users should isolate or replace legacy hardware.

Keep reading

Vulnerability in Chrome’s V8 Engine Actively Exploited

Google patched two type confusion flaws in Chrome’s V8 engine, which powers JavaScript and WebAssembly in Chrome and other Chromium browsers. Chrome users on Windows, macOS, and Linux must update to the latest 142.0.7444 builds after Google patched a high-severity flaw (CVE-2025-13223) already exploited in the wild. The bug, a V8 type confusion issue, can enable code execution through malicious HTML. Edge, Brave, Vivaldi, and DuckDuckGo have also released updates. Organizations should patch promptly to reduce exposure.

Keep reading

Fortinet Discloses New FortiWeb Flaw Exploited Before Patch Release

Fortinet disclosed CVE-2025-58034, a FortiWeb flaw exploited in the wild before release, rated medium severity with a CVSS v3.1 score of 6.7. Fortinet disclosed a second FortiWeb zero-day: an OS command injection flaw that lets attackers run system commands if exploited. Combined with last week’s path-traversal bug (CVE-2025-64446), the two could enable a chained, unauthenticated attack. Both issues are patched in FortiWeb versions 7.0.12, 7.2.12, 7.4.11, 7.6.6, and 8.0.2. Upgrading is the only mitigation.

Keep reading

Akira Ransomware Targeting Nutanix AHV

CISA and partner intelligence agencies updated advisory AA24-109A with new tactics, techniques, and procedures used by Akira ransomware actors. CISA’s updated Akira ransomware advisory highlights new tactics, including targeting virtual environments, harvesting backup credentials, and rapid data theft. Akira has hit 250+ victims and extorted over $244M. The Rust-based Akira_v2 variant improves speed, evasion, and cross-platform targeting, including Nutanix AHV. Attacks often begin through SonicWall or Veeam flaws before spreading laterally.

Keep reading

Active Exploitation of Undisclosed FortiWeb Flaw

A new FortiWeb path traversal flaw now has a public PoC and is being widely exploited, with global scanning activity surging by mid-November 2025. Researchers observed active exploitation of a FortiWeb zero-day beginning in October, with dark web ads for an RCE exploit appearing in early November. The flaw allows attackers to bypass authentication and create admin accounts, giving full control of affected systems. Versions below 8.0.2 are vulnerable, while 8.0.2 blocks the exploit. No advisory or CVE has been issued yet, so upgrading immediately is strongly recommended.

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: