Article Details

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More. Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it’s left unpatched or overlooked. Here’s a clear look at the week’s biggest risks, from exploited network flaws to new global campaigns and fast-moving vulnerabilities. ⚡ Threat of the Week Flaws in Multiple Network Security Products Come Under Attack — Over the past week, Fortinet, SonicWall, Cisco, and WatchGuard said vulnerabilities in their products have been exploited by threat actors in real-world attacks. Cisco said attacks exploiting CVE-2025-20393, a critical flaw in AsyncOS, have been abused by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 to deliver malware such as ReverseSSH (aka AquaTunnel), Chisel, AquaPurge, and AquaShell. The flaw remains unpatched. SonicWall said attacks exploiting CVE-2025-40602, a local privilege escalation flaw impacting Secure Mobile Access (SMA) 100 series appliances, have been observed in connection with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges. The development comes as firewalls and edge appliances have become a favorite target for attackers, giving attackers deeper visibility into traffic, VPN connections, and downstream systems. Cyber Forum 2026: Adversary Trends, AI Innovation, and the Future of Security Ops A virtual cybersecurity forum for today's security leaders. Discover how AI and automation strengthen defenses, streamline operations, and deliver measurable business impact. Hear from security leaders and research experts and get actionable strategies and trends. Register for free today. ‎️‍🔥 Trending CVEs Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week’s most serious security flaws. Check them, fix what matters first, and stay protected. This week’s list includes — CVE-2025-14733 (WatchGuard), CVE-2025-11901, CVE-2025-14302, CVE-2025-14303, CVE-2025-14304 (pre-boot DMA protection Bypass), CVE-2025-37164 (HPE OneView Software), CVE-2025-59374 (ASUS Live Update), CVE-2025-20393 (Cisco AsyncOS), CVE-2025-40602 (SonicWall SMA 100 Series), CVE-2025-66430 (Plesk), CVE-2025-33213 (NVIDIA Merlin Transformers4Rec for Linux), CVE-2025-33214 (NVIDIA NVTabular for Linux), CVE-2025-54947 (Apache StreamPark), CVE-2025-13780 (pgAdmin), CVE-2025-34352 (JumpCloud Agent), CVE-2025-14265 (ConnectWise ScreenConnect), CVE-2025-40806, CVE-2025-40807 (Siemens Gridscale X Prepay), CVE-2025-32210 (NVIDIA Isaac Lab), CVE-2025-64374 (Motors WordPress theme), CVE-2025-64669 (Microsoft Windows Admin Center), CVE-2025-46295 (Apache Commons Text), CVE-2025-68154 (systeminformation), CVE-2025-14558 (FreeBSD), and cross-site scripting and information disclosure flaws in Roundcube Webmail (no CVEs). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These tools are for learning and research only. They haven’t been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws. Conclusion The past week made one point clear: the perimeter is gone, but accountability isn’t. Every device, app, and cloud service now plays a part in defense. Patching fast, verifying what’s running, and questioning defaults are no longer maintenance tasks — they’re survival skills. As threats grow more adaptive, resilience comes from awareness and speed, not fear. Keep visibility high, treat every update as risk reduction, and remember that most breaches start with something ordinary left unchecked.