This week in cybersecurity saw several significant events, including the disclosure of a critical remote code execution vulnerability in Fortinet products, an emergency patch for a Chrome zero-day under active exploitation, and reports on new malware and record-breaking infrastructure attacks.

Organizations are urged to apply the latest security updates for affected software and review their security posture in light of these developments. The incidents highlight ongoing threats targeting network appliances, web browsers, and critical development infrastructure.

Critical Vulnerabilities Patched in Fortinet and Chrome

Fortinet released patches for a critical vulnerability in its FortiNAC network access control solution. The flaw, tracked as CVE-2022-39952, is an external control of file name or path vulnerability that allows an unauthenticated attacker to write arbitrary files on the system, which can lead to remote code execution. The company has made updates available to address the issue.

Google also issued an emergency security update for the Chrome web browser to address its first zero-day vulnerability of the year. The high-severity flaw, identified as CVE-2023-0696, is a type confusion bug in the V8 JavaScript engine. Google confirmed that an exploit for this vulnerability exists in the wild and pushed out the update for Windows, Mac, and Linux users.

New Malware, DDoS Records, and SaaS Security Incidents

In the threat landscape, researchers from Check Point detailed a new IIS web server backdoor named BadIIS. This malware has been attributed to an Iranian state-sponsored hacking group and was used in attacks targeting government and technology organizations in Israel, Jordan, and the United Arab Emirates. The backdoor is designed to steal sensitive data, such as credentials and session cookies, from compromised servers.

Cloudflare reported that it successfully mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 71 million requests per second (rps). This represents the largest HTTP DDoS attack reported to date. The attack originated from a botnet consisting of over 30,000 IP addresses belonging to numerous cloud providers and was aimed at a website protected by Cloudflare’s services.

In the SaaS sector, continuous integration platform CircleCI disclosed a security incident where an unauthorized third party gained access to its systems. The company advised all customers to immediately rotate any secrets stored in CircleCI, including API tokens, project environment variables, and SSH keys. The investigation traced the initial intrusion to a single employee’s laptop that was compromised with malware.

Source: https://thehackernews.com/2025/11/weekly-recap-fortinet-exploit-chrome-0.html