"Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most - firewalls, browser add-ons, and even smart TVs - turning small cracks into serious breaches. The real danger now isn't just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can become an entry point if it's left unpatched or overlooked."
"Flaws in Multiple Network Security Products Come Under Attack - Over the past week, Fortinet, SonicWall, Cisco, and WatchGuard said vulnerabilities in their products have been exploited by threat actors in real-world attacks. Cisco said attacks exploiting CVE-2025-20393, a critical flaw in AsyncOS, have been abused by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 to deliver malware such as ReverseSSH (aka AquaTunnel), Chisel, AquaPurge, and AquaShell. The flaw remains unpatched."
"SonicWall said attacks exploiting CVE-2025-40602, a local privilege escalation flaw impacting Secure Mobile Access (SMA) 100 series appliances, have been observed in connection with CVE-2025-23006 (CVSS score 9.8) to achieve unauthenticated remote code execution with root privileges. The development comes as firewalls and edge appliances have become a favorite target for attackers, giving attackers deeper visibility into traffic, VPN connections, and downstream systems."
Attackers are shifting to targeting everyday tools and trusted systems rather than relying solely on large-scale breaches. Network security products from Fortinet, SonicWall, Cisco, and WatchGuard have seen real-world exploitation, with at least one critical AsyncOS flaw (CVE-2025-20393) abused by a China-nexus APT to deliver multiple malware families while remaining unpatched. SonicWall appliances face combined exploitation of CVE-2025-40602 and CVE-2025-23006 to achieve unauthenticated RCE with root privileges. Firewalls and edge devices offer attackers visibility into traffic, VPNs, and downstream systems. A widely installed Chrome/Edge extension, Urban VPN Proxy, was observed harvesting user prompts from many AI chatbots.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]