November 22, 2025

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

You’d think that there’d be a bit less chaos a whole week after Patch Tuesday. Well, you’d be wrong. On Tuesday November 18, 2025, Cloudflare botched a routine update and took down major portions of their network and as a result a large swath of the internet. One of my favorite stories was about the website downdetector being down. This site is where people report and see what sites are having issues. Someone quickly made a downdetectordowndetector site. But, just in case that was down as well, someone made a downdetectordowndetectordowndetetor and on it went. There is an article linked in our Other News Events of Note and Interest section about this bit of comic relief that came about due to a day of major frustration. In addition to the above mess, there was quite a bit of other news to report about. So, onward.

This email and video commentary is from the RedDotSecurity.news website that contains a plethora of links to other items, not mentioned here, that are worth skimming to see if they interest you or pertain to your particular environment or of those you support. There is a lot more than what is provided in these opening comments. So, on to the headline news.

Headline NEWS:

  • Fortinet Warns of a New FortiWeb Vulnerability. Last week we reported that there was a major defect in FortiWeb. This week another hole was patched. Update quickly if you use this.
  • Grafana Enterprise patched a maximum severity defect in SCIM (System for Cross-domain Identity Management) which could allow for privilege escalation and use impersonation. Since this tool ties into your identity provider, it is vital that you patch quickly to prevent compromise not only of the items Grafana is orchestrating, but also your IDAM systems.
  • Microsoft was hit with a Distributed Denial of Service attack by the Aisuru botnet that employed more than 500,000 attack sources and hit a whopping 15.72 Tbps. Though it didn’t reach the record of 22.2 Tbps, it was still impressive, consuming enough bandwidth to stream 1 million 4K videos simultaneously.
  • Salesforce says some of its customers’ data was accessed after Gainsight’s breach. This story is still evolving as the investigation is ongoing. Mandiant has been brought in by Gainsight to investigate, and it has reported that over 200 companies were affected in this supply chain breach, that may actually be a result of another earlier breach of SalesloftDrift, where Gainsight was a victim.
  • SolarWinds Patches Three Critical Serv-U Vulnerabilities is a headline that should make anyone that lived through the 2020 Orion supply chain attack shudder a bit. These flaws are in their Serv-U file-transfer utility and could allow for remote code execution (RCE). There were also some other patches released for their Observability Self-Hosted that plug Cross Site Scripting (XSS) defects. Vet these soon and apply quickly.
  • SonicWall released new firmware for their Gen7 and Gen8 SonicOS SSLVPN software. If left unpatched, a threat actor can send specially crafted packets to affected units that can crash the firewall, causing it to reboot, resulting in a denial-of-service attack. Gen6 firewalls are not known to be vulnerable to this attack, nor is it currently known to be exploited in the wild – yet.

In Ransomware, Malware, and Vulnerabilities News:

  • Oracle E-Business Suite victims are piling up like a high-speed autobahn accident, including Oracle itself. The evil organization known as Cl0p has claimed that they have exfiltrated data from Oracle, Cox Enterprises, Broadcom, and dozens of other companies, in a crime spree that goes all the way back to April 2025. This is the Christmas fruitcake gift that will be giving for quite some time, I fear.

In Other News Events of Note and Interest:

  • IRS deploys AI agents through Salesforce’s AI program. That sounds like a nice recipe for disaster to me. I just hope that the IRS hasn’t been using Salesloft Drift or Gainsight. Otherwise, the IRS’ databases might be in threat actors’ hands already. But even if they aren’t yet. If recent experience with AI agents is any indication and especially given the apparently failings of our government’s technology initiatives, such as the decades long modernization effort, it is only a matter of time before the AI-IRS agent hallucinates some hefty bills or refunds for taxpayers, or helpfully gives private information out to anyone who asks in the right way. Nope, I do not like this one bit.

Musings:

In the United States of America, this coming week is when we celebrate the holiday of Thanksgiving, a day when we pause with family, loved ones, friends, and even strangers to share a meal and to reflect on the blessings that we have in our lives. There’s always something to be thankful for. And I am thankful for you, my readers and viewers; thankful that you continue to fight the good fight, thankful that you do not give up in the face of unrelenting opposition by increasing hordes of evil. And I am grateful that you dedicate yourselves to tirelessly watching, monitoring, analyzing, and fighting back the attacks. You are true unsung heroes. I pray that your Thanksgiving holiday is a peaceful and uninterrupted one. And of course, even though the tryptophane fueled stupor of too much food and holiday cheer may be there…

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: