Infosec bits for 2025 week 33

Zoya Vilakazi | Aug. 15, 2025, 3:33 p.m.

Cybersecurity News:

Fortinet SSL VPNs Hit by Global Brute-Force Wave Before Attackers Shift to FortiManager [Ravie Lakshmanan, The Hacker News]

Fighting fraud with AI: The new identity security playbook [Help Net Security, Help Net Security]

Vulnerabilities and Patches:

FortiOS, FortiProxy, and FortiPAM Auth Bypass Vulnerability Allows Attackers to Gain Full Control [Florence Nightingale, Cyber Security News]

VulnerabilitiesCisco Patches Critical Vulnerability in Firewall Management Platform [Eduard Kovacs, Security Week]

Fortinet patches critical flaw with public exploit in FortiSIEM [Lucian Constantin, CSO]

HTTP/2 MadeYouReset Vulnerability Enables Massive DDoS Attacks [Divya, GBHackers]

Patch Now: Attackers Target OT Networks via Critical RCE Flaw [Elizabeth Montalbano, Dark Reading]

Malware:

Details emerge on WinRAR zero-day attacks that infected PCs with malware [Bill Toulas, Bleeping Computer]

WinRAR 0-Day in Phishing Attacks to Deploy RomCom Malware [Florence Nightingale, Cyber Security News]

Source Code of ERMAC V3.0 Malware Exposed by ‘changemeplease’ Password [Divya, GBHackers]

Malvertising Campaign Deploys Modular PowerShell Malware PS1Bot [Alessandro Mascellino, Infosecurity Magazine]

New NFC-Driven PhantomCard Android Malware Attacking Banking Users [Tushar Subhra Dutta, Cyber Security News]