The CISA has reported that a vulnerability in Control Web Panel (CWP) is being actively exploited by attackers. An estimated 150,000 internet-exposed CWP instances are at risk, prompting federal agencies to address this issue by November 25.

Google warns that various threat actors, including those linked to Russia and China, are exploiting a critical flaw in WinRAR to gain access and deploy malware. This vulnerability, CVE-2025-8088, allows attackers to execute malicious code by manipulating archive files, leading to widespread attacks on multiple targets.

A campaign exploiting the CVE-2024-36401 vulnerability in GeoServer has been discovered, allowing attackers to monetize victims' internet bandwidth through the deployment of legitimate software development kits (SDKs) or modified apps. The stealthy approach enables criminals to profit without distributing traditional malware while targeting an expanding number of publicly accessible GeoServer instances. Palo Alto Networks offers protective measures against such threats.