Fortinet Exploited, China’s AI Hacks, PhaaS Empire Falls & More

Nov 17, 2025Ravie LakshmananCybersecurity / Hacking News

This week showed just how fast things can go wrong when no one’s watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms.

It’s not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it’s a business. And in some cases, they’re using the same apps and services that businesses rely on — flipping the script without anyone noticing at first.

The scary part? Some threats weren’t even bugs — just clever use of features we all take for granted. And by the time people figured it out, the damage was done.

Let’s look at what really happened, why it matters, and what we should all be thinking about now.

⚡ Threat of the Week

Silently Patched Fortinet Flaw Comes Under Attack — A vulnerability that was patched by Fortinet in FortiWeb Web Application Firewall (WAF) has been exploited in the wild since early October 2025 by threat actors to create malicious administrative accounts. The vulnerability, tracked as CVE-2025-64446 (CVSS score: 9.1), is a combination of two discrete flaws, a path traversal flaw and an authentication bypass, that could be exploited by an attacker to perform any privileged action. It’s currently not known who is behind the exploitation activity. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by November 21, 2025.

• Operation Endgame Fells Rhadamanthys, Venom RAT, and Elysium Botnet — Malware families like Rhadamanthys Stealer, Venom RAT, and the Elysium botnet were disrupted as part of a coordinated law enforcement operation led by Europol and Eurojust. The activity, which took place between November 10 and 13, 2025, led to the arrest of an individual behind Venom RAT in Greece on November 3, along with the seizure of more than 1,025 servers and 20 domains. “The dismantled malware infrastructure consisted of hundreds of thousands of infected computers containing several million stolen credentials,” Europol said. “Many of the victims were not aware of the infection of their systems.”
• Google Sues China-Based Hackers Behind Lighthouse PhaaS — Google filed a civil lawsuit in the U.S. District Court for the Southern District of New York (SDNY) against 25 unnamed China-based hackers who are behind a massive Phishing-as-a-Service (PhaaS) platform called Lighthouse that has ensnared over 1 million users across 120 countries. The PhaaS kit has been used to fuel large-scale smishing campaigns in the U.S. that are designed to steal users’ personal and financial information by impersonating banks, cryptocurrency exchanges, mail and delivery services, police forces, state-owned enterprises, and electronic tolls, among others. The…