XWiki Exploit, FortiWeb Attacks & Finger Malware – 11/15/2025

Today’s threat landscape is highlighted by the active exploitation of a critical remote code execution vulnerability in XWiki servers (CVSS 9.8) by the RondoDox botnet. Security teams are also responding to a novel malware campaign abusing the legacy ‘Finger’ protocol and the massive $220 million financial fallout from the Jaguar Land Rover cyberattack. This report details the key threats and defensive actions required.

Top 5 Critical Security Alerts

• RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet; The RondoDox botnet is actively exploiting a critical RCE vulnerability (CVE-2025-24893, CVSS 9.8) in unpatched XWiki servers. Read more
• Honeypot: FortiWeb CVE-2025-64446 Exploits: Active exploitation attempts for the FortiWeb vulnerability CVE-2025-64446 are being widely observed in security honeypots. Read more
• Decades-old ‘Finger’ protocol abused in ClickFix malware attacks: Threat actors are abusing the legacy ‘Finger’ protocol to remotely issue commands and deploy the ClickFix malware on Windows systems. Read more
• Jaguar Land Rover cyberattack cost the company over $220 million: A recent cyberattack cost Jaguar Land Rover over $220 million in a single quarter, highlighting the severe financial impact of security incidents. Read more
• Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors: Microsoft is investigating a bug causing a critical Windows 10 extended security update to fail on corporate devices, posing a patching risk. Read more

Threat Intelligence

• RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet; The RondoDox botnet is actively exploiting a critical RCE vulnerability (CVE-2025-24893, CVSS 9.8) in unpatched XWiki servers. Read more
• Honeypot: FortiWeb CVE-2025-64446 Exploits: Active exploitation attempts for the FortiWeb vulnerability CVE-2025-64446 are being widely observed in security honeypots. Read more
• Decades-old ‘Finger’ protocol abused in ClickFix malware attacks: Threat actors are abusing the legacy ‘Finger’ protocol to remotely issue commands and deploy the ClickFix malware on Windows systems. Read more

Security Breaches & Incidents

• Jaguar Land Rover cyberattack cost the company over $220 million: A recent cyberattack cost Jaguar Land Rover over $220 million in a single quarter, highlighting the severe financial impact of security incidents. Read more
• Five Plead Guilty in U.S. for Helping North Korean IT Workers Infiltrate 136 Companies: Five individuals have pleaded guilty to aiding North Korean IT workers in a fraudulent scheme to infiltrate U.S. companies and generate illicit revenue. Read more

Security Tools & Best Practices

• Microsoft: Windows 10 KB5068781 ESU update may fail with 0x800f0922 errors: Microsoft is investigating a bug causing a critical Windows 10 extended security update to fail on corporate devices, posing a patching risk. Read more

Emerging Security Technologies

• LeCun accuses Anthropic of exploiting AI cyberattack fears for regulatory capture: AI pioneer Yann LeCun claims AI company Anthropic is exaggerating AI cyberattack risks to influence regulation in its favor. Read more