Week 12 of 2025

In this week's Threat Intelligence Briefing:

• CVE-2025-20115: Cisco IOS XR Vulnerability Lets Attackers Crash BGP on Routers
• CVE-2024-55591 & CVE-2025-24472: New SuperBlack Ransomware Exploits Fortinet Authentication Bypass Flaws
• CVE-2025-26909: WordPress Security Plugin WP Ghost Vulnerable to Remote Code Execution
• Advisory: HellCat Hackers Conduct Worldwide Jira Hacking Spree
• Advisory: New Windows Zero-Day Exploited by 11 State-Sponsored Hacking Groups Since 2017
• Advisory: StilachiRAT Analysis by Microsoft – From System Reconnaissance to Cryptocurrency Theft
• Advisory: Ransomware Gang Creates Tool to Automate VPN Brute-Force Attacks

Brought to you by Joey Vandegrift and Brad Causey, CISSP at SecurIT360

The Most Common External Pen Test Findings—And How to Fix Them