Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On November 13, 2025, open source reporting began detailing active exploitation of a silently patched Fortinet FortiWeb vulnerability. The flaw is a path traversal issue in the FortiWeb web application firewall (WAF) that allows an unauthenticated threat actor to create new administrative users on exposed devices. The following day, November 14, Fortinet officially addressed the vulnerability in an advisory, tracking it as CVE‑2025‑64446.

AI has collapsed the vulnerability exploit lifecycle. Adversaries now discover, weaponize, and exploit exposures across hybrid environments in minutes — chaining together misconfigurations, unpatched systems, and stolen credentials to gain rapid access and move laterally across environments. For defenders, the speed of the adversary changes everything.

Picture this: a critical vulnerability hits your dependency tree. Security flags it as high-priority, but the development team pushes back because the upgrade breaks three integration tests. Sound familiar? You’re not alone. It’s the same story for countless organizations, and it potentially costs your team countless hours of development time and revenue lost.

The Django Software Foundation has rolled out important security fixes addressing two serious vulnerabilities that could let attackers manipulate databases and disrupt application availability. The vulnerabilities such as CVE-2025-64459 (SQL Injection) and CVE-2025-64458 (Denial of Service), were found in commonly used functions of the Django web framework. These vulnerabilities affect how Django processes queries and handles redirects, especially when user-supplied input is not properly validated.

We’re proud to share that Nucleus Security has been named a Challenger in the inaugural 2025 Gartner Magic Quadrant for Exposure Assessment Platforms (EAPs) — recognized for our completeness of vision and ability to execute. This marks a significant milestone not only for Nucleus, but for the evolution of our entire industry. For the first time, Gartner has formally recognized Exposure Assessment Platforms as a distinct category.

Assigning remediation tasks across an enterprise organization can feel like navigating a maze of inconsistent tags, overlapping teams, and unclear ownership. It’s one of the most persistent operational challenges in vulnerability and exposure management, and one of the biggest barriers to speed. Each scanner and cloud platform comes with its own tagging logic. One system uses ProductOwner, another productowner. Some tags are outdated, others duplicated, and many have no clear purpose.

Over the past few years, API security has gone from a relatively niche concern to a headline issue. A slew of high-profile breaches and compliance mandates like PCI DSS 4.0 have woken security teams up to the reality that APIs are the front door to their data, infrastructure, and revenue streams. OWASP recently published its first-ever Business Logic Abuse Top 10 List; a clear indication that the industry is taking API security and all its nuances seriously.