Here is the most recent Cybersecurity news for the past week:
🗜️ Google Detects Active Exploitation of WinRAR Vulnerability The Google Threat Intelligence Group has identified widespread exploitation of a critical path traversal vulnerability (CVE-2025-8088) in WinRAR. Attackers are leveraging this flaw to bypass security controls and drop malicious files into the Windows Startup folder, effectively granting them persistent access to compromised systems.
https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability
🆘 SolarWinds Patches Critical Web Help Desk Flaws SolarWinds has released urgent security updates for its Web Help Desk (WHD) software to address multiple critical vulnerabilities, including remote code execution and authentication bypass issues (CVE-2025-40551). Security experts advise immediate patching, as these flaws could allow unauthenticated attackers to take full control of affected servers.
🚨 CISA Warnings on Fortinet and FortiCloud Exploits The Cybersecurity and Infrastructure Security Agency (CISA) has added a new Fortinet vulnerability (CVE-2026-24858) to its Known Exploited Vulnerabilities (KEV) catalog. The agency warns that threat actors are actively targeting this authentication bypass flaw in FortiCloud SSO to gain unauthorized access to corporate networks.
https://www.cisa.gov/news-events/cybersecurity-advisories
🚓 Connecticut Police Department Hit by Ransomware The New Britain Police Department in Connecticut suffered a significant ransomware attack that disrupted the city’s network servers and forced officers to rely on manual dispatching procedures. City officials confirmed the “NightSpire” ransomware group was responsible and are working with federal authorities to restore critical services.
–
https://cybersecurityventures.com/ransomware-report/
⚖️ FBI Warns of Scammers Impersonating Federal Prosecutors The FBI has issued a public safety alert regarding a surge in fraudsters impersonating federal prosecutors and law enforcement officials to extort money from victims. These sophisticated social engineering campaigns often use spoofed phone numbers and official-looking documents to threaten individuals with arrest unless immediate payments are made.
