In Other News: PoC for Fortinet Bug, AI Model Subverts Shutdown, RAT Source Code Leaked

SecurityWeek’s cybersecurity news roundup provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports. 

Here are this week’s stories:

Size matters

As per IANS Research, the average security budget is 0.35% of revenue. You don’t get much if your annual revenue is just $100 million; but if it’s $20 billion, the average budget should be around $70 million. The very biggest firms could reach $100 million, The same principle applies to compensation and recognition. The average compensation package at large firms is now $700K, rising to $1M at $20B firms, with top earners at large firms achieving $1.3M per year. Almost 50% of CISOs at $20B firms have EVP or SVP titles.

The State of the CISO Summary Report 2025

SentinelOne outage

SentinelOne on Thursday experienced an outage affecting customer consoles globally. No visibility was available for managed response services and threat data reporting was delayed, but customer endpoints remained protected, the company said. Apparently, the outage was not a security incident, but the result of an AWS connectivity issue. 

Next Step Healthcare discloses year-old data breach

Next Step Healthcare is now notifying an unknown number of patients that hackers stole their personal, financial, and health information in a data breach detected in June 2024. The compromised data includes names, dates of birth, Social Security numbers, driver’s license numbers, diagnosis and treatment details, other health information, and financial account information. 

SilverRAT source code leaked

The source code of the notorious remote access trojan (RAT) SilverRAT was briefly leaked online a week ago, on GitHub. In addition to remote access to compromised systems, the malware provides sensitive information theft and code execution capabilities. 

OpenAI’s O3 model sabotages the shutdown mechanism

OpenAI O3, a reflective generative pre-trained transformer (GPT) model, sabotaged its shutdown mechanism to prevent being turned off even when explicitly instructed to power down, Palisade Research says. The model found creative ways for the sabotage, even redefining the kill command used by the shutdown script to print ‘intercepted’ instead. “As companies develop AI systems capable of operating without human oversight, these behaviors become significantly more concerning,” Palisade notes.

Katz Stealer dissected

Nextron Systems has analyzed Katz Stealer, a new information stealer offered as a MaaS. The threat exfiltrates sensitive information from popular browsers, wallet applications, browser extensions, multiple communication platforms, email clients, and gaming platforms, along with network information, and can also capture screenshots, monitor the clipboard, and fingerprint the systems.

PoC published for exploited Fortinet vulnerability

Two weeks after Fortinet released patches for CVE-2025-32756, a zero-day vulnerability exploited against its FortiVoice customers, Horizon3.ai published technical details on the bug and simple proof-of-concept (PoC) code targeting it. “Given the ease of exploitation, we recommend all users update or apply mitigations as soon as possible,” the company notes.

PyPI supply chain attack targets Colorama and Colorizr users

Checkmarx uncovered two malicious campaigns targeting Python and NPM users looking for the popular Colorama and Colorizr packages. Relying on typo-squatting and name-confusion attacks, the threat actors uploaded multiple PyPI packages with names similar to legitimate PyPI and NPM ones. The malicious code provides persistent remote access and control of the infected machines, as well as data exfiltration capabilities. 

Meteobridge, Nvidia, and Tenable patches

Meteobridge version 6.2 was released with patches for a high-severity command injection vulnerability allowing remote, unauthenticated attackers to execute commands with root privileges. Tenable patched two flaws in Network Monitor that could have led to privilege escalation and arbitrary code execution with System privileges. Multiple bugs in open source components were also addressed. Nvidia fixed a security defect in CUDA Toolkit for all platforms that could have led to code execution.

UK universities targeted with NodeSnake RAT

Quorum Cyber has linked (PDF) NodeSnake RAT infections at two universities in the UK to the Interlock ransomware group after identifying source code similarities between the two malware families. NodeSnake has persistence, reconnaissance, and command execution capabilities, combining the abuse of legitimate infrastructure with fileless execution and modular payloads.

Related: In Other News: Volkswagen App Hacked, DR32 Sentenced, New OT Security Solution

Related: In Other News: Hackers Not Behind Blackout, CISO Docuseries, Dior Data Breach