Airlines End Flight Data Sales, Chrome Zero-Day Patched, Fortinet Vulnerability
Top cybersecurity stories today include airlines halting government data programs, critical browser security patches, and enterprise firewall vulnerabilities.
Airlines End Program Selling Flight Records to Government After Pressure
The Airlines Reporting Corporation will stop selling extensive flight data to the government, a practice criticized for bypassing legal oversight.
Key Points:
ARC, co-owned by major airlines, will discontinue sales of flight data to government agencies.
The decision follows scrutiny from lawmakers and media reporting on ARC’s practices.
Flight data was used by agencies like the IRS without warrants, raising privacy concerns.
Lawmakers commend the decision and urge other industries to follow suit in protecting consumer data.
Airlines Reporting Corporation (ARC), a data broker owned by major U.S. airlines, has announced it will terminate its Travel Intelligence Program, which allowed government access to extensive records of flight data. This includes details on where passengers traveled, the timing of flights, and even payment methods. The decision comes amid rising scrutiny and backlash from lawmakers, particularly after revelations that the IRS utilized this data without warrants.
The intense pressure from several members of Congress, alongside ongoing investigations by 404 Media, played a significant role in ARC’s decision. In November 2025, ARC notified its government customers of its plan to sunset the program, highlighting a shift away from practices that do not align with its core mission of serving the travel industry. Lawmakers have pointed to this as a precedent and are calling on other industries to reconsider their data-sharing agreements with government entities, emphasizing the need for consumer privacy and legal adherence.
Although ARC will no longer provide flight data access to the government, there are still concerns that agencies could obtain information about travelers who book directly through airlines via legal channels like subpoenas. With about half of all tickets booked through travel agencies captured in ARC’s database, the implications for citizen privacy remain significant.
How do you feel about companies selling customer data to government agencies without warrants?
Learn More: 404 Media
Critical Chrome zero-day flaw fixed by Google — update your browser immediately
Google has released an emergency update to address a high-severity zero-day vulnerability in Chrome that has been actively exploited.
Key Points:
This zero-day vulnerability is tracked as CVE-2025-13223.
It’s the seventh zero-day exploit patched in Chrome this year.
Users should update their browsers now to protect against potential attacks.
Google has restricted details on the flaw to prevent further exploitation.
Regular software updates are essential for maintaining security.
An emergency security update has been rolled out by Google to fix a critical zero-day vulnerability in Chrome, designated as CVE-2025-13223. This flaw is categorized as high-severity, indicating serious risks if exploited. Google has confirmed that the vulnerability has already been utilized in attacks against users. As such, it is crucial for Chrome users to update their browser immediately to safeguard against these threats. While updates are typically automatic, it’s important for users to check their settings to ensure they are protected by the latest patches.
This exploitation highlights the importance of continuous vigilance regarding software updates. In 2025 alone, we’ve seen a total of seven zero-day vulnerabilities addressed in Chrome. Google tends to limit the distribution of detailed information about such vulnerabilities until most users have had the chance to apply the necessary patches. This is a strategic move to prevent malicious actors from taking advantage of those remaining unprotected. Given the increasing prevalence of zero-day exploits, regular updates and maintaining secure software practices remain paramount in protecting against potential cybersecurity threats.
What steps do you take to ensure your software is always up-to-date and secure?
Learn More: Tom’s Guide
CISA Urges Quick Patching of Fortinet Vulnerability Amid Ongoing Exploits
CISA has mandated U.S. government agencies to patch a critical vulnerability in Fortinet’s FortiWeb web application firewall within seven days due to its exploitation in zero-day attacks.
Key Points:
CISA identifies a critical OS command injection flaw (CVE-2025-58034) in Fortinet’s FortiWeb.
Agencies have until November 25 to secure their systems or risk significant breaches.
The flaw allows authenticated attackers to execute unauthorized code with low effort.
CISA recently added this vulnerability to its Known Exploited Vulnerabilities Catalog.
Fortinet products have faced numerous exploits, including those by foreign and cybercriminal entities.
CISA (Cybersecurity and Infrastructure Security Agency) has issued a warning for U.S. federal agencies to act swiftly on a newly discovered vulnerability in Fortinet’s FortiWeb firewall. This flaw, categorized as CVE-2025-58034, poses a serious risk as it allows authenticated attackers to perform OS command injections, potentially resulting in unauthorized code execution. Given the existing landscape of malicious cyber activities, CISA requires agencies to patch this vulnerability by November 25, highlighting the urgency of remediation due to its vulnerability status in their Known Exploited Vulnerabilities Catalog.
The concern arises from the nature of this vulnerability, which is particularly dangerous because it requires minimal interaction from users and can be exploited relatively easily by threats already posing a significant danger to federal entities. Historical data indicates that Fortinet vulnerabilities have been widely exploited, particularly targeted by sophisticated attackers in espionage and ransomware campaigns. Agencies must prioritize addressing these security shortcomings to safeguard their systems against increasing cyber threats, especially given the backdrop of previous attacks that have leveraged Fortinet’s security flaws.
What steps should organizations take to ensure they are prepared for potential vulnerabilities in their cybersecurity systems?
Learn More: Bleeping Computer