Friday , April 18 2025

Alert

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

symlink

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …

Read More »

Patch now! Critical Erlang/OTP SSH Vuln Allows UCE

OTP

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run code without authentication under specific conditions. The vulnerability CVE-2025-32433 has a maximum CVSS score of 10.0. “The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute …

Read More »

CISA warns of increasing risk tied to Oracle legacy Cloud leak

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the serious threat to enterprise networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the risks of using embedded or reused credentials.. The agency noted that while …

Read More »

Apple released emergency security updates for 2 zero-day vulns

Apple

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly sophisticated attacks targeting a few iOS users. The vulnerabilities CVE-2025-31200 and CVE-2025-31201 allow for code execution and bypass mitigation on Apple’s iOS, iPadOS, and macOS platforms. Apple acknowledged a report …

Read More »

Oracle Released Patched for 378 flaws for April 2025

378 flaws

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers databases, middleware, cloud services, and communication applications essential for global financial institutions, telecom providers, and cloud-native platforms. Key Highlights: Oracle Communications Applications had 42 new security updates, including 35 vulnerabilities …

Read More »

CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild

hackers

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using specially crafted .library-ms files. Microsoft patched this vulnerability on March 11, 2025. It affects all supported Windows versions and has been weaponized less than two weeks after its disclosure. The …

Read More »

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs ends today, potentially disrupting the global cybersecurity industry. CVE, the more important of the two, is managed by MITRE with support from the U.S. National Cyber Security …

Read More »

Australian Cyber Security Centre Alert for Fortinet Products

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public sectors about ongoing exploitation of known vulnerabilities following a new advisory highlighting the exploitation of previously known vulnerabilities in Fortinet products. Organizations are urged to take immediate action. Fortinet has detected that attackers are exploiting …

Read More »

CISA Releases Ten Industrial Control Systems Advisories

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems. Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting …

Read More »