Alert

Threat researchers found a sophisticated attack campaign aimed at FortiWeb firewalls worldwide, using the Sliver C2 framework for ongoing access and hidden proxy setups. Analyzing exposed Silver C2 databases and logs during open-directory threat hunting on Censys revealed a coordinated attack exploiting vulnerabilities in outdated FortiWeb devices. The threat actor …

Over 10,000 Fortinet firewalls globally are still vulnerable to CVE-2020-12812, a flaw that allows bypassing multi-factor authentication (MFA) and was revealed over five years ago. Shadowserver added this issue to its daily Vulnerable HTTP Report. CVE-2020-12812 is due to inadequate authentication in FortiOS SSL VPN portals, impacting versions 6.4.0, 6.2.0 …

BGD e-GOV CIRT found 80 insecure MongoDB databases in Bangladesh exposed online, affected by the CVE-2025-14847 vulnerability (MongoBleed). This critical flaw allows remote attackers to access sensitive server data when zlib compression is enabled. MongoDB is often used to store personal, financial, and operational information. This exposure poses significant risks …

The RondoDox botnet is using the serious React2Shell vulnerability (CVE-2025-55182) to infect unprotected Next.js servers with malware and cryptominers. RondoDox, a large-scale botnet first reported by Fortinet in July 2025, targets various n-day vulnerabilities in global attacks. In November, VulnCheck discovered new variants of RondoDox that exploit the critical remote …

Fortinet warns that a three-year-old vulnerability allows attackers to bypass 2FA on FortiGate firewalls by merely altering the capitalization of usernames. The vulnerability FG-IR-19-283 (CVE-2020-12812) was reported and fixed in July 2020. Recently, it has been noted that attackers are exploiting this flaw in organizations that haven’t addressed specific configurations. …

Security researchers found at least 120 Cisco Secure Email Gateway and Cisco Secure Email and Web Manager devices vulnerable to a critical zero-day flaw that is being actively exploited. CVE-2025-20393 is a vulnerability with no patch available, putting organizations at risk. Threat intelligence from Shadowserver Foundation indicates that vulnerable devices …

A simple Python script to help organizations quickly detect exposure to CVE-2025-20393, a critical zero-day vulnerability in Cisco Secure Email Gateway (SEG) and Secure Malware Analytics (SMA). The “Cisco SMA Exposure Check” tool identifies open ports and services exploited in recent attacks, as noted in Cisco’s advisory. GitHub user StasonJatham …

GreyNoise reported that login attempts on GlobalProtect portals surged to 1.7 million over 16 hours, targeting various VPNs, including Palo Alto Networks GlobalProtect and Cisco SSL VPN. Data revealed that over 10,000 unique IP addresses targeted infrastructure in the United States, Mexico, and Pakistan. The malicious traffic originated almost entirely …

Hewlett Packard Enterprise (HPE) has fixed a critical vulnerability in its OneView software that allowed remote code execution. OneView is HPE’s software for managing infrastructure, helping IT admins streamline server, storage, and network management. Vietnamese researcher Nguyen Quoc Khanh (brocked200) reported the critical security flaw (CVE-2025-37164) to the company’s security …

Cisco warned customers maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. This yet-to-be-patched zero-day (CVE-2025-20393) affects only Cisco SEG and Cisco SEWM appliances with non-standard configurations, when the Spam Quarantine feature is enabled and exposed on the …