Friday , July 10 2026

Alert

Critical FortiGate Vulnarability Under Active Attack

Critical

Threat actors started to exploit two critical flaws (CVE: 2025-59718 and CVE: 2025-59719 in Fortinet FortiGate devices. Unauthenticated attackers can exploit these vulnerabilities to bypass SSO login protections using crafted SAML messages when FortiCloud SSO is enabled on affected devices. December 12, 2025, Arctic Wolf identified coordinated attacks using malicious …

Read More »

Apple Patches Two Critical WebKit Zero-Days Under Active Exploitation

WebKit

Apple has urgently patched two critical zero-day vulnerabilities in the WebKit browser engine affecting iPhone and iPad users. The company revealed these flaws are actively exploited, enabling advanced attacks on high-risk targets. Vulnerabilities CVE-2025-43529 and CVE-2025-14174 let attackers run malicious code if a victim visits a specific web page. WebKit …

Read More »

Alert: CISA orders feds to patch actively exploited Geoserver flaw urgently

Geoserver

CISA has ordered U.S. federal agencies to fix a serious GeoServer vulnerability that is currently being exploited in XML External Entity (XXE) injection attacks. CISA reported a security flaw (CVE-2025-58360) on Thursday, an unauthenticated XML External Entity (XXE) vulnerability in GeoServer 2.26.1 and earlier versions. This open-source server for geospatial …

Read More »

India-based CCTV cameras flaw allow attacker stealing video feeds, credentials

CCTV

A severe security flaw has been revealed in various CCTV camera brands in India. This vulnerability enables attackers to access video feeds and steal login information without needing to authenticate. CISA issued an alert on December 9, 2025, with code ICSA-25-343-03. Identifying threats from D-Link India Limited, Sparsh Securitech, and …

Read More »

MBJob Scam Impersonates BGD e-GOV CIRT to Extort Money

MBJob

Bangladesh’s BGD e-GOV CIRT has issued a warning about a major online scam linked to MBJob / MBJOB.CC which impersonate them. This scam uses Facebook and WhatsApp, foreign phone numbers, and mobile financial services to deceive users. CIRT states that scammers are spreading fake notices about “account activation fees,” “verification …

Read More »

SAP fixes 3 critical vulns across multiple products

3

SAP’s December security updates have fixed 14 vulnerabilities in various products, including 3 critical ones. CVE-2025-42880, a code injection flaw with a CVSS score of 9.9, is the most critical issue affecting SAP Solution Manager ST 720. “Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to …

Read More »

FortiOS, FortiWeb, and FortiProxy Vuln Allow Bad Actors Bypass FortiCloud SSO Flaw

FortiProxy

Fortinet released security updates for critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could let attackers bypass FortiCloud SSO authentication. Threat actors can exploit the security flaws CVE-2025-59718 and CVE-2025-59719 by taking advantage of weaknesses in cryptographic signature verification in affected products using a malicious SAML message. Fortinet stated …

Read More »

Microsoft patched 3 zero days with 56 vulns in December 2025 Patch Tuesday

56

Microsoft’s last Patch Tuesday updates of 2025 on December fixed 56 vulnerabilities in Windows, Office, Exchange Server, and more. This update addresses 3 serious security issues: two remote code execution problems that have been made public and one vulnerability that allows attackers to gain elevated permissions. Several critical issues are …

Read More »

30 orgs breach vi React2Shell flaw, 77k IP addresses vulnerable

React2Shell

More than 77,000 IP addresses online are at risk from the serious React2Shell remote code execution flaw (CVE-2025-55182). Researchers report that attackers have already breached over 30 organizations in various sectors. React2Shell is a vulnerability that allows unauthorized remote code execution with just one HTTP request. It affects all frameworks …

Read More »

1,20,000 IP cameras hacked; Home video sold for porn site: Suspect arrested

120,000 IP cameras

The Korean National Police arrested suspected four people for hacking over 120,000 IP cameras and selling the footage to a foreign adult website. Police are acting against the operators of the illegal content despite not revealing the suspects or websites, through international cooperation. “The National Office of Investigation announced that …

Read More »