Fortinet warned on Friday about a vulnerability in FortiWeb that lets remote, unauthenticated attackers gain admin access to web application firewalls. The bug, labeled CVE-2025-64446 with a CVSS score of 9.1, is a path traversal vulnerability, allowing attackers to run admin commands through specially crafted HTTP or HTTPS requests. Fortinet noted, …
Read More »CVE-2025-64446
Palo Alto PAN-OS Firewall Vuln Allow Attackers Reboot Firewall
Palo Alto Networks unveils a critical vulnerability in its PAN-OS firewall software that lets unauthenticated attackers remotely restart firewalls by sending specific packets. CVE-2025-4619 is a critical vulnerability that threatens organizations using Palo Alto firewalls for network security. The flaw, identified as CWE-754 (Improper Check for Unusual or Exceptional Conditions), …
Read More »Hacker exploited Cisco ISE and Citrix flaws in zero-day attacks
Amazon’s threat intelligence team discovered that attacker exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. This campaign utilized custom malware and showed access to various hidden vulnerabilities, indicating a trend where attackers target essential identity and network access controls. Amazon’s MadPot honeypot service identified …
Read More »QNAP Patched 7 Zero-Days Exploited at Pwn2Own 2025
QNAP has urgently advised users and released patches for seven zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 competition, affecting their NAS devices. These patches address critical flaws in the core operating systems and key applications, such as backup and malware removal tools. Top security research teams, including Summoning Team, …
Read More »“Herodotus” Android Banking Malware Attacks Evading Traditional Antivirus
A new Android banking Trojan called Herodotus has emerged recently. It is offered as Malware-as-a-Service (MaaS) and pretends to be a legitimate app to trick users into installing an APK. After installation, it requests sensitive permissions and can control the device for banking transactions. A modern mobile attack, yet once …
Read More »Samsung Galaxy Hijacked via 0-Day Exploit Using Single WhatsApp Image
Security researchers found Android spyware that targeted Samsung Galaxy phones for almost a year. Researchers at Palo Alto Networks’ Unit 42 said the spyware, which they call “Landfall,” was first detected in July 2024 and relied on exploiting a security flaw in the Galaxy phone software that was unknown to …
Read More »Cisco Warns Actively Exploiting ASA and FTD 0-day RCE Vuln
Cisco alerted the customer that hackers are exploiting a serious remote code execution flaw in its Secure Firewall ASA and Threat Defense software. First disclosed on September 25, 2025, the vulnerability tracked as CVE-2025-20333 poses a severe risk to organizations relying on these firewalls for VPN access. With a CVSS …
Read More »Critical Cisco UCCX flaw allows attackers to execute commands as root
Cisco has issued security updates to fix a critical vulnerability in the Unified Contact Center Express (UCCX) software that could allow attackers to gain root access. The Cisco UCCX platform, described by the company as a “contact center in a box,” is a software solution for managing customer interactions in …
Read More »HackedGPT: 7 New Vulns in GPT-4o and GPT-5 Enables 0-Click Attacks
Tenable researchers found 7 new vulnerabilities in OpenAI’s ChatGPT, putting users at risk of data theft and safety breaches through new attacks on AI systems dubbed HackedGPT. Flaws known as HackedGPT were found during testing of OpenAI’s ChatGPT-4o and some persist in ChatGPT-5. OpenAI has fixed some issues, but others …
Read More »BIND9 DNA Cache poisoning impact 267 IPs in Bangladesh
BIND9 DNA Cache poisoning impact 267 IPs in Bangladesh via CVE: 2025-40778. The high severity flaw can allow remote attackers to inject forged DNS records into resolver caches. BGD e-GOV CIRT published an advisory stating all organizations operating BIND 9 resolvers in Bangladesh (ISPs, data centers, government, enterprises) must upgrade …
Read More »
InfoSecBulletin Cybersecurity for mankind