Alert

The Federal Bureau of Investigation (FBI) is warning the public, private sector, and international community of the threat posed to computer networks and critical infrastructure by cyber actors attributed to the Russian Federal Security Service’s (FSB) Center 16. The FBI detected Russian FSB cyber actors exploiting Simple Network Management Protocol …

Apple has issued urgent security updates to fix a zero-day vulnerability that is being actively exploited, warning that attackers may have used it in targeted campaigns. CVE-2025-43300 is a flaw in Apple’s Image I/O framework that allows out-of-bounds writing, affecting how applications manage common image file formats. According to Apple’s …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the critical Trend Micro Apex One vulnerability, CVE-2025-54948, in its Known Exploited Vulnerabilities (KEV) Catalog due to active exploitation. Trend Micro Apex One is a popular endpoint security platform that detects and responds to malware and other security threats. However, …

F5 Networks has revealed a new HTTP/2 vulnerability impacting several BIG-IP products, which could enable remote attackers to conduct denial-of-service attacks on corporate networks. The security flaw named CVE-2025-54500, known as the “HTTP/2 MadeYouReset Attack,” was announced on August 13, 2025, with updates on August 15. The vulnerability exploits malformed …

Researchers have identified a new Crypto24 ransomware campaign, which they describe as a “dangerous evolution” in cybersecurity threats. According to Trend Micro researchers, recent attacks by Crypto24 actors display a combination of advanced evasion techniques and custom tools that can disable EDR solutions — including Trend Micro’s own Vision One …

Cisco has revealed a serious remote code execution vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw, identified as CVE-2025-20265 and rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands with high privileges. It poses a significant threat to organizations using affected FMC versions with …

Adobe’s August 2025 Patch Tuesday updates fix over 60 vulnerabilities in 3D design, content creation, publishing, and other products. The software giant has released 13 new advisories, including five for vulnerabilities in Substance 3D products: Viewer, Modeler, Painter, Sampler, and Stager. Adobe fixed critical code execution vulnerabilities and several medium-severity …

Fortinet warns customers of a critical security flaw in FortiSIEM which it said there exists an exploit in the wild. CVE-2025-25256 is a critical vulnerability with a CVSS score of 9.8 out of 10. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] …

An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns. The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in recent months, raising concerns about potential zero-day vulnerabilities and sophisticated …

Microsoft’s August 2025 Patch Tuesday features security updates for 107 vulnerabilities, including a zero-day flaw in Windows Kerberos. This Patch Tuesday addresses thirteen “Critical” vulnerabilities: nine related to remote code execution, three for information disclosure, and one for elevation of privileges. The number of bugs in each vulnerability category is …