Alert

Cisco has revealed a serious remote code execution vulnerability in its Secure Firewall Management Center (FMC) Software. This flaw, identified as CVE-2025-20265 and rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands with high privileges. It poses a significant threat to organizations using affected FMC versions with …

Adobe’s August 2025 Patch Tuesday updates fix over 60 vulnerabilities in 3D design, content creation, publishing, and other products. The software giant has released 13 new advisories, including five for vulnerabilities in Substance 3D products: Viewer, Modeler, Painter, Sampler, and Stager. Adobe fixed critical code execution vulnerabilities and several medium-severity …

Fortinet warns customers of a critical security flaw in FortiSIEM which it said there exists an exploit in the wild. CVE-2025-25256 is a critical vulnerability with a CVSS score of 9.8 out of 10. “An improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability [CWE-78] …

An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns. The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in recent months, raising concerns about potential zero-day vulnerabilities and sophisticated …

Microsoft’s August 2025 Patch Tuesday features security updates for 107 vulnerabilities, including a zero-day flaw in Windows Kerberos. This Patch Tuesday addresses thirteen “Critical” vulnerabilities: nine related to remote code execution, three for information disclosure, and one for elevation of privileges. The number of bugs in each vulnerability category is …

In early August 2025, cybersecurity teams in Türkiye detected a new Java-based loader that avoided detection by all public sandboxes, antivirus programs, and enterprise EDR/XDR systems. A phishing campaign, known as SoupDealer, emerged, distributing a three-stage loader through files like TEKLIFALINACAKURUNLER.jar. The initial .jar file, deployed via spearphishing, reveals its …

ESET researchers found a zero-day vulnerability in WinRAR for Windows, tracked as CVE-2025-8088, which has been used to run malicious code on victims’ computers. With a CVSS v3.1 score of 8.4, this flaw lets attackers manipulate extraction processes and place harmful files in the wrong system areas. Vulnerable versions of …

More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported by The Shadowserver Foundation on August 7, 2025. CISA’s Emergency Directive 25-02 on August 7 requires federal agencies to fix a critical vulnerability in Microsoft Exchange hybrid setups by 9:00 …

Google has unveiled its best practices aimed at thwarting dangling bucket takeovers, encouraging developers to fortify their cloud environments. The tech giant is sounding the alarm about dangling bucket attacks, a vulnerability that arises when developers remove a storage bucket while still having references to it lingering in application code, …

Google’s August 2025 Android Security Bulletin addresses several vulnerabilities. Notably, CVE-2025-21479 and CVE-2025-27038 were exploited before the release. There’s also CVE-2025-21480, a serious Qualcomm issue revealed in June 2025. CVE-2025-21479 and CVE-2025-27038 have high CVSS scores of 8.6 and 7.5, indicating serious vulnerabilities. CVE-2025-21480 also scored 8.6 and is under …