Friday , July 10 2026

Alert

Hackers To Attack Fortinet SSL VPN From 780 unique IPs

Fortinet SSL VPN

An unprecedented surge in brute-force attacks targeting Fortinet SSL VPN infrastructure, with over 780 unique IP addresses participating in coordinated assault campaigns. The August 3rd attack represents the highest single-day volume recorded on GreyNoise’s Fortinet SSL VPN Bruteforcer tag in recent months, raising concerns about potential zero-day vulnerabilities and sophisticated …

Read More »

Microsoft August 2025 Patch Tuesday fixed 1 zero-day, 107 flaws

August 2025

Microsoft’s August 2025 Patch Tuesday features security updates for 107 vulnerabilities, including a zero-day flaw in Windows Kerberos. This Patch Tuesday addresses thirteen “Critical” vulnerabilities: nine related to remote code execution, three for information disclosure, and one for elevation of privileges. The number of bugs in each vulnerability category is …

Read More »

SoupDealer Malware Bypasses Every Sandbox, AV’s, XDR/EDR in Real-World Incidents

EDR/XDR

In early August 2025, cybersecurity teams in Türkiye detected a new Java-based loader that avoided detection by all public sandboxes, antivirus programs, and enterprise EDR/XDR systems. A phishing campaign, known as SoupDealer, emerged, distributing a three-stage loader through files like TEKLIFALINACAKURUNLER.jar. The initial .jar file, deployed via spearphishing, reveals its …

Read More »

WinRAR Zero-Day and 7-Zip Vulnerability actively exploited

WinRAR

ESET researchers found a zero-day vulnerability in WinRAR for Windows, tracked as CVE-2025-8088, which has been used to run malicious code on victims’ computers. With a CVSS v3.1 score of 8.4, this flaw lets attackers manipulate extraction processes and place harmful files in the wrong system areas. Vulnerable versions of …

Read More »

28,000+ Microsoft Exchange Servers Exposed Online for CVE-2025-53786

Microsoft

More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported by The Shadowserver Foundation on August 7, 2025. CISA’s Emergency Directive 25-02 on August 7 requires federal agencies to fix a critical vulnerability in Microsoft Exchange hybrid setups by 9:00 …

Read More »

Google alerts of cloud storage bucket hijacking attacks

bucket

Google has unveiled its best practices aimed at thwarting dangling bucket takeovers, encouraging developers to fortify their cloud environments. The tech giant is sounding the alarm about dangling bucket attacks, a vulnerability that arises when developers remove a storage bucket while still having references to it lingering in application code, …

Read More »

CVE-2025-21479 and 27038 Actively Exploited, Google Issues Patches

Google

Google’s August 2025 Android Security Bulletin addresses several vulnerabilities. Notably, CVE-2025-21479 and CVE-2025-27038 were exploited before the release. There’s also CVE-2025-21480, a serious Qualcomm issue revealed in June 2025. CVE-2025-21479 and CVE-2025-27038 have high CVSS scores of 8.6 and 7.5, indicating serious vulnerabilities. CVE-2025-21480 also scored 8.6 and is under …

Read More »

CVE-2025-54948
Trend Micro alerts of Apex One zero-day exploited in attacks

Apex One

Trend Micro warned customers to quickly secure their systems due to a remote code execution vulnerability in its Apex One endpoint security platform that is currently being exploited. Apex One is an endpoint security platform designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities. The …

Read More »

Bangladeshi gov.t/law enforcement email accounts compromised

Bangladeshi

A coordinated phishing campaign has been uncovered targeting critical Bangladeshi infrastructure — particularly government organizations and law enforcement agencies. This attack leveraged compromised official email credentials to distribute fraudulent emails containing malicious attachments and deceptive login pages reported by BGD e-Gov CIRT. 📌 Key Attack Techniques: Email Spoofing Using Trusted …

Read More »

Dell Laptop PCs 100+ models affected through “ReVault” attack

Dell Laptop

More than 100 Dell laptop models in the Latitude and Precision series are vulnerable due to five common security issues affecting their firmware and Microsoft Windows APIs, according to a Cisco Talos report. Talos researchers named the vulnerabilities ReVault. They allow an attacker to keep access to a victim’s device …

Read More »