Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used in enterprises. Identified as CVE-2025-25257, this high-severity issue is an unauthenticated SQL injection flaw that lets remote attackers run unauthorized SQL commands through specially crafted HTTP or HTTPS requests. “An …
Read More »CVE-2025-25257
Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws
Microsoft’s Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server. The extensive nature of these updates brings relief to defenders and anxiety to users needing to secure their operations. This analysis emphasizes key points, the associated risks, and the implications …
Read More »Android malware Anatsa infiltrates Google Play targeting banks worldwide
ThreatFabric researchers have discovered a new sophisticated campaign by the Anatsa banking trojan targeting mobile banking users in the U.S. and Canada. This is the malware’s third major attack on North American financial institutions. The latest campaign marks a serious increase in threats, as cybercriminals have breached the official Google …
Read More »CISA Adds Four Critical Active Exploiting Vulns to KEV
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog on Monday due to evidence of active exploitation. The list of flaws is as follows: CVE-2014-3931 (CVSS score: 9.8) A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory …
Read More »
Change Your Password Now
Billions Of Gmail And Outlook Users At Risk
eSentire Threat Response Unit confirms that email accounts are heavily targeted. The report states that identity-driven threats rose 156% from 2023 to 2025, now making up 59% of threat cases in Q1 2025. This increase is fueled by Cybercrime-as-a-Service, particularly Phishing-as-a-Service, which attackers can access for as little as $200 …
Read More »IBM X-Force Reveals Azure Arc Flaws
IBM X-Force has analyzed Microsoft Azure Arc, revealing how this hybrid-cloud management tool can pose risks for code execution, privilege escalation, and stealthy persistence. This study began when IBM’s red team found a hardcoded Azure Service Principal secret in a PowerShell script, prompting a closer look at Azure Arc’s operations …
Read More »Scattered Spider Actively Attacking Aviation and Transportation: FBI
Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a significant increase in their activities. The FBI has announced that the cybercriminal group UNC3944 is now targeting the airline industry using advanced social engineering to attack major carriers. This alert …
Read More »Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access
Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow unauthorized users to run commands as the root user. The vulnerabilities CVE-2025-20281 and CVE-2025-20282 both have a CVSS score of 10.0. CVE-2025-20281: An unauthenticated remote code execution …
Read More »Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543
Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543 has a CVSS score of 9.2, indicating high severity. It’s a memory overflow issue that may cause control flow errors and denial-of-service. To exploit it, the appliance must be set …
Read More »Hacker Target 70+ Microsoft Exchange Servers to Steal Credentials with Keyloggers
Unidentified hackers are targeting exposed Microsoft Exchange servers to inject harmful code into login pages and steal credentials. Positive Technologies published an analysis last week revealing two types of JavaScript keylogger code on the Outlook login page. Those that save collected data to a local file accessible over the internet …
Read More »
InfoSecBulletin Cybersecurity for mankind