Hot Topic

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs ends today, potentially disrupting the global cybersecurity industry. CVE, the more important of the two, is managed by MITRE with support from the U.S. National Cyber Security …

PwC has ceased operations in more than a dozen countries that its global bosses have deemed too small, risky or unprofitable, as it seeks to avoid a repeat of scandals that have plagued the accounting network. The Big Four accounting firm, which operates as a global network of locally owned …

A threat actor is reportedly advertised to sell a zero-day exploit for Fortinet’s FortiGate firewalls on a dark web forum. The exploit claims allow attackers to remotely execute code and access configurations on FortiOS without needing credentials, potentially taking control of vulnerable devices. Cybersecuritynews reported the forum post observed by …

RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios on various VulnHub systems, achieving root access in under a minute. Configuration: Setting Up Your OpenAI API Key: To use RamiGPT, you need an OpenAI API key. Here’s how to …

OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities in its systems and products. The new bounty program is part of OpenAI’s broader security efforts, which also include funding research projects, ongoing adversarial testing, and collaboration with open-source software …

Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits. They seek $500K for one-click RCE, $1.5M for zero-click RCE, and $4M for a full-chain exploit that can fully compromise a device. The firm only sells exploits to the Russian government and local companies. We …

WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware following reports from security researchers at the University of Toronto’s Citizen Lab. The company addressed the attack vector late last year “without the need for a client-side fix” and decided not to assign a CVE-ID after “reviewing …

11 nation-state groups from North Korea, China, and Russia are exploiting a vulnerability in a common feature of Microsoft Windows. Researchers at the Zero Day Initiative (ZDI) have found several campaigns exploiting the bug in Windows shortcut (.lnk) files, dating back to 2017. Microsoft hasn’t assigned a CVE number, but …