Vulnerabilities

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …

A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run code without authentication under specific conditions. The vulnerability CVE-2025-32433 has a maximum CVSS score of 10.0. “The vulnerability allows an attacker with network access to an Erlang/OTP SSH server to execute …

On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the serious threat to enterprise networks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about the risks of using embedded or reused credentials.. The agency noted that while …

Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE) via malicious meeting invite links. The flaw, known as CVE-2025-20236, has a CVSS score of 8.8 and affects several versions of the Cisco Webex desktop application. “A vulnerability in the …

On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly sophisticated attacks targeting a few iOS users. The vulnerabilities CVE-2025-31200 and CVE-2025-31201 allow for code execution and bypass mitigation on Apple’s iOS, iPadOS, and macOS platforms. Apple acknowledged a report …

On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers databases, middleware, cloud services, and communication applications essential for global financial institutions, telecom providers, and cloud-native platforms. Key Highlights: Oracle Communications Applications had 42 new security updates, including 35 vulnerabilities …

Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using specially crafted .library-ms files. Microsoft patched this vulnerability on March 11, 2025. It affects all supported Windows versions and has been weaponized less than two weeks after its disclosure. The …

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems. Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting …

Fortinet has fixed several vulnerabilities in its products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiVoice, FortiWeb, and FortiSwitch. The vulnerabilities include improper log handling, unverified password changes, and weak credential protection. The company has released patches and strategies to protect users from possible exploitation. Insufficiently Protected Credentials Vulnerability in FortiOS: A …

Microsoft’s April security update, released on Tuesday, addressed 121 vulnerabilities, marking the largest patch for the year. Despite a high number of bulletins, Microsoft addressed only one zero-day flaw this month, down from seven last month. It remains a top priority for IT to patch. CVE-2025-29824 is a privilege escalation …