Friday , July 10 2026

Vulnerabilities

GitLab Releases Patch (CVE-2025-0314) for XSS Exploit

XSS

GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues. The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via “improper rendering of certain file types” …

Read More »

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

zero day day

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit. The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week. The situation hasn’t improved. Shadowserver started tracking exposed devices …

Read More »

Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS

Azure DevOps

Security researchers have found several vulnerabilities in Azure DevOps that could enable attackers to inject CRLF queries and carry out DNS rebinding attacks. Binary Security found serious security risks in a widely used development platform during a client engagement. The first vulnerability in Azure DevOps’ ‘endpointproxy’ feature enables Server-Side Request …

Read More »

AWS Patches Multiple Vulns in WorkSpaces, AppStream 2.0

WorkSpaces

Amazon Web Services (AWS) has recently fixed two major security vulnerabilities in its cloud services: Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV (Desktop Cloud Visualization). Vulnerabilities CVE-2025-0500 and CVE-2025-0501 could let attackers conduct man-in-the-middle attacks and access remote sessions without permission. CVE-2025-0500 impacts certain versions of Amazon WorkSpaces native …

Read More »

Botnet Exploits 13,000 MikroTik Devices Abusing Misconfigured DNS

Botnet

A recent Infoblox Threat Intel report reveals a sophisticated botnet that exploits DNS misconfigurations to spread malware widely. This botnet, made up of about 13,000 compromised MikroTik devices, uses fake sender domains and malicious emails to deliver trojan malware and engage in other harmful activities. According to the report, “This …

Read More »

CVE-2024-9042
Code Execution Vulnerability Found in Kubernetes Windows Nodes

Kubernetes

A new security flaw traced, CVE-2024-9042, poses a serious risk to Kubernetes clusters with Windows worker nodes. It has a Medium rating and a CVSS v3.1 score of 5.9, allowing attackers to execute commands on the host machine through the node’s /logs endpoint. A vulnerability in the Kubelet component of …

Read More »

Hacker leaked 15k config files and VPN passwords of FortiGate firewall device

FortiGate firewall

The hacking group “Belsen Group” has posted over 15,000 unique FortiGate firewall configurations online. The data dump, reportedly obtained by exploiting a zero-day vulnerability in Fortinet’s systems in October 2022, contains sensitive information including usernames, passwords (some in plain text), device management certificates, and complete firewall rules. “At the beginning of …

Read More »

Millions of Accounts Vulnerable due to Google’s OAuth Flaw

Google

A critical flaw in Google’s “Sign in with Google” system has put millions of Americans at risk of data theft. This vulnerability primarily impacts former employees of startups that have shut down. Truffle Security identifies that the issue arises from how Google’s OAuth login handles changes in domain ownership. When …

Read More »

Facebook awards researcher $100,000 to find bug allowing internal access

researcher

In October 2024, security researcher Ben Sadeghipour discovered a vulnerability in Facebook’s ad platform that allowed him to run commands on its internal server, giving him control over it. After Sadeghipour reported the vulnerability to Meta, Facebook’s parent company, it was fixed within an hour, and he received a $100,000 …

Read More »

CISA warns of critical Oracle, Mitel flaws active exploitation

CISA has urgent warnings for organizations regarding three security flaws in Mitel and Oracle systems that are currently being exploited. These vulnerabilities have been added to CISA’s Known Exploited Vulnerabilities catalog and pose major risks to federal agencies and businesses. Two vulnerabilities impact Mitel MiCollab, a widely used unified communications …

Read More »