Thursday , May 8 2025
zero day day

Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack

Fortinet customers must apply the latest updates, as almost 50,000 management interfaces remain vulnerable to the latest zero-day exploit.

The Shadowserver Foundation reports that 48,457 Fortinet devices remain publicly exposed and unpatched for CVE-2024-55591, despite urgent warnings in the last week.

CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization...
Read More
CVE-2025-29824  Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day

Hacker exploited Samsung MagicINFO 9 Server RCE flaw

Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices...
Read More
Hacker exploited Samsung MagicINFO 9 Server RCE flaw

CISA adds Langflow flaw to its KEV catalog

CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool...
Read More
CISA adds Langflow flaw to its KEV catalog

Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS...
Read More
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has...
Read More
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition

xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter

A major security issue happened at Elon Musk’s AI company, xAI, when a developer accidentally posted a private API key...
Read More
xAI Dev Leaks API Key for Private SpaceX, Tesla & Tweeter

SonicWall Exploit Chain Exposes Admin Hijack Risk via 2 CVEs

A new exploit chain for SonicWall's Secure Mobile Access (SMA) appliances has been released by watchTowr Labs. It details how...
Read More
SonicWall Exploit Chain Exposes Admin Hijack Risk via 2 CVEs

TikTok fined €530 million for sending E.U. Data to China

Ireland's Data Protection Commission fined TikTok €530 million ($601 million) on Friday for violating data protection laws by transferring European...
Read More
TikTok fined €530 million for sending E.U. Data to China

Microsoft New Accounts Go Passwordless By Default

Microsoft is focusing on eliminating password-based authentication, promoting passwordless sign-in and sign-up methods instead. For the past decade, Microsoft has...
Read More
Microsoft New Accounts Go Passwordless By Default

SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances

SonicWall's Product Security Incident Response Team (PSIRT) has released a critical update for its SMA1000 series appliances due to a...
Read More
SonicWall Patched for SSRF Vulnerability in SMA1000 Appliances
Source: The Shadowserver Foundation

The situation hasn’t improved. Shadowserver started tracking exposed devices on January 16, two days after the zero-day CVE identifier was released, and found nearly 52,000 vulnerable instances.

Asia has the highest number of vulnerable firewalls accessible online, totaling 20,687, followed by North America with 12,866 and Europe with 7,401.

The register said, Last week Arctic Wolf Labs’ lead threat intelligence researcher Stefan Hostetler said exploits have been widespread, opportunistic, and date back to December.

He added that once they’ve pwned their target, attackers appear to be stealing credentials and using them to worm their way through the victim’s network with admin privileges. The rest of the details are still being gathered, but – needless to say – an intruder with admin access is not a welcome addition to the network.

“What we can say is that ransomware is not off the table,” Hostetler said, citing similar tactics used in the past by the likes of Akira and Fog.

Fortinet’s advisory provides details on upgrading to a safe version of FortiOS and FortiProxy or implementing a temporary workaround.

Recommended actions include:

Upgrade Firmware: Update to FortiOS 7.0.17 or newer and FortiProxy 7.2.13 or newer.

Restrict Access: Disable HTTP/HTTPS administrative interfaces or limit access to trusted IP addresses using local-in policies.

Monitor Networks: Review indicators of compromise (IoCs), such as unauthorized account creation or changes to firewall configurations.

Source: theregister, cybersecuritynews, the Shadowserver Foundation

OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025

Check Also

Google

Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers

Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has …

Leave a Reply

Your email address will not be published. Required fields are marked *