Fortinet Releases Security Updates for Multiple Products

Fortinet has released security updates for various products, including OS and FortiProxy, to fix vulnerabilities that could allow a cyber threat actor to take control of a system.

CISA encourages users and administrators to take the following steps for enhanced security:

• Cyber Attack

Russia detects first SuperCard malware attacks via NFC

By infosecbulletin / Wednesday , June 18 2025

Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...

Read More

• Cyber Attack
• Data Breach

Income Property Investments exposes 170,000+ Individuals record

By infosecbulletin / Tuesday , June 17 2025

Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs

By infosecbulletin / Tuesday , June 17 2025

GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...

Read More

• Alert
• Vulnerabilities

CISA Flags Active Exploits in Apple iOS and TP-Link Routers

By infosecbulletin / Tuesday , June 17 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...

Read More

• Data Breach

10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online

By infosecbulletin / Monday , June 16 2025

SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...

Read More

• Cyber Attack
• Data Breach

Canada 2nd largest airlines “WestJet” investigates cyberattack disrupting internal systems

By infosecbulletin / Sunday , June 15 2025

WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...

Read More

• Cyber Attack
• Data Breach
• International

Paraguay 7.4 Million Citizen Records Leaked on Dark Web

By infosecbulletin / Saturday , June 14 2025

Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...

Read More

• Vulnerabilities

High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation

By infosecbulletin / Friday , June 13 2025

HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...

Read More

• Cyber Attack
• Data Breach

SoftBank: Over 137,000 personal info leaked

By infosecbulletin / Friday , June 13 2025

SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...

Read More

• Alert
• Vulnerabilities

Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code

By infosecbulletin / Friday , June 13 2025

Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...

Read More

FR-IR-23-345 FortiClientMac – Lack of configuration file validation:

An external control of file name or path vulnerability [CWE-73] in FortiClientMac’s installer may allow a local attacker to execute arbitrary code or commands via writing a malicious configuration file in /tmp before starting the installation process.

FG-IR-23-493 FortiOS & FortiProxy – Administrator cookie leakage

FG-IR-23-087 FortiClient Linux – Remote Code Execution due to dangerous nodejs configuration:

An Improper Control of Generation of Code (‘Code Injection’) vulnerability [CWE-94] in FortiClientLinux may allow
an unauthenticated attacker to execute arbitrary code via tricking a FortiClientLinux user into visiting a malicious website.