Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, the FortiGate. Imagine please that we inserted a
Cisco fixed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code.
Critical SonicWall zero-day (CVE-2025-23006) in SMA 1000 appliances fixed. Rated 9.8 CVSS; patch now to prevent active exploitation.
A new proof-of-concept (PoC) has been released for Microsoft Outlook zero-click remote code execution (RCE) vulnerability in Windows Object Linking and Embedding (OLE), identified as CVE-2025-21298.
A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives.
Plus: Excel hell, angst for Adobe fans, and life's too Snort for Cisco
LDAPNightmare PoC exploit crashes Windows Servers via CVE-2024-49113. Patch or monitor CLDAP responses to prevent DoS.
vulnerability on all Windows Workstation and Server versions from Windows 7 and Server 2008 R2 to the latest...
Critical flaws in CleanTalk’s WordPress plugin allow remote code execution; update to secure your site.
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04.
Common Weakness Enumeration (CWE) is a list of software and hardware weaknesses.
Discover how a new attack technique bypasses Microsoft’s security, enabling OS downgrade attacks on Windows.
A quirk in the Unicode standard harbors an ideal steganographic code channel.
L'agence CISA a révélé que la faille de sécurité CVE-2024-23113, présente dans les produits Fortinet, était exploitée dans le cadre de cyberattaques.