Cybersecurity experts are concerned about a high-impact vulnerability in Fortinet’s FortiOS, FortiProxy, and FortiSwitchManager, designated as CVE-2025-22252. The vulnerability could allow the attacker to circumvent authentication and gain privileges as an administrator on enterprise networks that deploy Fortinet security appliances. What is CVE-2025-22252? CVE-2025-22252 is an authentication for critical function…
Recently, a sophisticated phishing campaign targeted WooCommerce store owners by falsely reporting critical vulnerabilities, then tricking victims into installing malware – disguised as an essential security patch.. Security researchers and WooCommerce’s team have issued alerts to help make store owners aware and keep themselves safe. We summarize everything you need…
A critical vulnerability in the SSL.com domain validation process allowed unauthorized parties to get the certificates on behalf of you or your organisation. SSL.com is one of the famous Certificate Authorities (CA) trusted by all major browsers. This Vulnerability is reported by security researchers; in their demonstration, they showed how…
Fortinet, a leading cybersecurity company, has released an urgent alert revealing that hackers have found a new technique to maintain unauthorized, read-only access to FortiGate devices even after they have been patched for known vulnerabilities. This exploit involves the use of symbolic links (symlinks) within the SSL-VPN feature that allows…
One of the most famous JavaScript frameworks, “Next.Js,” has critical security with a CVE base score of 9.1 by NIST. Next.js is a React framework that provides a structured approach and additional features for building web applications, including server-side rendering and static site generation, built on top of the React…
A critical security vulnerability has recently been discovered in Apache Pinot, a real-time distributed OLAP data store, leading to disastrous consequences for its user base. This flaw allows unauthenticated attackers to perform authentication bypasses and gain access to sensitive systems. The vulnerability is rated 9.8 on the CVSS scale, which…
A large number of VMware ESXi and Workstation and Fusion installations remain vulnerable to three zero-day vulnerabilities that cyber attackers already exploit to damage corporate IT systems. Three CVEs, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have been weaponized by cyber attackers; thus, Broadcom and CISA issued immediate user warnings. Organizations need to…
OpenSSH is a Secure Remote Administration Tool for the Linux and Unix-based systems. It has been identified with two high threats exposing the server and client-side to MitM and Denial of Service attacks, namely CVE-2025-26465 and CVE-2025-26466, which were discovered by security researchers working for Qualys. Unsurprisingly, they did this…
A zero-day vulnerability has been identified and actively exploited in Fortinet´s security appliances that would let the threat actors compromise firewalls and infiltrate enterprise networks. The vulnerability, tracked as CVE-2024-55591, affects multiple versions of FortiOS and FortiProxy and allows attackers to bypass authentication and gain super-admin privileges. This in-depth analysis…
Cybersecurity is a moving target, with organizations and vendors at the forefront of protecting their systems from the newest threats. In a significant development, leading cybersecurity company Palo Alto Networks has released a critical patch to fix a denial-of-service (DoS) vulnerability in its PAN-OS software. If left patched, the vulnerability…
In a recent cybersecurity alert, researchers have uncovered critical vulnerabilities in the popular Jupiter X Core WordPress plugin, which is currently installed on over 90,000 websites globally. This plugin has been identified as having security flaws that could potentially allow attackers to execute arbitrary code and take control of affected…
Introduction Among the cybersecurity community, the concept of zero-day has emerged to be the most feared one as it casts a dark shadow on organizations and people of all sorts. Vulnerabilities, zero-day attacks, and exploits are the kinds of threats that mostly come in the way of ensuring cybersecurity in…
The Apache Software Foundation has made public several critical vulnerabilities in the Apache HTTP Server that could have a devastating impact, leaving millions of websites vulnerable to hacking attempts. Apache HTTP Server web server – A popular choice for millions of websites worldwide. The risks caused by these vulnerabilities are…
Check Point released a security alert on May 28, 2024, regarding CVE-2024-24919. This high-severity information disclosure vulnerability affects Check Point Security Gateway devices set up with the “IPSec VPN” or “Mobile Access” software blade. Check Point is warning users about a zero-day vulnerability that threat actors have been exploiting in…
Palo Alto Networks PAN-OS firewalls have been subject to an increased number of attempts at exploitation since the finding of CVE-2024-3400 on April 12, 2024. Recently, Palo Alto Networks identified and fixed a serious flaw in the GlobalProtect function of its PAN-OS software. But again, information from the Shadowserver Foundation…
Loading...
