Fortinet, a leading cybersecurity company, has released an urgent alert revealing that hackers have found a new technique to maintain unauthorized, read-only access to FortiGate devices even after they have been patched for known vulnerabilities. This exploit involves the use of symbolic links (symlinks) within the SSL-VPN feature that allows…
One of the most famous JavaScript frameworks, “Next.Js,” has critical security with a CVE base score of 9.1 by NIST. Next.js is a React framework that provides a structured approach and additional features for building web applications, including server-side rendering and static site generation, built on top of the React…
A critical security vulnerability has recently been discovered in Apache Pinot, a real-time distributed OLAP data store, leading to disastrous consequences for its user base. This flaw allows unauthenticated attackers to perform authentication bypasses and gain access to sensitive systems. The vulnerability is rated 9.8 on the CVSS scale, which…
A large number of VMware ESXi and Workstation and Fusion installations remain vulnerable to three zero-day vulnerabilities that cyber attackers already exploit to damage corporate IT systems. Three CVEs, CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have been weaponized by cyber attackers; thus, Broadcom and CISA issued immediate user warnings. Organizations need to…
OpenSSH is a Secure Remote Administration Tool for the Linux and Unix-based systems. It has been identified with two high threats exposing the server and client-side to MitM and Denial of Service attacks, namely CVE-2025-26465 and CVE-2025-26466, which were discovered by security researchers working for Qualys. Unsurprisingly, they did this…
A zero-day vulnerability has been identified and actively exploited in Fortinet´s security appliances that would let the threat actors compromise firewalls and infiltrate enterprise networks. The vulnerability, tracked as CVE-2024-55591, affects multiple versions of FortiOS and FortiProxy and allows attackers to bypass authentication and gain super-admin privileges. This in-depth analysis…
Cybersecurity is a moving target, with organizations and vendors at the forefront of protecting their systems from the newest threats. In a significant development, leading cybersecurity company Palo Alto Networks has released a critical patch to fix a denial-of-service (DoS) vulnerability in its PAN-OS software. If left patched, the vulnerability…
In a recent cybersecurity alert, researchers have uncovered critical vulnerabilities in the popular Jupiter X Core WordPress plugin, which is currently installed on over 90,000 websites globally. This plugin has been identified as having security flaws that could potentially allow attackers to execute arbitrary code and take control of affected…
Introduction Among the cybersecurity community, the concept of zero-day has emerged to be the most feared one as it casts a dark shadow on organizations and people of all sorts. Vulnerabilities, zero-day attacks, and exploits are the kinds of threats that mostly come in the way of ensuring cybersecurity in…
The Apache Software Foundation has made public several critical vulnerabilities in the Apache HTTP Server that could have a devastating impact, leaving millions of websites vulnerable to hacking attempts. Apache HTTP Server web server – A popular choice for millions of websites worldwide. The risks caused by these vulnerabilities are…
Check Point released a security alert on May 28, 2024, regarding CVE-2024-24919. This high-severity information disclosure vulnerability affects Check Point Security Gateway devices set up with the “IPSec VPN” or “Mobile Access” software blade. Check Point is warning users about a zero-day vulnerability that threat actors have been exploiting in…
Palo Alto Networks PAN-OS firewalls have been subject to an increased number of attempts at exploitation since the finding of CVE-2024-3400 on April 12, 2024. Recently, Palo Alto Networks identified and fixed a serious flaw in the GlobalProtect function of its PAN-OS software. But again, information from the Shadowserver Foundation…
WordPress security scanner WPScan alerts users that threat actors inject malicious code onto websites using a critical severity vulnerability in the WordPress Automatic plugin. Attackers started to focus on a critical severity vulnerability in the WordPress plugin WP Automatic, which allows them to deploy backdoors for permanent access and create…
According to a recent cybersecurity finding, more than 50,000 websites that use the popular WordPress plugin Forminator are vulnerable to severe security vulnerabilities. Website administrators who use the Forminator plugin on WordPress must update their sites as soon as possible with the most recent version of the plugin. This is because…
The widely used Rank Math SEO plugin, which has over two million users, has addressed a Stored Cross-Site Scripting vulnerability that allows malicious scripts to be uploaded and attacks to be launched. Rank Math SEO plugin has been found to have a Stored Cross-Site Scripting (XSS) vulnerability that affects more…
Loading...
(11 votes, average: 4.91 out of 5)
