Vulnerabilities
-
Fortinet patches critical FortiSIEM vulnerability CVE-2025-25256 as exploit code surfaces in the wild
Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-25256) after exploit code appeared in the wild. The flaw enables unauthenticated code execution through crafted CLI requests across multiple FortiSIEM versions. Upgrades to fixed releases are recommended, and administrators should limit access to the phMonitor port if upgrades are not feasible. Indicator coverage may be limited…
-
Security Flaw in Carmaker’s Online Portal Exposed Customer Data and Could Permit Remote Vehicle Access, Researchers Say
A security flaw in a major carmaker’s online dealer portal exposed customer data and could have enabled attackers to remotely unlock vehicles, prompting a fix in February 2025. Discovered by researcher Eaton Zveare, the vulnerability was described as a serious risk that underscores ongoing cybersecurity challenges in automotive online systems.
-
Netherlands says CVE-2025-6543 in Citrix NetScaler exploited to breach critical organizations
The Netherlands’ National Cyber Security Centre warned that CVE-2025-6543 in Citrix NetScaler was exploited to breach multiple critical organizations, turning a memory overflow vulnerability into remote code execution and prompting urgent upgrades to patched versions.
-
WinRAR Addresses Critical Zero-Day Vulnerability Exploited in Active Attacks
WinRAR has released an urgent update to address a critical zero-day vulnerability, CVE-2025-8088, that is actively being exploited to execute arbitrary code through malicious archive files. Users are strongly advised to upgrade to version 7.13.
-
Over 29,000 Microsoft Exchange Servers Remain Vulnerable to Severe Exploit
Over 29,000 Microsoft Exchange servers remain unpatched against a critical security flaw, CVE-2025-53786, which allows attackers to escalate privileges and potentially compromise entire domains. This vulnerability has prompted emergency directives from U.S. federal agencies to enforce patching.
-
Connex Credit Union Faces Data Breach Affecting Over 172,000 Members
Connex Credit Union has disclosed a data breach affecting over 172,000 members, revealing unauthorized access to personal and financial information, while warning members about potential phishing scams.
-
New Attack Technique Leveraging Windows Domain Controllers Threatens Cybersecurity
Researchers at SafeBreach have unveiled a new technique known as Win-DDoS, which exploits vulnerabilities in Windows domain controllers to facilitate powerful DDoS attacks. The findings highlight significant risks to cybersecurity, necessitating a reevaluation of current defenses against such threats.
-
U.S. Federal Judiciary Confirms Cyberattack on Case Management System
The U.S. Federal Judiciary has confirmed a cyberattack on its electronic case management systems, leading to increased cybersecurity measures to protect sensitive court documents. Enhanced protections are in response to rising sophisticated cyber threats affecting public and private sectors. The breach reportedly exposed confidential information across multiple federal districts.
-
Malicious NPM Packages Pose Threat to WhatsApp Developers
Researchers at Socket have discovered two malicious NPM packages that impersonate WhatsApp development tools, deploying dangerous data-wiping code and threatening developers’ systems. Despite takedown efforts, the packages remain available for download.
-
Bouygues Telecom Faces Data Breach Affecting 6.4 Million Customers
Bouygues Telecom confirms a significant data breach affecting 6.4 million customers, exposing personal data but no credit card details. The company acts quickly to secure its network and notify customers.
