brute-force attack
-
AI-assisted actor exploits weak FortiGate management to compromise over 600 devices
A technical report by Amazon Integrated Security says a Russian-speaking actor used commercial generative AI to compromise more than 600 FortiGate firewalls across 55 plus countries by exploiting exposed management ports and weak credentials.
-
GoBruteforcer botnet targets crypto and blockchain databases with credential brute force
A technical analysis found GoBruteforcer campaigns since mid 2025 that turn exposed Linux servers into botnet nodes to brute force FTP and database credentials and to probe blockchain accounts for funds.
-
Ukrainian Network FDN3 Linked to Massive Brute-Force Campaign Against SSL VPNs and RDP Devices
A Ukraine-based IP network, FDN3, is linked to a broad abusive infrastructure conducting large-scale brute-force and password-spraying campaigns against SSL VPN and RDP devices, with activity spanning June to July 2025 and connections to offshore bulletproof hosting groups.
-
Commvault patches four on-prem vulnerabilities tied to remote code execution chains
Commvault has fixed four on-prem vulnerabilities that could enable unauthenticated attackers to compromise deployments and chain to remote code execution, according to findings from watchTowr Labs.
-
Zoom and Xerox patch critical Windows and FreeFlow Core flaws that could enable privilege escalation and remote code execution
Zoom and Xerox released patches for critical vulnerabilities in Zoom Clients for Windows and FreeFlow Core, including a high-severity privilege-escalation flaw (CVE-2025-49457) in Windows Zoom clients and two severe flaws in FreeFlow Core (CVE-2025-8355 and CVE-2025-8356) that could enable remote code execution, prompting enterprise patches and risk-mitigation guidance.
-
Hackers Exploit SAP Vulnerability to Deploy Auto-Color Backdoor in Targeted Attack
Hackers exploited a critical SAP NetWeaver vulnerability to deliver the Auto-Color backdoor, targeting a U.S.-based chemicals company in April 2025.
-
Google Addresses Vulnerability Exposing Users’ Phone Numbers
A vulnerability in Google’s account recovery process allowed researchers to brute-force phone numbers linked to accounts, posing a significant risk of phishing and SIM-swapping attacks, now patched by the tech firm.
