The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical OS command injection vulnerability in Fortinet's FortiWeb web application firewall to its Known Exploited Vulnerabilities (KEV) catalog.
This flaw, tracked as CVE-2025-58034, allows authenticated attackers to execute arbitrary code on affected systems...
SolarWinds has patched three critical vulnerabilities in its Serv-U file transfer software that could let attackers with administrative access run malicious code remotely.
These flaws, disclosed on November 18, 2025, affect versions up to 15.5.2 and each carries a CVSS score of 9.1.
The...
Microsoft has launched a significant update at Ignite 2025, integrating the Threat Intelligence Briefing Agent directly into the Microsoft Defender portal to enhance proactive cybersecurity defenses.
This AI-powered tool, now in Public Preview, delivers daily customized briefings that merge global threat data with organization-specific...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a critical advisory warning of multiple severe vulnerabilities in the General Industrial Controls Lynx+ Gateway, an industrial control system used in essential manufacturing sectors worldwide.
Issued on November 13, 2025, under alert code ICSA-25-317-08,...
The U.S. Justice Department revealed a significant crackdown on North Korean schemes funding weapons programs through fake IT jobs and cryptocurrency thefts.
On November 14, 2025, officials announced five guilty pleas and over $15 million in seized virtual currency tied to these operations.
Disrupting The...
Zoho Corporation, known for its suite of business software, has disclosed a serious security flaw in its Analytics Plus tool.
This vulnerability, tracked as CVE-2025-8324, allows unauthenticated attackers to inject malicious SQL code into the system.
Discovered in on-premise versions, the bug stems from...