Multiple critical vulnerabilities have been discovered in various Fortinet products, with the most severe allowing arbitrary code execution by remote attackers. Immediate patching and security best practices are recommended to protect affected Fortinet systems from exploitation. #Fortinet #FortiVoice #FortiOS
Tag: MACOS
Microsoft’s May 2025 Patch Tuesday addresses security updates for 72 vulnerabilities, including five actively exploited zero-days and two publicly disclosed flaws. The updates fix critical flaws across various Windows components, affecting systems and services globally, with a focus on elevation of privilege, remote code execution, and information disclosure vulnerabilities.Affected: Microsoft Windows, Microsoft Defender, Microsoft Edge, Microsoft Office, Azure, Visual Studio, Remote Desktop, and other Microsoft services.
Radware has confirmed that the vulnerabilities related to its Cloud Web Application Firewall identified in 2024 were addressed in 2023. Despite initial lack of acknowledgment from Radware, the issues were fixed shortly after reporting, with one resolved immediately and the other through global signature updates. Affected: Radware Cloud WAF and its…
A newly disclosed VMware Tools vulnerability (CVE-2025-22247) allows attackers with limited access to compromise virtual machines by tampering with local files. Broadcom has issued patches for affected versions on Windows and Linux to address this moderate-severity flaw.Affected: VMware, Virtual Machines, VMware Tools, open-vm-tools…
This web content introduces various free and affordable online platforms for learning penetration testing and cybersecurity skills in 2025. It highlights resources like Hack The Box Academy, PortSwigger Web Security Academy, and TryHackMe to help aspiring pentesters accelerate their journey. Affected: cybersecurity training platforms, learners, and aspiring penetration testers
A new ClickFix attack campaign has been observed targeting Windows, Linux, macOS, and even web users by using social engineering techniques that trick victims into executing malicious commands. This campaign is linked to the APT36 group and employs impersonation tactics involving fake government websites to infect systems with information-stealing malware or…
Apple has released security patches for macOS, iPhone, and iPad, addressing critical vulnerabilities that could allow remote code execution through malicious media files, websites, or apps. These updates also fix various bugs related to app crashes, data leaks, and privilege escalations, enhancing overall device security.Affected: macOS, iOS, iPadOS, Apple devices…
This article discusses the latest updates to OtterCookie, a malware used by the North Korea-linked WaterPlum group in cyber-espionage campaigns. It highlights the new functionalities introduced in versions 3 and 4, and their evolving attack capabilities. Affected: Financial institutions, cryptocurrency operators, FinTech companies….
Cybercriminals are increasingly targeting overlooked infrastructure such as outdated software, IoT devices, and open-source packages to launch attacks at scale. Threat actors are shifting their focus from high-value targets to vulnerable “infrastructure” components, reshaping intrusion, persistence, and evasion strategies. Affected: Organizations relying on outdated systems, IoT device users, open-source software ecosystems….
APT37 conducted spear phishing attacks targeting North Korea-related activists by distributing malicious LNK files via Dropbox disguised as academic conference invitations. The group leveraged legitimate
A sophisticated email campaign has been uncovered targeting users in Spain, Italy, and Portugal, distributing the cross-platform RATty RAT. The campaign uses the legitimate Spanish email service provider serviciodecorreo.es to send phishing emails….
A new sophisticated email campaign distributes Ratty RAT via phishing emails exploiting legit email services and file-sharing platforms. It uses evasion techniques like geolocation filtering
Malicious npm packages pumptoolforvolumeandcomment and debugdogs silently steal cryptocurrency keys, wallet files, and BullX trading data on Linux/macOS, exfiltrating via Telegram bots to empty wallets