Aggregator

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability, tracked as CVE-2025-32756, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released security updates to address a critical remote code execution zero-day, […]

叮！新内容出炉！

文末互动，有福利！

Одно обновление тихо подложило мину, а другое так же тихо притворилось, что её никогда не было.

Submit #571077 / VDB-309058

Submit #571073 / VDB-309057

Submit #571072 / VDB-309056

Submit #571071 / VDB-309055

A vulnerability classified as very critical has been found in Fortinet FortiOS, FortiProxy and FortiSwitchManager. This affects an unknown part of the component TACACS+ ASCII Handler. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-22252. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #571070 / VDB-309054

Submit #571069 / VDB-309053

Submit #571068 / VDB-309052

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been rated as critical. Affected by this issue is some unknown functionality of the component Setting Handler. The manipulation leads to missing authentication. This vulnerability is handled as CVE-2025-32738. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in I-O DATA DEVICE HDL-TC1, HDL-TC500, HDL-T1NV, HDL-T1WH, HDL-T2NV, HDL-T2WH, HDL-T3NV and HDL-T3WH up to 1.21. It has been declared as very critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to os command injection. This vulnerability is known as CVE-2025-32002. The attack can be launched remotely. There is no exploit available.

ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the ultimate goal of stealing confidential data from specific email accounts. Operation RoundPress compromise chain (Source: ESET) Targets Most of the targets are related to the current war in Ukraine. They are either Ukrainian governmental entities or defense companies in Bulgaria and … More →

The post Russia-linked hackers target webmail servers in Ukraine-related espionage operation appeared first on Help Net Security.

All Risk, No Reward: Meta's Ongoing Legal Issues in Europe
Social media giant Meta is likely to face more legal hurdles over its plans to use the personal data of European Facebook and Instagram users to train artificial intelligence models. Meta paused efforts to train AI with European data in June 2024.

Report Finds North Koreans Embedded in Top Blockchain and Web3 Projects
A new report details how North Korea’s cybercrime network is infiltrating global tech firms with fake IT workers who exploit trusted access to steal millions in cryptocurrency, launder funds through international fronts and channel proceeds into weapons development and espionage missions.

HHS Secretary Testifies to Congress on Trump Administration's FY 2026 Budget Plans
The U.S. Department of Health and Human Services aims to bolster cybersecurity and health IT through the aid of artificial intelligence that will be used at federal health agencies, said Robert F. Kennedy Jr., secretary of HHS during House and Senate committee budget hearings on Wednesday.

It's Me, Not You: CISA Withdraws Leidos Cyber Offer Last Second
A multi-billion dollar vision by the Cybersecurity and Infrastructure Security Agency for its government-wide network intrusion detection and prevention system went kaput on Friday, court documents show. It withdrew an offer to contractor Leidos to support the National Cybersecurity Protection System.

Russian hackers aren’t just targeting Ukraine — they also appear to be going after their defense contractors in other countries, new ESET research surmises.

The post Fancy Bear campaign sought emails of high-level Ukrainians and their military suppliers appeared first on CyberScoop.