Aggregator

Alleged Sale of Root Access to an Unidentified Mexican Company

Adobe has released a critical security update for its popular design software Illustrator, addressing a severe vulnerability that could allow attackers to execute arbitrary code on targeted systems.  The security bulletin details a heap-based buffer overflow vulnerability that affects multiple versions of the software on both Windows and macOS platforms. The security flaw, identified as […]

The post Critical Adobe Illustrator Vulnerability Let Attackers Execute Malicious Code appeared first on Cyber Security News.

A Chinese-language, Telegram-based marketplace called Xinbi Guarantee has facilitated no less than $8.4 billion in transactions since 2022, making it the second major black market to be exposed after HuiOne Guarantee. According to a report published by blockchain analytics firm Elliptic, merchants on the marketplace have been found to peddle technology, personal data, and money laundering

Five issues actively exploited in the wild, but the real excitement may have been handled in advance

Russian authorities restricted mobile internet access from May 5 to May 9, citing security concerns related to the preparation and celebration of the Victory Day parade in Moscow.

A recent discovery by FortiGuard Labs has unveiled a cunning phishing campaign orchestrated by threat actors deploying Horabot malware, predominantly targeting Spanish-speaking users in Latin America. This high-severity threat, detailed in the 2025 Global Threat Landscape Report, exploits malicious HTML files embedded in phishing emails to steal sensitive information, including email credentials and banking data, […]

The post Threat Actors Leverage Weaponized HTML Files to Deliver Horabot Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortinet has observed threat actors exploiting CVE-2025-32756, a critical zero-day arbitrary code execution vulnerability which affects multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera.

Background

On May 13th, Fortinet published a security advisory (FG-IR-25-254) for CVE-2025-32756, a critical arbitrary code execution vulnerability affecting multiple Fortinet products.

CVEDescriptionCVSSv3CVE-2025-32756An arbitrary code execution vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera9.6Analysis

CVE-2025-32756 is an arbitrary code execution vulnerability affecting multiple Fortinet products including FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. A remote unauthenticated attacker can send crafted HTTP requests in order to create a stack-based overflow condition which would allow for the execution of arbitrary code. This vulnerability was discovered by the Fortinet Product Security Team who observed threat activity involving a device running FortiVoice.

According to Fortinet, the threat actors operations included scanning the network, erasing system crashlogs and enabling ‘fcgi debugging’ which is used to log authentication attempts, including SSH logins. The ‘fcgi debugging’ option is not enabled by default and the Fortinet advisory recommends reviewing the setting as one possible indicator of compromise (IoC).

Historical Exploitation of Fortinet Devices

Fortinet vulnerabilities have historically been common targets for cyber attackers, and CVE-2025-32756 is the eighteenth Fortinet vulnerability to be added to the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) list.

CVEDescriptionPatchedTenable BlogCVE-2024-55591Fortinet Authentication Bypass in FortiOS and FortiProxyJanuary 2025CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the WildCVE-2024-21762Fortinet FortiOS Out-of-bound Write Vulnerability in sslvpndFebruary 2024CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN VulnerabilityCVE-2023-27997FortiOS and FortiProxy Heap-Based Buffer Overflow VulnerabilityJune 2023CVE-2023-27997: Heap-Based Buffer Overflow in Fortinet FortiOS and FortiProxy SSL-VPN (XORtigate)CVE-2022-42475FortiOS and FortiProxy Heap-Based Buffer Overflow VulnerabilityDecember 2022CVE-2022-42475: Fortinet Patches Zero Day in FortiOS SSL VPNsAA23-250A: Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475CVE-2022-40684FortiOS and FortiProxy Authentication Bypass VulnerabilityOctober 2022CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxyProof of concept

At the time of writing this, no proof-of-concept (PoC) has been published for CVE-2025-32756. When a PoC is released, we expect attackers will incorporate this vulnerability in their attacks as Fortinet devices have been exploited by threat actors, including nation-state actors in the past.

Vendor response

Fortinet has provided a list of IoCs based on their observations of CVE-2025-32756. We recommend reviewing the list of IoCs and steps recommended by Fortinet to determine if your device may have been impacted.

Solution

The following table details the affected and fixed versions of Fortinet devices affected by CVE-2025-32756:

ProductAffected VersionFixed VersionFortiCamera 2.12.1.0 through 2.1.32.1.4 or aboveFortiCamera 2.02.0 all versionsMigrate to a fixed releaseFortiCamera 1.11.1 all versionsMigrate to a fixed releaseFortiMail 7.67.6.0 through 7.6.27.6.3 or aboveFortiMail 7.47.4.0 through 7.4.47.4.5 or aboveFortiMail 7.27.2.0 through 7.2.77.2.8 or aboveFortiMail 7.07.0.0 through 7.0.87.0.9 or aboveFortiNDR 7.67.6.07.6.1 or aboveFortiNDR 7.47.4.0 through 7.4.77.4.8 or aboveFortiNDR 7.27.2.0 through 7.2.47.2.5 or aboveFortiNDR 7.17.1 all versionsMigrate to a fixed releaseFortiNDR 7.07.0.0 through 7.0.67.0.7 or aboveFortiNDR 1.51.5 all versionsMigrate to a fixed releaseFortiNDR 1.41.4 all versionsMigrate to a fixed releaseFortiNDR 1.31.3 all versionsMigrate to a fixed releaseFortiNDR 1.21.2 all versionsMigrate to a fixed releaseFortiNDR 1.11.1 all versionsMigrate to a fixed releaseFortiRecorder 7.27.2.0 through 7.2.37.2.4 or aboveFortiRecorder 7.07.0.0 through 7.0.57.0.6 or aboveFortiRecorder 6.46.4.0 through 6.4.56.4.6 or aboveFortiVoice 7.27.2.07.2.1 or aboveFortiVoice 7.07.0.0 through 7.0.67.0.7 or aboveFortiVoice 6.46.4.0 through 6.4.106.4.11 or above

For users that are not able to immediately upgrade, Fortinet has provided a mitigation step; disabling the HTTP/HTTPS administrative interface. We recommend reviewing the Fortinet advisory for the latest information on workarounds and patched versions.

Identifying affected systems

A list of Tenable plugins for this vulnerability can be found on the individual CVE page for CVE-2025-32756 as they’re released. This link will display all available plugins for this vulnerability, including upcoming plugins in our Plugins Pipeline.

Additionally, customers can utilize Tenable Attack Surface Management to identify public facing assets running Fortinet devices by using the following subscription:

Get more information

• Fortinet FG-IR-25-254 Advisory

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable One, the Exposure Management Platform for the modern attack surface.

The North Korean state-sponsored threat actor TA406, also tracked as Opal Sleet and Konni, has set its sights on Ukrainian government entities. Proofpoint researchers have uncovered a dual-pronged offensive involving both credential harvesting and malware deployment through highly targeted phishing campaigns. The likely objective of these attacks is to gather strategic intelligence on the Russian […]

The post TA406 Hackers Target Government Entities to Steal Login Credentials appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Alleged Data Breach for Sale of Autoridad Educativa Federal en la Ciudad de México

Америка запрещает чип, сделанный без неё — но с её технологиями.

A vulnerability was found in Admin and Site Enhancements Plugin up to 7.6.9 on WordPress. It has been classified as critical. This affects an unknown part of the component Login. The manipulation leads to authentication bypass by spoofing. This vulnerability is uniquely identified as CVE-2024-13685. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in EDIMAX CV7428NS 1.20 and classified as critical. This vulnerability affects the function mp of the component Parameter Handler. The manipulation leads to code injection. This vulnerability was named CVE-2025-45857. The attack can be initiated remotely. There is no exploit available.