FortiOS Security Fabric Vulnerability Let Attackers Escalate Privileges to Super-admin
Fortinet has addressed a critical security flaw in its FortiOS Security Fabric that could allow authenticated administrators to elevate privileges to the super-admin level by connecting vulnerable devices to malicious upstream FortiGate systems.
Tracked...
Critical Ivanti CSA Vulnerability Let Attackers Execute Arbitrary Code Remotely
Ivanti has issued critical updates for its Cloud Services Application (CSA) to address two significant vulnerabilities, one of which could allow attackers to execute arbitrary code remotely.
The vulnerabilities, identified as CVE-2024-47908 and CVE-2024-11771, affect...
Researcher Details Fortinet FortiOS Vulnerabilities Allowing DoS & RCE Attacks
A security audit of Fortinet's FortiOS VPN conducted by Akamai researcher Ben Barnea has uncovered multiple vulnerabilities that could enable attackers to launch denial-of-service (DoS) attacks and potentially execute remote code (RCE).
The findings, responsibly...
12,000+ KerioControl Firewall Instances Vulnerable to 1-Click RCE Exploit
A critical security vulnerability, CVE-2024-52875, has been identified in GFI KerioControl firewalls, affecting versions 9.2.5 through 9.4.5.
This flaw, which can be exploited for remote code execution (RCE), has already drawn significant attention from cybercriminals,...
Microsoft SharePoint Connector Vulnerability Let Attackers Steal User’s Credentials
A critical server-side request forgery (SSRF) vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to harvest user credentials and impersonate victims across multiple services, including Power Apps, Power Automate, Copilot Studio, and Copilot...
Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s
A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players.
The exploit, identified as a Remote Code Execution (RCE)...
CISA Warns of Trimble Cityworks RCE Vulnerability Exploited to Hack IIS Servers
The CISA has issued a warning regarding a critical remote code execution (RCE) vulnerability affecting Trimble Cityworks, a popular software solution for local government and public works asset management.
The vulnerability, identified as CVE-2025-0994,...
New Attack Technique Uncovered Abusing Kerberos Delegation in Active Directory Networks
A new attack vector exploiting vulnerabilities in Kerberos delegation within Active Directory (AD) networks has been uncovered, posing significant risks to enterprise security.
This technique leverages the inherent weaknesses of Unconstrained Kerberos Delegation, a legacy...
Microsoft Edge Vulnerabilities Let Attackers Execute Remote Code – Update Now!
Microsoft has released a critical security update for its Edge browser, addressing multiple vulnerabilities that could allow attackers to execute remote code and compromise user systems.
Users are strongly urged to update their browsers immediately...
Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks – CISA Warns
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to federal agencies regarding active exploitation of a critical Microsoft Outlook vulnerability, tracked as CVE-2024-21413.
This remote code execution (RCE) flaw,...
Recent Posts
WhatsApp’s New Advanced Chat Privacy Feature to Protect Sensitive Conversations
WhatsApp has announced the rollout of its new "Advanced Chat Privacy" feature, designed to give users greater control over the confidentiality of their conversations....