Introduction Conducting regular audits of firewall configurations is essential for ensuring compliance, identifying potential security gaps, and maintaining optimal performance. This is where the FortiGate Configuration Files Audit Tool (fcfat) comes i…
In late 2023, the FBI alerted the Littleton Electric Light and Water Departments (LELWD) that it had been breached by a Chinese-state-sponsored hacking group for over 300 days. With the help of cybersecurity firm Dragos and Department of Energy-funded …
Tenable Research reveals that AI chatbot DeepSeek R1 can be manipulated to generate keyloggers and ransomware code. While…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2025-21590 is an Improper Isolation or Compartmentalization issue in the kernel of Juniper Networks Junos OS […]
GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292. GitLab CE/EE versions 17.7.7, 17.8.5, […]
North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37, Reaper, and Group123) is behind a previously undetected Android surveillance tool named KoSpy that was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the […]
A misconfigured database exposed 108.8 GB of sensitive data, including information on over 86,000 healthcare workers affiliated with…
Researchers warn of a “coordinated surge” in the exploitation attempts of SSRF vulnerabilities in multiple platforms. Threat intelligence firm GreyNoise observed Grafana path traversal exploitation attempts before the Server-Side Request Forgery (SSRF) surge on March 9, suggesting the attackers may be leveraging Grafana as an initial entry point for deeper exploitation. The experts believe the […]
OBSCURE#BAT malware campaign exploits social engineering & fake software downloads to evade detection, steal data and persist on…
Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting the FreeType library may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), in the FreeType library may have been actively exploited in attacks. “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to […]