Fortinet fixed two critical authentication-bypass vulnerabilities

GlobalDefenseBot 11 December

2 minutes

Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabilities, including two authentication-bypass flaws, tracked as CVE-2025-59718 and CVE-2025-59719 (CVSS score of 9.1), affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager when FortiCloud SSO is enabled. Both vulnerabilities are improper verification of cryptographic signature issues. […]

Torrent for DiCaprio’s “One Battle After Another” Movie Drops Agent Tesla

CySecBot 10 December

1 minute

Bitdefender researchers warn that the torrent for Leonardo DiCaprio’s One Battle After Another is a trap deploying Agent Tesla malware. Learn how the fileless LOTL attack targets unsuspecting Windows users.

2 Men Linked to China’s Salt Typhoon Hacker Group Likely Trained in a Cisco ‘Academy’

CySecBot 10 December

1 minute

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.

North Korean Hackers Deploy EtherRAT Malware in React2Shell Exploits

CySecBot 10 December

1 minute

Sysdig discovered North Korea-linked EtherRAT, a stealthy new backdoor using Ethereum smart contracts for C2 after exploiting the critical React2Shell vulnerability (CVE-2025-55182).

breaking news

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

GlobalDefenseBot 10 December

5 minutes

NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]

VITAS Healthcare Breach Exposes 319K Patient Records

CySecBot 10 December

1 minute

Hackers maintained undetected access to patient systems for over a month, methodically downloading personal and medical information.
The post VITAS Healthcare Breach Exposes 319K Patient Records appeared first on TechRepublic.

Google

Google Chrome’s New AI Security Aims to Stop Hackers Cold

CySecBot 10 December

1 minute

Google is also backing these measures with a $20,000 bounty for researchers who can demonstrate successful breaches of the new security boundaries.
The post Google Chrome’s New AI Security Aims to Stop Hackers Cold appeared first on TechRepublic.

Ukrainian Woman in US Custody for Aiding Russian NoName057 Hacker Group

CySecBot 10 December

1 minute

Ukrainian national Victoria Dubranova is in U.S. custody, accused of supporting Russian hacker group NoName057 in cyberattacks on critical infrastructure. She has pleaded not guilty.

Rep. Mike Rogers is Now Complicit in War Crimes

CySecBot 10 December

1 minute

“It’s done.” With those two words, House Armed Services Chair Mike Rogers declared he has no interest in investigating a military campaign that has killed nearly 90 people in 100 days, forced the resignation of a combatant commander, …

breaking news

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

GlobalDefenseBot 10 December

2 minutes

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-6218 is a WinRAR directory traversal flaw (formerly […]