An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.
The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.
Microsoft Unveils Security Enhancements for Identity, Defense, Compliance
Microsoft announced new security capabilities for Defender, Sentinel, Copilot, Intune, Purview, and Entra.
The post Microsoft Unveils Security Enhancements for Identity, Defense, Compliance appeared first on SecurityWeek.
Fortinet Warns of New FortiWeb CVE-2025-58034 Vulnerability Exploited in the Wild
Fortinet has warned of a new security flaw in FortiWeb that it said has been exploited in the wild.
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
“An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
The medium-severity vulnerability, tracked as CVE-2025-58034, carries a CVSS score of 6.7 out of a maximum of 10.0.
“An Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute
Thunderbird adds native support for Microsoft Exchange accounts
Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. […]
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. […]
Windows 11 gets new Cloud Rebuild, Point-in-Time Restore tools
Microsoft announced two new Windows 11 recovery features today at the Ignite developer conference, called Cloud Rebuild and Point-in-Time Restore (PITR), that aim to reduce downtime and make it easier to recover from system failures or faulty updates. […]
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. […]
Sneaky 2FA Phishing Kit Adds BitB Pop-ups Designed to Mimic the Browser Address Bar
The malware authors associated with a Phishing-as-a-Service (PhaaS) kit known as Sneaky 2FA have incorporated Browser-in-the-Browser (BitB) functionality into their arsenal, underscoring the continued evolution of such offerings and further making it easier for less-skilled threat actors to mount attacks at scale.
Push Security, in a report shared with The Hacker News, said it observed the use
Push Security, in a report shared with The Hacker News, said it observed the use
Cloudflare Outage Not Caused by Cyberattack
Major online services such as ChatGPT, X, and Shopify were disrupted in a, as well as transit and city services.
The post Cloudflare Outage Not Caused by Cyberattack appeared first on SecurityWeek.
Microsoft is bringing native Sysmon support to Windows 11, Server 2025
Microsoft announced today that it is integrating Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. […]