Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. […]
Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam
During the April incident, hackers gained access to a digital system which remotely controls one of the dam’s valves and opened it to increase the water flow.
The post Norwegian Police Say Pro-Russian Hackers Were Likely Behind Suspected Sabotage at a Dam appeared first on SecurityWeek.
Windows 11 24H2 updates failing again with 0x80240069 errors
The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. […]
New downgrade attack can bypass FIDO auth in Microsoft Entra ID
Security researchers have created a new FIDO downgrade attack against Microsoft Entra ID that tricks users into authenticating with weaker login methods, making them susceptible to phishing and session hijacking. […]
Spike in Fortinet VPN brute-force attacks raises zero-day concerns
A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. […]
Pennsylvania attorney general’s email, site down after cyberattack
The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. […]
New PS1Bot Malware Campaign Uses Malvertising to Deploy Multi-Stage In-Memory Attacks
Cybersecurity researchers have discovered a new malvertising campaign that’s designed to infect victims with a multi-stage malware framework called PS1Bot.
“PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
“PS1Bot features a modular design, with several modules delivered used to perform a variety of malicious activities on infected systems, including information theft, keylogging, reconnaissance, and the establishment of persistent system
Microsoft removes PowerShell 2.0 from Windows 11, Windows Server
Microsoft will remove PowerShell 2.0 from Windows starting in August, eight years after announcing its deprecation and keeping it around as an optional feature. […]
Zoom and Xerox Release Critical Security Updates Fixing Privilege Escalation and RCE Flaws
Zoom and Xerox have addressed critical security flaws in Zoom Clients for Windows and FreeFlow Core that could allow privilege escalation and remote code execution.
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
“Untrusted search path in
The vulnerability impacting Zoom Clients for Windows, tracked as CVE-2025-49457 (CVSS score: 9.6), relates to a case of an untrusted search path that could pave the way for privilege escalation.
“Untrusted search path in
Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia
Intel, AMD and Nvidia have published security advisories describing vulnerabilities found recently in their products.
The post Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia appeared first on SecurityWeek.