Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025.
The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek.
Indurex Emerges From Stealth to Close Security Gap in Cyber-Physical Systems
Indurex was founded by Jalal Bouhdada, who previously led industrial cybersecurity company Applied Risk.
The post Indurex Emerges From Stealth to Close Security Gap in Cyber-Physical Systems appeared first on SecurityWeek.
Fortinet Patches Exploited FortiCloud SSO Authentication Bypass
Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts.
The post Fortinet Patches Exploited FortiCloud SSO Authentication Bypass appeared first on SecurityWeek.
High-Severity Remote Code Execution Vulnerability Patched in OpenSSL
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm.
The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS that has come under active exploitation in the wild.
The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it’s
The vulnerability, assigned the CVE identifier CVE-2026-24858 (CVSS score: 9.4), has been described as an authentication bypass related to FortiOS single sign-on (SSO). The flaw also affects FortiManager and FortiAnalyzer. The company said it’s
OpenAI’s ChatGPT ad costs are on par with live NFL broadcasts
OpenAI plans to begin rolling out ads on ChatGPT in the United States if you have a free or $8 Go subscription, but the catch is that the ads could be very expensive for advertisers. […]
Fortinet blocks exploited FortiCloud SSO zero day until patch is ready
Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions. […]
Chinese Mustang Panda hackers deploy infostealers via CoolClient backdoor
The Chinese espionage threat group Mustang Panda has updated its CoolClient backdoor to a new variant that can steal login data from browsers and monitor the clipboard. […]
WinRAR path traversal flaw still exploited by numerous hackers
Multiple threat actors, both state-sponsored and financially motivated, are exploiting the CVE-2025-8088 high-severity vulnerability in WinRAR for initial access and to deliver various malicious payloads. […]
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Meta on Tuesday announced it’s adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do.
The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for
The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for