Critical FortiSIEM flaw under active exploitation, Fortinet warns Fortinet warns of a critical FortiSIEM vulnerability, tracked as CVE-2025-25256, that is actively exploited in attacks in the wild. Fortinet warns customers of a critical vulnerability, tracked asCVE-2025-25256 (CVSS score of 9.8), affecting FortiSIEM for which an exploit exists in the wild. Fortinet gave no details about … Ler mais
A severe remote code execution (RCE) vulnerability in Erlang’s Open Telecom Platform (OTP) Secure Shell daemon (sshd) is being actively exploited. According to a new analysis by Palo Alto’s Unit 42, CVE-2025-32433, rated 10.0 on the CVSS scale, allows unauthenticated attackers to execute commands by sending specific SSH messages before authentication. Vulnerable versions include Erlang/OTP … Ler mais
A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. The campaign, detected by threat monitoring platform GreyNoise, manifested in two waves, on August 3 and August 5, with the second wave pivoting … Ler mais
HomeBlog AI Applications in Cybersecurity There is a really great series of online events highlighting cool uses of AI in cybersecurity, titled Prompt||GTFO. Videos from the first three events are online. And here’s where to register to attend, or participate, in the fourth. Some really great stuff here. Tags: AI, cybersecurity, videos Posted on August … Ler mais
The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. As Attorney General Dave Sunday revealed on social media on Monday, the office staff is currently working to restore affected services and investigate the incident with the help oflaw enforcement … Ler mais
The landscape of cybersecurity in mid-2025 is undergoing a profound transformation. As threats become more sophisticated and persistent, organizations are realizing that siloed security teams are no longer sufficient. In response, many are turning to Purple Teaming Services to foster better collaboration between offensive and defensive security efforts, ensuring a more proactive and unified approach … Ler mais
A surge in fraudulent “AI-powered” trading platforms has been observed exploiting deepfake technology and fabricated online content to deceive investors. According to a new investigation by Group-IB, scammers are deploying convincing fake videos, phony reviews and targeted online ads to lure victims into fraudulent investment schemes. At the heart of these campaigns are AI-generated deepfake … Ler mais
AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users searching for popular illicit content such as game cheats, software cracks, and automation tools, appearing at the top of search results on platforms like Google … Ler mais
Proofpoint researchers have uncovered a novel technique allowing threat actors to bypass FIDO-based authentication through downgrade attacks, leveraging a custom phishlet within adversary-in-the-middle (AiTM) frameworks. This method exploits gaps in browser compatibility and user agent handling, forcing victims to revert to less secure multi-factor authentication (MFA) mechanisms, thereby enabling credential theft and session hijacking. While … Ler mais
Manpower, one of the world’s leading staffing agencies, has confirmed that a data breach has affected 144,189 people. In a filing with the Office of the Main Attorney General, Manpower said it notified affected individuals on August 11 that their personal information, including their names, had been compromised. The breach occurred months ago, with the … Ler mais
