CISA Added WinRaR Zero-Day (CVE-2025-8088) Vulnerability That is Actively Exploited In the Wild https://cybersecuritynews.com/cisa-added-winrar-zero-day-vulnerability/ #BestCybersecurityNews #CyberSecurityNews #cybersecuritynews #CyberattackNews #CyberSecurity #Vulnerability #cybersecurity #HackingNews #HackerNews #ZeroDay

New Brute-Force Campaign Hits Fortinet SSL VPN in Coordinated Attack – Source:hackread.com https://ciso2ciso.com/new-brute-force-campaign-hits-fortinet-ssl-vpn-in-coordinated-attack-sourcehackread-com/ #1CyberSecurityNewsPost #CyberSecurityNews #FortinetSSLVPN #cybersecurity #Vulnerability #CyberAttacks #CyberAttack #BruteForce #GreyNoise #Fortinet #Hackread #security

Coordinated Brute Force Campaign Targets Fortinet SSL VPN

A significant spike in brute-force traffic targeting Fortinet SSL VPNs was observed on August 3, with over 780 unique IPs triggering the Fortinet SSL VPN Bruteforcer tag. The activity was deliberate and precise, focusing on FortiOS. Two distinct waves of attacks were identified: a long-running set of brute-force activity and a sudden burst beginning August 5. The second wave shifted from targeting FortiOS to FortiManager - FGFM profile. Historical data revealed a potential residential origin or proxy use. The analysis suggests evolving attack patterns and potential reuse of tooling. Research indicates that such spikes often precede new vulnerability disclosures within six weeks. Defenders are advised to use GreyNoise to search for and block malicious IPs associated with this campaign.

Pulse ID: 689cc45a7e90faee364f64cf
Pulse Link: https://otx.alienvault.com/pulse/689cc45a7e90faee364f64cf
Pulse Author: AlienVault
Created: 2025-08-13 16:59:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

Microsoft Office Vulnerabilities Let Attackers Execute Malicious Code Remotely https://cybersecuritynews.com/microsoft-office-rce-vulnerabilities/ #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #cybersecurity #vulnerability

Приоритизация уязвимостей с EPSS в кибербезопасности

Одна из главных проблем в управлении уязвимостями — огромный объём задач при ограниченных ресурсах. Не все уязвимости одинаково опасны, и не каждая требует срочного устранения. Даже уязвимость с высоким уровнем риска может не представлять реальной угрозы, если вероятность разработки эксплойта для неё крайне мала. Именно здесь на помощь приходит EPSS (Exploit Prediction Scoring System) — метрика, которая становится ключевым фильтром при расстановке приоритетов. В предыдущей статье я описал решение по приоритизации уязвимостей на базе no-code-платформы Budibase. В этой статье покажу, как я реализовал поддержку EPSS и включил этот показатель в фильтрацию и анализ приоритета для оптимизации устранения уязвимостей. Реализовав такую приоритизацию у себя, можно значительно повысить эффективность устранения уязвимостей, которые представляют угрозу. Я провел исследование — на рынке РФ во многих решениях по управлению уязвимостями EPSS до сих пор отсутствует. Хорошие новости в том, что приоритезацию с EPSS можно реализовать и без дорогостоящих решений.

https://habr.com/ru/articles/935690/

The MedusaLocker ransomware gang is hiring penetration testers - MedusaLocker, the ransomware-as-a-service group that has been active since 2019 is openly... https://www.fortra.com/blog/medusalocker-ransomware-gang-hiring-penetration-testers #penetrationtesting #vulnerability #medusalocker #ransomware #guestblog

Fortinet authentication bypass flaw enables device takeover

Fortinet patched an authentication bypass vulnerability (CVE-2024-26009) in the FortiGate-to-FortiManager protocol that allows attackers to gain administrative access by crafting malicious requests using a known FortiManager serial number, typically obtained through insider threats or social engineering. The flaw affects multiple Fortinet enterprise security products including FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager.

**If you are using FortiManager to manage Fortinet devices, make sure they are isolated from the internet and accessible only from trustef network. Communicate this flaw and the risk of phishing attempts to all admins. Finally, plan a patch process, which may be complex.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/fortinet-authentication-bypass-flaw-enables-device-takeover-h-8-k-d-s/gD2P6Ple2L

Croatian research institute confirms ransomware attack via ToolShell vulnerabilities https://www.helpnetsecurity.com/2025/08/13/croatian-research-institute-confirms-ransomware-attack-via-toolshell-vulnerabilities/ #vulnerability #ransomware #SharePoint #Don'tmiss #Hotstuff #Croatia #Europe #News

Critical remote code execution flaw in FortiSIEM actively exploited

Fortinet FortiSIEM platforms are under active attack through a critical OS command injection vulnerability (CVE-2025-25256, CVSS 9.8) that allows unauthenticated attackers to execute arbitrary commands, with working exploit code already being used against real-world targets. The flaw affects all FortiSIEM versions from 5.4 through 7.3.1 and is difficult to detect, requiring immediate patching or restricting access to port 7900 as a temporary workaround.

**If you have FortiSIEM, block external access to port 7900 until you can update, then plan a quick patch. Attackers are already exploiting this flaw to take complete control without any login credentials.**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/critical-remote-code-execution-flaw-in-fortisiem-actively-exploited-g-v-z-8-7/gD2P6Ple2L

CVE-2017-11882 Will Never Die

The report discusses the persistent exploitation of CVE-2017-11882, a remote code execution vulnerability affecting Microsoft Office's Equation Editor. Despite being an old vulnerability, it continues to be used by attackers to spread modern malware. The analysis focuses on a malicious Excel file that exploits this vulnerability without using VBA macros. The file contains an obfuscated payload within an embedded object, which is identified as the Equation Editor exploit. Further investigation reveals that the malware downloads a VIPKeyLogger, a type of keylogger and stealer, with specific configuration details provided.

Pulse ID: 689c6f069882dc769770ff8e
Pulse Link: https://otx.alienvault.com/pulse/689c6f069882dc769770ff8e
Pulse Author: AlienVault
Created: 2025-08-13 10:55:02

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

OpenSSH-Analyse und was beim Patchen zählt

#Cybersecurity #Cybersicherheit #OpenSSH @Qualys #Schwachstelle #Vulnerability

https://netzpalaver.de/2025/08/13/openssh-analyse-und-was-beim-patchen-zaehlt/

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia https://www.securityweek.com/chipmaker-patch-tuesday-many-vulnerabilities-addressed-by-intel-amd-nvidia/ #ChipmakerPatchTuesday #Vulnerabilities #vulnerability #PatchTuesday #Featured #Patch #CPU

Adobe releases August 2025 patches for multiple products

Adobe released August 2025 security updates patching critical vulnerabilities across multiple products including Commerce, Creative Suite applications, and Substance 3D tools. Many of the flaws exnable arbitrary code execution through buffer overflows and memory corruption issues.

**Another very large update release from Adobe. Fortunately, this month no critical flaws in Acrobat/Reader. Prioritize patching of Adobe Commerce & Magento Open Source, Illustrator and InDesign. Then review the rest of the list. Many products carry patches categorized as critical, so a proper review is needed for your organization**
#cybersecurity #infosec #advisory #vulnerability
https://beyondmachines.net/event_details/adobe-releases-august-2025-patches-for-multiple-products-z-8-q-0-7/gD2P6Ple2L