MUST READ

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

UK ICO finds students behind majority of school data breaches

 | 

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62

 | 

CVE-2025-25257

Pierluigi Paganini July 19, 2025
Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

Hackers exploited a Fortinet FortiWeb flaw the same day a PoC was published, compromising dozens of systems. Hackers began exploiting a critical Fortinet FortiWeb flaw, tracked as CVE-2025-25257 (CVSS score of 9.6), on the same day a proof-of-concept (PoC) exploit was published, leading to dozens of compromised systems. Exploitation of Fortinet’s CVE-2025-25257 began on July […]

Pierluigi Paganini July 13, 2025
Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch. Proof-of-concept (PoC) exploits for CVE-2025-25257 in Fortinet FortiWeb (CVSS 9.8) enable pre-auth RCE on vulnerable servers. The flaw is a SQL injection vulnerability in FortiWeb (CWE-89) that allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS requests. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A cyberattack on Collins Aerospace disrupted operations at major European airports

Hacking / September 20, 2025

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

Security / September 19, 2025

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

Security / September 19, 2025

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

Hacking / September 18, 2025

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

Data Breach / September 18, 2025