CVSSv3 Score: 6.7
An OS command injection vulnerabtility [CWE-78] in FortiExtender API may allow an authenticated attacker to execute unauthorized code or commands via a specific HTTP request.
Revised on 2025-12-09 00:00:00
Latest article
VoidLink Framework Enables On-Demand Tool Generation with Windows Plugin Support
A newly tracked intrusion framework called VoidLink is drawing attention for its modular design and focus on Linux systems. It behaves like an implant...
North Korean Hackers Use Deepfake Video Calls to Target Crypto Firms
Campaign combines stolen Telegram accounts, fake Zoom calls and ClickFix attacks to deploy infostealer malware - Read more
CVE volumes may plausibly reach 100,000 this year
The number of vulnerabilities to be disclosed in 2026 is almost certain to exceed last year's total, and may be heading towards 100,000, according...
North Korean actors blend ClickFix with new macOS backdoors in Crypto campaign
A financially motivated threat actor tracked as UNC1609 is using a ClickFix-style social engineering campaign to deploy multiple macOS malware...
