Multiple authenticated SQL injection via extraParam
CVSSv3 Score: 6.8
An improper neutralization of special elements used in an SQL command ('SQL injection') in FortiVoice may allow...
Insufficient Session Expiration in SSLVPN
CVSSv3 Score: 5.3
An Insufficient Session Expiration vulnerability in FortiOS SSLVPN may allow an attacker to maintain access to network...
Private key readable by admin
CVSSv3 Score: 5.9
A key management error vulnerability in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated admin to retrieve...
Incorrect authorization in multi-vdom environment
CVSSv3 Score: 6.4
An Incorrect Authorization vulnerability in FortiPortal may allow an authenticated attacker to reboot a shared FortiGate device...
Cofense Delivers Faster, Smarter Phishing Defense with New Capabilities
LEESBURG, Va., December 9, 2025 - Cofense, the leader in intelligence-driven phishing defense, today announced significant advancements across its portfolio, introducing Smart Reinforcement within its...
Phishers Get Creative: The NoteGPT Twist You Didn’t See Coming
By: Hendrix Garcia, Cofense Phishing Defense CenterNoteGPT is an AI-generated tool that converts lengthy lectures, meetings, or videos into concise, easy-to-read notes in just...
10 Years of Let’s Encrypt Certificates
On September 14, 2015, our first publicly-trusted certificate went live. We were proud that we had issued a certificate that a significant majority of...
GrayBravo’s CastleLoader Activity Clusters Target Multiple Industries
Note: The analysis cut-off date for this report was November 10, 2025 Executive Summary Insikt Group continues to monitor GrayBravo (formerly tracked as...
5 Real-Word Third-Party Risk Examples
Key Takeaways Static vendor checks fall short: Traditional, point-in-time third-party risk management practices (e.g. annual questionnaires) leave organizations blind to emerging vendor...
November 2025 CVE Landscape: 10 Critical Vulnerabilities Show 69% Drop from October
November 2025 saw a significant 69% decrease in high-impact vulnerabilities, with Recorded Future's Insikt Group® identifying 10 vulnerabilities requiring immediate attention, down from...
Latest article
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant...
Mistic Backdoor Blends With Microsoft Endpoint Security Tooling to Evade Detection
A new and stealthy backdoor named Mistic has been quietly targeting corporate networks since April 2026, disguising itself using the names and appearance of...
Restrict AWS Management Console access to expected networks with sign-in resource-based policies and RCPs
Amazon Web Services (AWS) recently announced support for resource-based policies and resource control policies (RCPs) for AWS Sign-In. By using resource-based policies and RCPs,...
Healthcare Vendor Xsolis Reports Breach Affecting 1.4M People
Xsolis confirmed a healthcare data breach affecting nearly 1.4 million people after a phishing attack exposed health and identity data.
The post Healthcare Vendor Xsolis...
