State-sponsored actors, better known as the friends you don’t want
State-sponsored actors don't break in. They log in, and they use your own tools to stay invisible for months.Responding to a state-sponsored threat is nothing like responding to...
Hardcoded Encryption Key Used for VPN Saved Passwords
CVSSv3 Score: 2.1
A Missing Authorization in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged...
Incorrect global authorization
CVSSv3 Score: 9.1
A missing authorization vulnerability in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated...
Arbitrary log file read in administrative interface
CVSSv3 Score: 4.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in FortiDeceptor WEB UI may...
Improper access control on API endpoints
CVSSv3 Score: 9.1
An Improper Access Control vulnerability in FortiAuthenticator may allow an unauthenticated attacker to execute unauthorized code or...
Command injection in CLI
CVSSv3 Score: 6.1
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability in FortiAP,...
Out-of-bounds access in CAPWAP daemon
CVSSv3 Score: 8.3
An Out-Of-Bounds Write vulnerability in FortiOS capwap daemon may allow an attacker controlling an authenticated FortiAP FortiExtender...
DoS due to unsafe function in signal handler
CVSSv3 Score: 5.2
A use of potentially Dangerous Function vulnerability in FortiAnalyzer and FortiManager API may allow an authenticated attacker...
OTP Disclosure via Exported TokenContentProvider
CVSSv3 Score: 5.0
An improper export of Android application components in FortiTokenAndroid may allow other applications on the device to...
User controlled SQL commands
CVSSv3 Score: 5.1
An improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in FortiNDR may...
Latest article
AI Upgrades, Security Flaws, and SpaceX’s Record IPO Define the Week in Tech
See what you missed in Daily Tech Insider from June 1–5.
The post AI Upgrades, Security Flaws, and SpaceX’s Record IPO Define the Week in...
Hackers Publish Malicious Python Package Mimicking Legitimate Parsimonious Parser
A deceptive Python package quietly made its way into the PyPI repository, putting thousands of developers at risk before it was caught and removed....
Microsoft identifies seven new ways AI agents can be hacked
Microsoft has identified seven new failure modes in agentic AI systems, in addition to those it identified last year in...
Building secure B2C applications with fine-grained access control using Amazon Cognito and Amazon Verified...
Modern web applications require robust security controls to protect user data and application resources. Authentication and authorization are two fundamental pillars of application security...
