AWS Security Hub is expanding to unify security operations across multicloud environments
After talking with many customers, one thing is clear: the security challenge has not gotten easier. Enterprises today operate across a complex...
CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability
Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network. - Read more
Honeywell IQ4x BMS Controller
View CSAF
Summary
Successful exploitation of this vulnerability could allow an unauthorized attacker to access controller management settings, control components, disclose information, or cause a denial-of-service...
BeatBanker: A dual‑mode Android Trojan
Recently, we uncovered BeatBanker, an Android‑based malware campaign targeting Brazil. It spreads primarily through phishing attacks via a website disguised as the Google Play...
Null Pointer Dereference in Anti-Defacement feature
CVSSv3 Score: 2.5
A NULL Pointer Dereference vulnerability in FortiWeb may allow an authenticated attacker to crash the HTTP daemon...
Format string vulnerability in fazsvcd
CVSSv3 Score: 6.5
A use of externally-controlled format string vulnerability in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon...
Local privilege escalation via improper symlink following
CVSSv3 Score: 7.4
A UNIX symbolic link (Symlink) Following vulnerability in FortiClientLinux may allow a local and unprivileged user to...
Buffer overflow via fgtupdates service
CVSSv3 Score: 7.0
A Stack-based Buffer Overflow vulnerability in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute...
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score: 6.3
An improper certificate validation vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view...
OS command injection on vmimages update feature
CVSSv3 Score: 6.7
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in FortiSandbox...
Latest article
Criminal IP at Infosecurity Europe 2026: Introducing AITEM, the Next Chapter of Attack Surface...
Torrance, United States / California, June 11th, 2026, CyberNewswire Criminal IP by AI SPERA, a cyber threat intelligence platform delivering decision-ready intelligence and attack...
Readers reply: Experts say we should use passkeys, but can a smartphone pin really...
The long-running series in which readers answer other readers’ questions on subjects ranging from trivial flights of fancy to profound scientific and philosophical conceptsThis...
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value
Information published. - Read more
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you’re running a module on...
