Oracle Identity Manager Pre-Auth RCE
What is the Vulnerability? CVE-2025-61757 is a critical pre-authentication remote code...
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor...
npm (Shai-Hulud) Supply Chain Attack
What is the Attack? On November 24, 2025, Shai Hulud launches...
Akira Ransomware
FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has...
Oracle E-Business Suite RCE Zero-day
Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover...
Fortra GoAnywhere MFT Attack
A critical deserialization vulnerability in GoAnywhere MFT’s License Servlet (CVSS 10.0) is actively being exploited in the wild. The flaw allows attackers with a...
ShadowSilk Data Exfiltration Attack
FortiGuard Labs’ network telemetry has observed active exploitation of known vulnerabilities in Drupal Core and the WP-Automatic WordPress plugin for initial access. Following compromise,...
Citrix Bleed 2
FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has...
Microsoft SharePoint Zero-day Attack
FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
SonicWall Secure Mobile Access Attack
A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access...
Latest article
CarGurus – 12,461,887 breached accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion,...
Hackers Leveraging Multiple AI Services to Compromise 600+ FortiGate Devices
A financially motivated threat actor exploited various commercial generative AI services to compromise over 600 FortiGate devices across more than 55 countries between January...
CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file...
Information published. - Read more
Chromium: CVE-2026-2649 Integer overflow in V8
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see (https://chromereleases.googleblog.com/2024 ) for more information. -...
