Dataproof Communications

CVSSv3 Score: 6.3 An insertion of sensitive information into log file vulnerability in FortiOS, FortiProxy, FortiPAM and FortiSRA may allow a read-only administrator to retrieve API tokens of other administrators via observing REST API logs, if REST API logging is enabled (non-default configuration). Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.4 An Incorrect Authorization vulnerability in FortiPortal may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 6.5 An Unverified Password Change vulnerability in FortiSOAR may allow an attacker who gained access to a victim's user account to reset the account credentials without being prompted for the account's password Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 4.4 A use of password hash instead of password for authentication vulnerability in FortiWeb may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests. Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 7.1 A reliance on cookie without validation or integrity checking vulnerability in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability. Revised on 2025-12-09 00:00:00...

CVSSv3 Score: 6.2 An Improper access control vulnerability in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted requests Revised on 2025-12-09 00:00:00 - Read more

CVSSv3 Score: 5.9 A key management error vulnerability in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell. Revised on 2025-12-10 00:00:00 - Read more

LEESBURG, Va., December 9, 2025 - Cofense, the leader in intelligence-driven phishing defense, today announced significant advancements across its portfolio, introducing Smart Reinforcement within its Security Awareness Training solution, and unveiling the latest release of Triage 1.30 within its Phishing Detection and Response (PDR) solution. These enhancements mark a major step forward in Cofense’s mission to deliver faster, smarter, and...

By: Hendrix Garcia, Cofense Phishing Defense CenterNoteGPT is an AI-generated tool that converts lengthy lectures, meetings, or videos into concise, easy-to-read notes in just seconds. While seemingly useful, threat actors are now exploiting it to host fake files and lure victims. They upload malicious content to NoteGPT, then share what appears to be a harmless “document” or “note”.  Because...

Key Takeaways Static vendor checks fall short: Traditional, point-in-time third-party risk management practices (e.g. annual questionnaires) leave organizations blind to emerging vendor threats between audits. Continuous monitoring is now a must. Five common risk scenarios: Supply chain attacks, widespread software vulnerabilities, hidden fourth-party dependencies, vendor credential theft, and vendor instability each illustrate how “trusting” vendors can lead...