Dataproof Communications

A new version of AWS Security Hub, is now generally available, introducing new ways for organizations to manage and respond to security findings. The enhanced Security Hub helps you improve your organization’s security posture and simplify cloud security operations by centralizing security management across your Amazon Web Services (AWS) environment. The new Security Hub transforms how organizations handle security...

CVSSv3 Score: 9.4 An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 9.3 An exposure of sensitive information to an unauthorized actor vulnerability in FortiFone Web Portal page may allow an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 3.4 A Server-Side Request Forgery (SSRF) vulnerability in FortiSandbox may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 7.4 A heap-based buffer overflow vulnerability in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in FortiClientEMS may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. Revised on 2026-01-13 00:00:00 - Read more

CVSSv3 Score: 5.7 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiVoice may allow a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. Revised on 2026-01-13 00:00:00 - Read more

Key takeaways VoidLink is an advanced malware framework made up of custom loaders, implants, rootkits, and modular plugins designed to maintain long-term access to Linux systems. The framework includes multiple cloud-focused capabilities and modules, and is engineered to operate reliably in cloud and container environments over extended periods. VoidLink’s architecture is extremely flexible and highly modular, centered around a...

- Read more

- Read more