Dataproof Communications

Sensor Intel Series: March 2026 CVE Trends - Read more

TeamPCP exploited a single stolen credential to gain write access to trusted software repositories, inject credential-harvesting malware, and cascade across five ecosystems in five days. Stolen credentials can enable payroll redirection, freight rerouting, and extortion — active campaigns Insikt Group is tracking that show how a software supply chain breach can quickly become a...

The recent buzz around Anthropic’s Mythos model has been intense, and for good reason. Early reports suggest a model that significantly advances automated reasoning over large codebases, vulnerability discovery, and exploit generation. Some are already calling it a “game changer” for offensive security.  But like most breakthroughs in AI, the reality is more nuanced.  Let’s unpack what Mythos is, why it’s getting so much attention, and where...

Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities Aaron Roy Tue, 04/14/2026 - 10:54 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (.NET Windows Server Hosting, NodeJS, Erlang OTP, SQL Server, Curl) were found to contain vulnerabilities, and updated versions have been made available by the providers.Out of caution and...

CVSSv3 Score: 9.1 An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 4.3 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FortiSandbox and FortiSandbox Cloud may allow a privileged attacker to perform a stored XSS attack via crafted HTTP requests. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 7.1 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FortiClientEMS may allow an authenticated attacker to run arbitrary SQL queries on the database via sending crafted requests. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 6.2 Multiple Relative Path Traversal vulnerabilities in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying system via crafted CLI commands. Revised on 2026-04-14 00:00:00 - Read more

CVSSv3 Score: 6.2 A missing authentication for critical function vulnerability in FortiOS and FortiSwitchManager CAPWAP daemon may allow a local unauthenticated attacker on the same local IP subnet to write device configuration via specially crafted requests. To be successful, this attack requires the targeted FortiGate device to run a specific, non default configuration. Revised...

CVSSv3 Score: 4.4 An Integer Overflow or Wraparound vulnerability in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the system via crafted HTTP requests. Revised on 2026-04-14 00:00:00 - Read more