Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

December 25, 2025

Dec 25, 2025Ravie LakshmananVulnerability / Enterprise Security Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution

December 25, 2025

Dec 25, 2025Ravie LakshmananVulnerability / Endpoint Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a security flaw impacting

Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls

December 25, 2025

Cybercriminals are actively abusing a long-patched Fortinet FortiGate flaw from July 2020, slipping past two-factor authentication (2FA) on firewalls and

OpenAI is reportedly testing Claude-like Skills for ChatGPT

December 24, 2025

OpenAI is testing a new ChatGPT feature called “Skills,” which will be similar to Claude’s feature, also called Skills. Up

Fake MAS Windows activation domain used to spread PowerShell malware

December 24, 2025

A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

December 24, 2025

Dec 24, 2025Ravie LakshmananMalware / Endpoint Security Cybersecurity researchers have discovered a new variant of a macOS information stealer called

Microsoft Teams to let admins block external users via Defender portal

December 24, 2025

Microsoft announced that security administrators will soon be able to block external users from sending messages, calls, or meeting invitations

MongoDB warns admins to patch severe vulnerability immediately

December 24, 2025

Update 12/26/25: Article updated to correct that the flaw has not been officially classified as an RCE. MongoDB has warned

MongoDB warns admins to patch severe RCE flaw immediately

December 24, 2025

MongoDB has warned IT admins to immediately patch a high-severity vulnerability that can be exploited in remote code execution (RCE)

Evasive Panda APT Using AitM Attack and DNS Poisoning to Deliver Malware

December 24, 2025

The Evasive Panda APT group, also known as Bronze Highland, Daggerfly, and StormBamboo, has been running targeted campaigns since November

Nomani Investment Scam Surges 62% Using AI Deepfake Ads on Social Media

December 24, 2025

Dec 24, 2025Ravie LakshmananOnline Fraud / Artificial Intelligence The fraudulent investment scheme known as Nomani has witnessed an increase by

Threat Actors Using Weaponized AV-themed Word and PDF Documents to Attack Israeli Organizations

December 24, 2025

Security researchers at Seqrite Labs have identified a campaign called Operation IconCat, targeting Israeli organizations with weaponized documents designed to

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.