Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit

/in

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known

The Hacker News – ​Read More

Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle

/in

The CVE-2025-22457 has already been exploited by a China-nexus hacking gang notorious for breaking into edge network devices.

The post Rapid7 Reveals RCE Path in Ivanti VPN Appliance After Silent Patch Debacle appeared first on SecurityWeek.

SecurityWeek – ​Read More

Using Third-Party ID Providers Without Losing Zero Trust

/in

With $4.4 billion in worldwide data breach fines in 2024, the cost of not knowing who’s walking into your systems is devastating.

darkreading – ​Read More

Lab provider for Planned Parenthood discloses breach affecting 1.6 million people

/in

The breach affecting Laboratory Services Cooperative involves sensitive information about medical care, as well as bank account details.

The Record from Recorded Future News – ​Read More

Biometrics vs. passcodes: What lawyers recommend if you’re worried about warrantless phone searches

/in

Do passcodes really protect you more from warrantless phone searches than biometrics? It’s complicated.

Latest stories for ZDNET in Security – ​Read More

Hackers Breach Morocco’s Social Security Database

/in

The hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms.

The post Hackers Breach Morocco’s Social Security Database appeared first on SecurityWeek.

SecurityWeek – ​Read More

Organizations Lack Incident Response Plans, But Answers Are on the Way

/in

Developing strong incident response plans remains an area that requires significant improvement. Here are some shortcomings and how to address them.

darkreading – ​Read More

Vulnerability in OttoKit WordPress Plugin Exploited in the Wild

/in

A vulnerability in the OttoKit WordPress plugin with over 100,000 active installations has been exploited in the wild.

The post Vulnerability in OttoKit WordPress Plugin Exploited in the Wild appeared first on SecurityWeek.

SecurityWeek – ​Read More

11 Bugs Found in Perplexity AI’s Chatbot Android App

/in

Researchers characterize the company’s artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek.

darkreading – ​Read More

In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions

/in

Noteworthy stories that might have slipped under the radar: Scattered Spider still active despite arrests, hacker known as EncryptHub unmasked, Rydox admins extradited to US. 

The post In Other News: Scattered Spider Still Active, EncryptHub Unmasked, Rydox Extraditions appeared first on SecurityWeek.

SecurityWeek – ​Read More