News

Exploits for pre-auth Fortinet FortiWeb RCE flaw released, patch now
Proof-of-concept exploits have been released for a critical SQLi vulnerability in Fortinet FortiWeb that can be used to ...
The zero-day that could've compromised every Cursor and Windsurf user
Learn how one overlooked flaw in OpenVSX discovered by Koi Secureity could've let attackers hijack millions of dev machines ...
The Hacker News20h
Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
Fortinet fixes a critical SQL injection vulnerability in FortiWeb (CVE-2025-25257), posing risks to database security.
Pen Test Partners23h
Sil3ncer Deployed – RCE, Porn Diversion, and Ransomware on an SFTP-only Server
TL;DR Introduction We investigated a ransomware incident on a Windows Server 2012 host running in an SFTP-only role. The ...
JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem
JFrog disclosed CVE-2025-6514, a critical vulnerability in the mcp-remote project that allows for remote code execution.
LiveLaw17h
DigiPub Moves Karnataka High Court Supporting X Corp's Plea Against Take Down Orders, Says 92 Media Houses 'At Mercy' Of Centre
While opposing the Centre's content takedown directives, DigiPub News India Foundation has moved the Karnataka High Court on ...
For July, a ‘big, broad’ Patch Tuesday release
Microsoft this month pushed out 133 patches for a broad swatch of software and apps and plugged a zero-day flaw in SQL Server ...
Code smuggling loophole in Wing FTP is attacked
Attackers are exploiting a vulnerability in the Wing FTP data transfer software that allows malicious code to be injected.