Cybersecurity
Software Security & Vulnerabilities
FortiWeb Remote Code Execution Vulnerability - CVE-2025-58034 allows authenticated attackers to execute arbitrary OS commands on FortiWeb systems. This medium-severity vulnerability is being actively exploited in the wild. Source: Cybersecurity Advisors Network
Apache SkyWalking XSS Vulnerability - CVE-2025-54057 allows XSS attacks in Apache SkyWalking. Users should update to version 10.3.0 or later for protection. Source: Red Hot Cyber
Threat Intelligence & Incident Response
Microsoft November 2025 Patch Tuesday - Microsoft released updates fixing 63 security vulnerabilities across Windows, Office, and related products in November. CVE-2025-62215 and others address critical infrastructure risks. Source: Socradar
CISA Adds Oracle Vulnerability to Exploited List - CVE-2025-61757, a vulnerability in Oracle Fusion Middleware, has been added to CISA's Known Exploited Vulnerabilities Catalog due to active exploitation. Source: Decision Insights
Cloud Security
- Azure Bastion Authentication Bypass Threat - CVE-2025-49752 in Azure Bastion allows attackers to replay authentication tokens, potentially granting admin access. This critical vulnerability requires immediate attention. Source: Instagram Security Update
Container & Infrastructure Security
- Fluent Bit Critical Vulnerabilities Impact Cloud - CVE-2025-12972 and CVE-2025-12970 in Fluent Bit enable file overwriting and remote code execution through container naming. These vulnerabilities significantly impact cloud-native deployments. Source: MSN News
No comments:
Post a Comment