๐ Cybersecurity
Network Security & Infrastructure
- Over 10,000 Fortinet Firewalls Vulnerable to 2FA Bypass - Despite being 5 years old, CVE-2020-12812 continues to be actively exploited against 10,000+ unpatched FortiGate devices worldwide, allowing authentication bypass. Source: Bleeping Computer
Server Security & Infrastructure
SmarterMail Critical RCE Vulnerability CVE-2025-52691 - Singapore's Cyber Security Agency warns of maximum-severity arbitrary file upload vulnerability (CVSS 10.0) enabling unauthenticated remote code execution in SmarterMail. Source: Security Affairs
IBM API Connect Authentication Bypass CVE-2025-13915 - IBM disclosed critical authentication bypass vulnerability (CVSS 9.8) in IBM API Connect allowing remote access without credentials. Source: MSN
Adobe ColdFusion Under Heavy Attack - GreyNoise observed thousands of attacks targeting a dozen Adobe ColdFusion vulnerabilities during the Christmas 2025 holiday season. Source: Security Affairs
Data Security & Privacy
- MongoBleed: MongoDB Heap Memory Leak CVE-2025-14847 - Critical MongoDB vulnerability (CVSS 8.7) allows unauthenticated attackers to leak sensitive data through zlib decompression flaws; 87,000+ instances exposed. Source: MSN
Endpoint Security
- Android Security Update: 107 Vulnerabilities Fixed - Google released one of the largest Android security batches, addressing 107 vulnerabilities across the ecosystem with 2 already under active exploitation. Source: DataCorps
Threat Intelligence & Incident Response
Top Cybersecurity Issues Shaping 2026 - Specific vulnerabilities like MongoBleed are making headlines early in 2026, signaling a year of rapid exploitation and requiring proactive incident response. Source: Substack
React2Shell Botnet Exploiting IoT Devices - RondoDox botnet campaign actively deploys React2Shell exploits against IoT devices and web-facing applications at scale. Source: Bank Info Security
Cybersecurity Tools & Platforms
- Windows Defender Firewall Service Vulnerability - CVE-2025-62468 (Important severity) affects Windows Defender Firewall, publicly disclosed on December 9, 2025. Source: CyberPress
Free Cybersecurity Courses & Certifications
- CISA Known Exploited Vulnerabilities Database - Free resource tracking vulnerabilities actively exploited in the wild, helping organizations prioritize patching efforts. Source: CVEFeed
No comments:
Post a Comment