FortiSIEM gets an urgent fix for unauthenticated RCE Fortinet patched CVE-2025-64155 (CVSS 9.4), an OS command injection in FortiSIEM’s phMonitor service (TCP 7900) that allows unauthenticated RCE on Super/Worker nodes. The flaw enables argument injection leading to arbitrary file write and privilege escalation to root via a cron-executed script path. A PoC was released by […]
When your AI “helper” quietly becomes a super-user A contributed analysis argues organisational AI agents (shared, broad-permission service identities) can bypass traditional user-level controls. Because actions execute under the agent’s identity, users with limited access can indirectly trigger privileged operations, with attribution blurred in logs. The piece recommends mapping agent identities to sensitive assets, monitoring […]
WordPress “Modular DS” plugin — active exploitation A CVSS 10 flaw (CVE-2026-23550) in the Modular DS WordPress plugin (≤ 2.5.1; ~40k installs) allows unauthenticated admin takeover via a routing design that bypasses authentication when “direct request” mode is enabled. Attackers can hit /api/modular-connector/login/ to gain admin access, then create new admin users or extract data. […]
Cisco patches 0-day RCE in Secure Email Gateway Cisco released fixes for CVE-2025-20393 (CVSS 10) in AsyncOS for Secure Email Gateway and Secure Email & Web Manager after confirming a China-linked APT (UAT-9686) had exploited it as a zero-day. The flaw stems from insufficient HTTP request validation in the Spam Quarantine feature and can yield […]
FortiWeb under pressure: patch now, not later. Fortinet warned that FortiWeb has a vulnerability (CVE-2025-58034) exploited in the wild, alongside a separate, more severe path-traversal (CVE-2025-64446) fixed in 8.0.2. The flaws can allow unauthenticated attackers to run admin commands or inject OS commands. Customers should upgrade to patched versions immediately and review logs for compromise […]
7-Zip: tidy little utility, messy little bug. A 7-Zip flaw (CVE-2025-11001) involving symbolic links has drawn urgent warnings. The Hacker News notes advisories that said the bug is being exploited, with fixes in 7-Zip 25.00. Admins should upgrade and be cautious opening archives from untrusted sources. (Note: subsequent NHS updates clarified they’d seen PoC availability […]
Grafana CVSS 10.0 SCIM flaw Grafana fixed a CVSS 10.0 vulnerability in SCIM (Enterprise editions) that could let attackers sign in as admin. The bug was discovered internally on 4 Nov 2025; patches followed quickly. Grafana Cloud wasn’t affected. Admins should upgrade to the fixed versions immediately and review access logs for suspicious logins. This […]
Oracle Identity Manager under fire — CISA sounds the alarm. CISA added a critical Oracle Identity Manager flaw to the Known Exploited Vulnerabilities (KEV) catalogue, citing live attacks. The issue (CVSS ~9.8) enables remote code execution and full takeover of identity infrastructure if left unpatched. Agencies must remediate by the KEV deadline; enterprises should treat […]
WSUS abused to drop ShadowPad — patch first, ask questions after. Threat actors are abusing a freshly patched WSUS flaw (CVE-2025-59287) to push ShadowPad malware and gain full SYSTEM access. Reports note attackers chaining living-off-the-land tools (PowerShell, certutil, curl) and DLL side-loading to land ShadowPad after initial WSUS abuse. Mitigation is straightforward: apply Microsoft’s out-of-band […]
