Google Issues Alert on ShinyHunters Attack Campaign Targeting Gmail Users Google has recently issued a significant security warning regarding the ShinyHunters hacking group, which has utilized Gmail to conduct attacks on users. This alert highlights the potential vulnerabilities affecting millions, as the group has gained access to sensitive data during…
Fortinet Addresses CVE-2025-32756: Critical Zero-Day RCE Vulnerability in FortiVoice Systems
May 14, 2025
Vulnerability / Network Security
Fortinet has issued a fix for a severe security vulnerability exploited as a zero-day in attacks against FortiVoice enterprise phone systems. Identified as CVE-2025-32756, this flaw has a high CVSS score of 9.6 out of 10.0. According to the company’s advisory, “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may enable a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.” Fortinet has confirmed that the flaw has been actively exploited in the wild within FortiVoice systems, although details regarding the scope of the attacks and the identities of the attackers remain undisclosed. Notably, the attacker engaged in network scans of devices, deleted system crash logs, and enabled FCGI debugging to capture credentials from the system and SSH login attempts. The vulnerability impacts the following products and versions: FortiCamera 1.1, 2.0 (Update to a secure release recommended).
Fortinet Addresses Critical Zero-Day RCE Vulnerability in FortiVoice Systems On May 14, 2025, cybersecurity provider Fortinet announced the resolution of a significant security vulnerability identified as CVE-2025-32756. This flaw, which carries a critical CVSS score of 9.6, has reportedly been exploited in live attacks against FortiVoice enterprise phone systems. The…
Fortinet Addresses CVE-2025-32756: Critical Zero-Day RCE Vulnerability in FortiVoice Systems
May 14, 2025
Vulnerability / Network Security
Fortinet has issued a fix for a severe security vulnerability exploited as a zero-day in attacks against FortiVoice enterprise phone systems. Identified as CVE-2025-32756, this flaw has a high CVSS score of 9.6 out of 10.0. According to the company’s advisory, “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may enable a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.” Fortinet has confirmed that the flaw has been actively exploited in the wild within FortiVoice systems, although details regarding the scope of the attacks and the identities of the attackers remain undisclosed. Notably, the attacker engaged in network scans of devices, deleted system crash logs, and enabled FCGI debugging to capture credentials from the system and SSH login attempts. The vulnerability impacts the following products and versions: FortiCamera 1.1, 2.0 (Update to a secure release recommended).
Mar 31, 2023
Cyber Espionage / APT
The advanced persistent threat (APT) group known as Winter Vivern is currently focusing its cyber espionage efforts on officials in Europe and the U.S. According to a recent report by Proofpoint, this group, also referred to as TA473, has been exploiting an unpatched Zimbra vulnerability in publicly accessible webmail portals since at least February 2023. This vulnerability allows them to access the email accounts of government bodies across Europe.
Proofpoint has identified the group’s activities as closely aligned with the geopolitical objectives of Russia and Belarus. While Winter Vivern may not be the most sophisticated actor, its persistence is notable. Recently, the group has been linked to cyber attacks on state authorities in Ukraine and Poland, as well as government officials in India, Lithuania, Slovakia, and the Vatican. The ongoing wave of intrusions related to NATO involves exploitation of CVE…
Winter Vivern APT Exploits Zimbra Vulnerability to Target European Government Entities March 31, 2023 – A new report from Proofpoint reveals that the advanced persistent threat (APT) group known as Winter Vivern is actively engaged in a cyber espionage campaign directed at government officials across Europe and the United States.…
Mar 31, 2023
Cyber Espionage / APT
The advanced persistent threat (APT) group known as Winter Vivern is currently focusing its cyber espionage efforts on officials in Europe and the U.S. According to a recent report by Proofpoint, this group, also referred to as TA473, has been exploiting an unpatched Zimbra vulnerability in publicly accessible webmail portals since at least February 2023. This vulnerability allows them to access the email accounts of government bodies across Europe.
Proofpoint has identified the group’s activities as closely aligned with the geopolitical objectives of Russia and Belarus. While Winter Vivern may not be the most sophisticated actor, its persistence is notable. Recently, the group has been linked to cyber attacks on state authorities in Ukraine and Poland, as well as government officials in India, Lithuania, Slovakia, and the Vatican. The ongoing wave of intrusions related to NATO involves exploitation of CVE…
Artificial Intelligence & Machine Learning, Cloud Security, Governance & Risk Management Leonard Bertelli from FPT Discusses the Shift from Reactive Monitoring to Proactive Insights Yamini Kalra • August 29, 2025 Leonard Bertelli, Senior Vice President, Enterprise and AI Solutions, FPT Americas Once regarded as a niche area of engineering, observability…
A coalition of international cybersecurity organizations, spearheaded by the UK’s National Cyber Security Centre (NCSC), has publicly implicated three technology firms based in China in a sustained global cyberattack campaign. In a recent advisory, the NCSC and partners from twelve nations—including the United States, Australia, Canada, New Zealand, Czech Republic,…
This week, TransUnion announced a significant cybersecurity incident that has compromised the personal information of over 4.4 million individuals. The breach, which occurred on July 28, was uncovered two days later, leading to notification letters being dispatched to affected consumers starting August 26. In the notification letter, TransUnion informed recipients…
Microsoft Resolves 78 Vulnerabilities, Including 5 Actively Exploited Zero-Days; CVSS 10 Flaw Affects Azure DevOps Server
May 14, 2025
Endpoint Security / Vulnerability
Microsoft has released updates addressing 78 security vulnerabilities across its software, including five zero-days currently being exploited in the wild. Among these flaws, 11 are classified as Critical, 66 as Important, and one as Low in severity. The patches include 28 vulnerabilities that enable remote code execution, 21 related to privilege escalation, and 16 classified as information disclosure issues. This release also coincides with fixes for eight security flaws found in the Chromium-based Edge browser since last month’s Patch Tuesday. The details of the actively exploited vulnerabilities are as follows:
Microsoft Addresses 78 Security Flaws, Including Five Active Exploits; Azure DevOps Server Affected On May 14, 2025, Microsoft released critical updates aimed at remedying a total of 78 security vulnerabilities discovered across its software portfolio. Notably, among these vulnerabilities are five zero-days that have been actively exploited in the wild,…
Microsoft Resolves 78 Vulnerabilities, Including 5 Actively Exploited Zero-Days; CVSS 10 Flaw Affects Azure DevOps Server
May 14, 2025
Endpoint Security / Vulnerability
Microsoft has released updates addressing 78 security vulnerabilities across its software, including five zero-days currently being exploited in the wild. Among these flaws, 11 are classified as Critical, 66 as Important, and one as Low in severity. The patches include 28 vulnerabilities that enable remote code execution, 21 related to privilege escalation, and 16 classified as information disclosure issues. This release also coincides with fixes for eight security flaws found in the Chromium-based Edge browser since last month’s Patch Tuesday. The details of the actively exploited vulnerabilities are as follows:
April 4, 2023
Cryptocurrency / Cyber Attack
A sophisticated supply chain attack on 3CX has led to a second-stage implant specifically targeting a select number of cryptocurrency firms. Kaspersky, a Russian cybersecurity company, has been monitoring this adaptable backdoor, known as Gopuram, since 2020. They noted a surge in infections coinciding with the March 2023 3CX breach. Gopuram’s main purpose is to connect to a command-and-control (C2) server, enabling attackers to interact with the victim’s file system, initiate processes, and execute up to eight in-memory modules. The malware has ties to North Korea, as it has been found on victim machines alongside AppleJeus, another backdoor linked to the Korean-speaking Lazarus group, which previously targeted a cryptocurrency company in Southeast Asia in 2020. This recent focus on cryptocurrency firms underscores a troubling trend.
Cryptocurrency Firms Targeted in Advanced 3CX Supply Chain Attack On April 4, 2023, cybersecurity reports emerged detailing a sophisticated supply chain attack targeting the 3CX communication software, with a specific focus on a select group of cryptocurrency companies. The cyber threat actors employed a second-stage implant, which has been internally…
April 4, 2023
Cryptocurrency / Cyber Attack
A sophisticated supply chain attack on 3CX has led to a second-stage implant specifically targeting a select number of cryptocurrency firms. Kaspersky, a Russian cybersecurity company, has been monitoring this adaptable backdoor, known as Gopuram, since 2020. They noted a surge in infections coinciding with the March 2023 3CX breach. Gopuram’s main purpose is to connect to a command-and-control (C2) server, enabling attackers to interact with the victim’s file system, initiate processes, and execute up to eight in-memory modules. The malware has ties to North Korea, as it has been found on victim machines alongside AppleJeus, another backdoor linked to the Korean-speaking Lazarus group, which previously targeted a cryptocurrency company in Southeast Asia in 2020. This recent focus on cryptocurrency firms underscores a troubling trend.
Governance & Risk Management, Operational Technology (OT), Video CISO Tammy Klotz Highlights Peer Support Ahead of ManuSec 2025 Cecilia Limonta • August 15, 2025 Tammy Klotz, CISO, Trinseo In the realm of manufacturing, organizations encounter a myriad of challenges in securing their Operational Technology (OT) and Information Technology (IT) systems.…
