The Breach News

PerfektBlue Bluetooth Flaws Leave Millions of Vehicles Vulnerable to Remote Code Execution

On July 11, 2025, researchers uncovered a series of four security vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack that could enable remote code execution on millions of vehicles from various manufacturers. Named PerfektBlue, these vulnerabilities can be combined to form an exploit chain that compromises vehicles from at least three major automakers: Mercedes-Benz, Volkswagen, and Skoda, as reported by PCA Cyber Security (formerly PCAutomotive). Additionally, a fourth unnamed original equipment manufacturer (OEM) is also believed to be affected. “The PerfektBlue exploitation comprises critical memory corruption and logical vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack that can be leveraged for Remote Code Execution (RCE),” the cybersecurity firm stated. While infotainment systems are often considered isolated from essential vehicle controls, this separation is not as reliable as it might seem.

PerfektBlue Bluetooth Vulnerabilities Threaten Remote Control of Millions of Vehicles On July 11, 2025, cybersecurity experts announced the discovery of four critical vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack, collectively termed PerfektBlue. Exploiting these flaws could enable remote code execution across a vast array of vehicles manufactured by multiple vendors. This…

Read More

PerfektBlue Bluetooth Flaws Leave Millions of Vehicles Vulnerable to Remote Code Execution

On July 11, 2025, researchers uncovered a series of four security vulnerabilities within OpenSynergy’s BlueSDK Bluetooth stack that could enable remote code execution on millions of vehicles from various manufacturers. Named PerfektBlue, these vulnerabilities can be combined to form an exploit chain that compromises vehicles from at least three major automakers: Mercedes-Benz, Volkswagen, and Skoda, as reported by PCA Cyber Security (formerly PCAutomotive). Additionally, a fourth unnamed original equipment manufacturer (OEM) is also believed to be affected. “The PerfektBlue exploitation comprises critical memory corruption and logical vulnerabilities in the OpenSynergy BlueSDK Bluetooth stack that can be leveraged for Remote Code Execution (RCE),” the cybersecurity firm stated. While infotainment systems are often considered isolated from essential vehicle controls, this separation is not as reliable as it might seem.

Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware

Nov 11, 2024
Vulnerability / Network Security

Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.

The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.

Cybercriminals Leverage Excel Vulnerability to Deploy Remcos RAT Malware November 11, 2024 Vulnerability / Network Security Recent cybersecurity investigations have unearthed a phishing campaign that propagates a new fileless variant of the notorious Remcos RAT (Remote Control Software). Fortinet FortiGuard Labs, through researcher Xiaopeng Zhang, provided an in-depth analysis, revealing…

Read More

Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware

Nov 11, 2024
Vulnerability / Network Security

Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.

The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.

Hackers Search for Backdoors in High-Security Safes—and Can Now Unlock Them in Seconds

Securam Locks Face Security Scrutiny Amid Vulnerabilities Zhou, a spokesperson for Securam, recently announced plans to address security vulnerabilities uncovered by researchers Omo and Rowley in the ProLogic lock series. In a statement, he emphasized that customer security remains the company’s top priority and outlined initiatives to develop next-generation locking…

Read MoreHackers Search for Backdoors in High-Security Safes—and Can Now Unlock Them in Seconds

Human-Centered Cybersecurity: Achieving Over 90% Reduction in Phishing Risk at Two Credit Unions – Webinar

AI-Powered Cloud Next-Generation Firewalls, The Future of AI & Cybersecurity Presented by KnowBe4 60 mins In an age of increasing digital threats, financial institutions are encountering a surge of advanced cyber risks. Phishing campaigns have become exceedingly sophisticated, alongside the risks posed by misdirected communications and complex social engineering tactics…

Read MoreHuman-Centered Cybersecurity: Achieving Over 90% Reduction in Phishing Risk at Two Credit Unions – Webinar

Security Flaws in NVIDIA Triton Allow Unauthenticated Attacks to Execute Code and Compromise AI Servers

Published: August 4, 2025
Category: AI Security / Vulnerability

A newly revealed set of vulnerabilities in NVIDIA’s Triton Inference Server—an open-source platform for deploying artificial intelligence (AI) models across Windows and Linux—puts susceptible servers at risk of takeover. Researchers Ronen Shustin and Nir Ohfeld from Wiz noted in a report released today that when these flaws are exploited together, they could enable remote, unauthenticated attackers to gain full control of the server, facilitating remote code execution (RCE). The identified vulnerabilities include:

  • CVE-2025-23319 (CVSS Score: 8.1): An issue in the Python backend that allows for an out-of-bounds write via specifically crafted requests.
  • CVE-2025-23320 (CVSS Score: 7.5): A flaw in the Python backend where an attacker can exceed the shared memory limit by sending an excessively large request.
  • CVE-2025-23334 (CVSS Score: 5.9): A vulnerability in the Python backend that could lead to an out-of-bounds read.

NVIDIA Triton Vulnerabilities Enable Unauthenticated Code Execution Risks in AI Servers August 4, 2025 A critical security issue has emerged concerning NVIDIA’s Triton Inference Server, a widely used open-source platform designed for deploying artificial intelligence models on Windows and Linux systems. Recent research reveals that a set of vulnerabilities could…

Read More

Security Flaws in NVIDIA Triton Allow Unauthenticated Attacks to Execute Code and Compromise AI Servers

Published: August 4, 2025
Category: AI Security / Vulnerability

A newly revealed set of vulnerabilities in NVIDIA’s Triton Inference Server—an open-source platform for deploying artificial intelligence (AI) models across Windows and Linux—puts susceptible servers at risk of takeover. Researchers Ronen Shustin and Nir Ohfeld from Wiz noted in a report released today that when these flaws are exploited together, they could enable remote, unauthenticated attackers to gain full control of the server, facilitating remote code execution (RCE). The identified vulnerabilities include:

  • CVE-2025-23319 (CVSS Score: 8.1): An issue in the Python backend that allows for an out-of-bounds write via specifically crafted requests.
  • CVE-2025-23320 (CVSS Score: 7.5): A flaw in the Python backend where an attacker can exceed the shared memory limit by sending an excessively large request.
  • CVE-2025-23334 (CVSS Score: 5.9): A vulnerability in the Python backend that could lead to an out-of-bounds read.

Bangkok Post – Data Breach Case Serves as a Timely Reminder

In a shocking disclosure, a private hospital in Thailand recently faced severe backlash after a mini-pancake snack was found wrapped in a paper pouch containing sensitive medical information. This incident, which occurred last year, involved a reused patient record that explicitly mentioned a hepatitis B diagnosis, highlighting significant breaches of…

Read MoreBangkok Post – Data Breach Case Serves as a Timely Reminder

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb On July 11, 2025, Fortinet announced the release of urgent patches for a significant security vulnerability in FortiWeb, a web application firewall. This flaw, designated CVE-2025-25257, poses a serious risk, allowing unauthorized attackers the potential to execute arbitrary SQL commands…

Read More

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

Live Webinar: Navigating Cryptographic Sprawl – Is Your Infrastructure Ready for PQC?

Live Webinar: Transforming Cryptographic Sprawl into Solutions—Is Your Infrastructure Ready for Post-Quantum Cryptography? In a rapidly evolving digital landscape marked by increasing cyber threats, businesses are faced with the pressing question of whether their infrastructures are prepared for the impending shift to post-quantum cryptography (PQC). A live webinar titled “From…

Read More

Live Webinar: Navigating Cryptographic Sprawl – Is Your Infrastructure Ready for PQC?