New Cryptographic Vulnerability: DUHK A recent cryptographic vulnerability known as DUHK, which stands for “Don’t Use Hard-coded Keys,” has emerged as a significant concern for VPN and web browsing security. This non-trivial flaw could enable attackers to extract encryption keys, potentially compromising sensitive data. The DUHK vulnerability follows closely on…
Fortinet Issues Critical Security Patches Addressing Major Vulnerabilities Fortinet has announced the release of patches to rectify 15 significant security vulnerabilities, including one labeled as critical, affecting both FortiOS and FortiProxy. This particular vulnerability, identified as CVE-2023-25610, has been rated with a severity score of 9.3 out of 10, indicating…
A new cyber incident has emerged involving an unknown threat actor exploiting a vulnerability in Fortinet’s FortiOS software. The attack has resulted in significant data loss and corruption of operating systems and files, primarily targeting government entities and large organizations. Fortinet researchers Guillaume Lovet and Alex Kong, in an advisory…
In its March 2023 Patch Tuesday update, Microsoft disclosed fixes for 80 security vulnerabilities, two of which have been actively exploited in the wild. These vulnerabilities target critical components within the Microsoft ecosystem, with eight categorized as Critical, 71 as Important, and one as Moderate in severity. This update continues…
Severe Microsoft Office Vulnerability Exploited to Deliver Cobalt Malware Recently uncovered, a critical 17-year-old vulnerability in Microsoft Office is being actively exploited by threat actors to deploy backdoor malware. This vulnerability, designated as CVE-2017-11882, allows hackers to install malicious software on targeted systems without requiring any user interaction, raising significant…
Cybersecurity Incident Roundup: Key Developments in Data Breaches and Cyber-attacks Recent weeks have seen significant cybersecurity incidents impacting various sectors, with agencies and organizations navigating the evolving landscape of cyber threats. Among the most pressing events, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings following a cyberattack…
In a recent advisory, Fortinet’s FortiGuard Labs revealed that threat actors are actively leveraging a five-year-old unpatched vulnerability affecting TBK digital video recorder (DVR) devices. This security flaw, identified as CVE-2018-9995, has a CVSS score of 9.8, categorizing it as critical. It allows remote attackers to potentially gain unauthorized access…
Government, Industry Specific, Network Firewalls, Network Access Control New Directive Mandates Replacement of Outdated Network Appliances Jennifer Lawinski • February 5, 2026 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a directive requiring federal agencies to replace potentially vulnerable network devices that have surpassed their vendor support end…
In May 2023, Microsoft released its Patch Tuesday updates, addressing 38 security vulnerabilities, including two major zero-day flaws that are currently being exploited. The updates aim to fortify Windows systems against active threats that pose significant risks to users and businesses. Trend Micro’s Zero Day Initiative has highlighted that this…
