On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a significant security vulnerability affecting ScienceLogic SL1 in its Known Exploited Vulnerabilities (KEV) list. This action comes in response to confirmed instances of active exploitation as a zero-day vulnerability. The flaw, designated as CVE-2024-9537 (scoring 9.3 on the…
Fortinet Confirms Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has identified a significant security vulnerability affecting its FortiManager product, designated as CVE-2024-47575, with a high CVSS score of 9.8. This vulnerability, also referred to as FortiJump, relates to the FGFM protocol utilized for communication between FortiGate devices and FortiManager.…
In a recent joint advisory, intelligence agencies from Australia, the U.K., and the U.S. have highlighted critical vulnerabilities that were actively exploited during 2020 and 2021. This report underscores how swiftly threat actors can capitalize on publicly disclosed weaknesses in software, posing a significant risk to various organizations worldwide. The…
Cisco Issues Critical Updates for Vulnerability in Adaptive Security Appliance Cisco Systems announced today that it has rolled out urgent security updates to address a significant vulnerability in its Adaptive Security Appliance (ASA) that has been actively exploited. This issue could result in a denial-of-service (DoS) condition, impacting the Remote…
On November 12, 2024, Microsoft disclosed that two significant security vulnerabilities affecting Windows NT LAN Manager (NTLM) and Task Scheduler have been actively exploited in the wild. These vulnerabilities were part of the November Patch Tuesday update, which addressed a total of 90 security flaws across Microsoft products. Among the…
A security vulnerability in Fortinet’s FortiClient for Windows has been exploited by the threat group known as **BrazenBamboo**, allowing them to extract VPN credentials using a modular framework named **DEEPDATA**. This exploitation was disclosed by Volexity, which reported the zero-day vulnerability’s emergence in July 2024. BrazenBamboo is also linked to…
Litigation, Network Firewalls, Network Access Control, Security Operations Pension Funds Accuse Fortinet of Misleading Market with Optimistic Refresh Forecast Michael Novinson (MichaelNovinson) • October 24, 2025 A pair of class action lawsuits have recently been filed against Fortinet, alleging violations of federal securities laws through misleading claims about a “record”…
On Wednesday, cybersecurity agencies from Australia, the U.K., and the U.S. issued a joint advisory detailing the active exploitation of vulnerabilities in Fortinet and Microsoft Exchange ProxyShell by Iranian state-sponsored threat actors. This exploitation is part of a broader effort to gain initial access into susceptible systems, subsequently enabling activities…
Recent revelations in cybersecurity highlight the increasing prevalence of long-term breaches, which often go unnoticed until substantial damage is done. A striking example is the incident involving F5, a significant player in the application delivery and security space. On August 9, 2025, F5 announced that unidentified threat actors had infiltrated…
