Recent investigations have revealed that four rogue packages infiltrated the Python Package Index (PyPI), executing a series of malicious operations including the deployment of malware, the removal of the netstat utility, and the manipulation of the SSH authorized_keys file. The targeted packages—aptx, bingchilling2, httops, and tkint3rs—collectively amassed around 450 downloads…
Recent cybersecurity research has revealed a significant increase in cyber threats linked to the Russian bulletproof hosting service, Proton66. Analysts have documented a variety of malicious activities that include mass scanning, credential brute-forcing, and exploitation attempts emanating from this provider, with the uptick in activity noted since January 8, 2025.…
The cybersecurity landscape has recently been shaken by the launch of a ransomware-as-a-service (RaaS) operation named VanHelsing, which has already targeted three victims since its inception on March 7, 2025. The ransoms demanded by VanHelsing have reached staggering amounts, totaling as high as $500,000. This model facilitates participation from a…
This week, cybersecurity experts reported a notable uptick in stealthy tactics employed by malicious actors, indicating that the real challenge may lie in identifying the threats that have already infiltrated systems rather than defending against external breaches. Attack methodologies increasingly leverage AI to manipulate public opinion, while malware masquerades within…
AI-Powered Cloud Next-Generation Firewalls, Network Firewalls, Network Access Control, Security Operations Cisco Gains Recognition While HPE Juniper Emerges as a Challenger in New Hybrid Mesh Firewall Rankings Michael Novinson (MichaelNovinson) • August 29, 2025 The initial Magic Quadrant for hybrid mesh firewalls from Gartner has identified industry leaders, with Palo…
Fortinet Addresses CVE-2025-32756: Critical Zero-Day RCE Vulnerability in FortiVoice Systems
May 14, 2025
Vulnerability / Network Security
Fortinet has issued a fix for a severe security vulnerability exploited as a zero-day in attacks against FortiVoice enterprise phone systems. Identified as CVE-2025-32756, this flaw has a high CVSS score of 9.6 out of 10.0. According to the company’s advisory, “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may enable a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.” Fortinet has confirmed that the flaw has been actively exploited in the wild within FortiVoice systems, although details regarding the scope of the attacks and the identities of the attackers remain undisclosed. Notably, the attacker engaged in network scans of devices, deleted system crash logs, and enabled FCGI debugging to capture credentials from the system and SSH login attempts. The vulnerability impacts the following products and versions: FortiCamera 1.1, 2.0 (Update to a secure release recommended).
Fortinet Addresses Critical Zero-Day RCE Vulnerability in FortiVoice Systems On May 14, 2025, cybersecurity provider Fortinet announced the resolution of a significant security vulnerability identified as CVE-2025-32756. This flaw, which carries a critical CVSS score of 9.6, has reportedly been exploited in live attacks against FortiVoice enterprise phone systems. The…
Fortinet Addresses CVE-2025-32756: Critical Zero-Day RCE Vulnerability in FortiVoice Systems
May 14, 2025
Vulnerability / Network Security
Fortinet has issued a fix for a severe security vulnerability exploited as a zero-day in attacks against FortiVoice enterprise phone systems. Identified as CVE-2025-32756, this flaw has a high CVSS score of 9.6 out of 10.0. According to the company’s advisory, “A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may enable a remote unauthenticated attacker to execute arbitrary code or commands via specially crafted HTTP requests.” Fortinet has confirmed that the flaw has been actively exploited in the wild within FortiVoice systems, although details regarding the scope of the attacks and the identities of the attackers remain undisclosed. Notably, the attacker engaged in network scans of devices, deleted system crash logs, and enabled FCGI debugging to capture credentials from the system and SSH login attempts. The vulnerability impacts the following products and versions: FortiCamera 1.1, 2.0 (Update to a secure release recommended).
Fortinet Alerts: Attackers Maintain Read-Only Access to FortiGate Devices After Patching Using SSL-VPN Symlink Exploit
April 11, 2025
Network Security / Vulnerability
Fortinet has disclosed that cybercriminals have discovered a method to preserve read-only access to compromised FortiGate devices, even after vulnerabilities exploited for initial breaches have been patched. The attackers reportedly utilized known security weaknesses, including CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. “A threat actor exploited a known vulnerability to establish read-only access to affected FortiGate devices,” the network security firm stated in an advisory released Thursday. “This was accomplished by creating a symbolic link that connects the user file system with the root file system in a directory used for SSL-VPN language files.” Fortinet noted that these alterations occurred within the user file system and were able to evade detection, leaving the symlink intact even after the original vulnerabilities were remedied. This situation has enabled the attackers to retain access…
Fortinet Warns of Persistent Access Threats to FortiGate Devices Post-Patching On April 11, 2025, Fortinet disclosed concerning information regarding a persistent security vulnerability affecting its FortiGate devices. The network security firm reported that cybercriminals have successfully established read-only access to affected devices, even after the vulnerabilities exploited to initially breach…
Fortinet Alerts: Attackers Maintain Read-Only Access to FortiGate Devices After Patching Using SSL-VPN Symlink Exploit
April 11, 2025
Network Security / Vulnerability
Fortinet has disclosed that cybercriminals have discovered a method to preserve read-only access to compromised FortiGate devices, even after vulnerabilities exploited for initial breaches have been patched. The attackers reportedly utilized known security weaknesses, including CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. “A threat actor exploited a known vulnerability to establish read-only access to affected FortiGate devices,” the network security firm stated in an advisory released Thursday. “This was accomplished by creating a symbolic link that connects the user file system with the root file system in a directory used for SSL-VPN language files.” Fortinet noted that these alterations occurred within the user file system and were able to evade detection, leaving the symlink intact even after the original vulnerabilities were remedied. This situation has enabled the attackers to retain access…
July 11, 2023
Ransomware / Windows Security
A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…
Warning: Big Head Ransomware on the Rise via Fake Windows Updates July 11, 2023 – BreachSpot.com A new strain of ransomware known as Big Head is gaining traction, being distributed through a targeted malvertising campaign that masquerades as counterfeit Microsoft Windows updates and Word installers. This ransomware was first identified…
July 11, 2023
Ransomware / Windows Security
A newly emerging ransomware known as Big Head is spreading via a malvertising campaign that masquerades as fake Microsoft Windows updates and Word installers. Initially identified by Fortinet FortiGuard Labs last month, multiple variants of this ransomware have been found, all designed to encrypt files on victims’ devices in exchange for cryptocurrency payments. According to Fortinet researchers, “One variant of the Big Head ransomware presents a fake Windows Update, suggesting it may also be distributed as counterfeit updates.” Another variant features a Microsoft Word icon, indicating its distribution as fraudulent software. The majority of Big Head samples reported so far are from the U.S., Spain, France, and Turkey. Recent analysis by Trend Micro has further explored this .NET-based ransomware, highlighting its capability to deploy three encrypted binaries: 1.exe for propagation…
On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which are subject to active exploitation. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The details of the vulnerabilities are as follows:
CISA Updates KEV Catalog with Three Critical Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog to include three significant security flaws. These vulnerabilities have been identified as actively exploited and are associated…
On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which are subject to active exploitation. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The details of the vulnerabilities are as follows:
