CVE-2025-24893 could let attackers perform remote code execution to facilitate cryptomining.
Category: patchconfiguration-management
Global Security News, patchconfiguration-management, Threat Intelligence, Vulnerability Management
Attacks involving critical Fortinet FortiWeb bug underway
SecurityWeek reports that vulnerable Fortinet FortiWeb instances impacted by the critical relative path traversal flaw, tracked as CVE-2025-64446, were noted by Fortinet and the Cybersecurity and Infrastructure Security Agency to have been subjected to ongoing attacks, with CISA urging federal agencies to remediate the bug by Nov. 21.
Exploits, Global Security News, Network Security, patchconfiguration-management, Vulnerability Management
Cisco patches critical 10.0 bug in Unified CM systems
A successful exploit could let an attacker log-in as the root user.
Global Security News, patchconfiguration-management, Vulnerability Management
Maximum severity Cisco Unified CM vulnerability resolved
Affected by the vulnerability, which stems from the availability of static user credentials for root accounts during development, were Cisco Unified CM and Unified CM SME Engineering Special releases 15.0.1.13010-1 to 15.0.1.13017-1.
Exploits, Global Security News, patchconfiguration-management, Threat Intelligence, Vulnerability Management
Actively exploited Chrome zero-day addressed
Updates have been issued by Google to resolve an actively exploited zero-day vulnerability impacting its Chrome browser, tracked as CVE-2025-6554, which is the fourth Chrome zero-day addressed by Google so far this year, The Hacker News reports.
critical-infrastructure-security, Exploits, Global Security News, patchconfiguration-management, Vulnerability Management
Remote attacks likely with severe Microsens vulnerabilities
SecurityWeek reports that organizations, particularly those in critical infrastructure sectors, could be remotely compromised through the exploitation of a trio of flaws impacting Microsens’ NMP Web+ offering, which allows management of industrial switches and other network equipment.
Global Security News, patchconfiguration-management, Vulnerability Management
Thousands of Citrix NetScaler instances remain vulnerable to actively exploited bugs
Almost 1,289 Citrix NetScaler ADC and NetScaler Gateway servers continue to be at risk of intrusions involving the critical out-of-bounds memory vulnerability CVE-2025-5777, dubbed as “Citrix Bleed 2”, while 2,100 instances remain vulnerable to the critical memory overflow issue, tracked as CVE-2025-6543, following the release of fixes last week, according to Cyber Security News.
Global Security News, patchconfiguration-management, Vulnerability Management
Attacks involving critical Citrix NetScaler bug underway
Threat actors were observed by ReliaQuest to have been leveraging the recently disclosed critical Citrix NetScaler Gateway vulnerability, tracked as CVE-2025-5777, to facilitate initial systems compromise, according to Cybersecurity Dive.
Application Security, Data Security, Global Security News, patchconfiguration-management
Misconfiguration exposes data from over 3.6M Passion.io users, creators
Major app-building platform Passion.io had data from over 3.6 million creators and users inadvertently leaked by an exposed database, reports Hackread.