Threat actors could leverage a quartet of Gigabyte firmware issues to facilitate UEFI security mechanism deactivation and system hijacking, SecurityWeek reports.
Thousands of organizations have been subjected to over 11.5 million attempted attacks involving the critical CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, impacting Citrix NetScaler ADC and Gateway systems, according to CyberScoop.
BleepingComputer reports that intrusions leveraging the maximum severity Wing FTP Server remote code execution flaw, tracked as CVE-2025-47812, have commenced a day after the release of public details regarding the security defect, which security researcher Julien Ahrens noted to have resulted from improper Lua input sanitization and unsafe null-terminated string management.
Malicious actors could exploit a critical unauthorized SQL injection in GUI vulnerability in Fortinet FortiWeb Fabric Connector, tracked as CVE-2025-25257, to facilitate remote code execution and complete system compromise, Hackread reports.
Schneider Electric's EcoStruxure IT Data Center Expert software for data center equipment has been affected by six significant security flaws, which could be exploited to facilitate information leaks and remote access in critical infrastructure, according to GBHackers News.
Global job search and resume-building platform LiveCareer had more than 5.1 million files belonging to job seekers inadvertently leaked as a result of an unsecured Microsoft Azure storage container, Cybernews reports.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
