Ongoing attacks involving the critical Fortinet FortiWeb SQL injection flaw, tracked as CVE-2025-25257, have prompted the security issue's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, with federal agencies urged to remediate the defect by August 8, according to Security Affairs.
At least 85 Microsoft SharePoint servers worldwide have already been breached in attacks involving a pair of critical SharePoint zero-day flaws, tracked as CVE-2025-53770 and CVE-2025-53771, which have been underway since Friday, reports BleepingComputer.
Hackread reports that Texas-based Gladney Center for Adoption had more than 1.1 million records accidentally leaked by a misconfigured customer relationship management platform enabling inter-organizational casework and communication management.
Malicious actors have exploited Apache HTTP Server and Microsoft Exchange Server flaws to facilitate the delivery of the Linuxsys cryptocurrency mining malware and GhostContainer backdoor, respectively, in separate attack campaigns, The Hacker News reports.
BleepingComputer reports that vulnerable Citrix NetScaler ADC and Gateway systems impacted by the critical CitrixBleed 2 flaw, tracked as CVE-2025-5777, have been subjected to attacks almost two weeks before the release of proof-of-concept exploits on July 4.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
