BleepingComputer reports that threat actors have compromised numerous Fortinet FortiWeb instances with web shells via attacks suspected to have involved publicly available exploits for the critical pre-authenticated RCE via SQL injection flaw, tracked as CVE-2025-25257.
Threat actors could leverage a quartet of Gigabyte firmware issues to facilitate UEFI security mechanism deactivation and system hijacking, SecurityWeek reports.
Thousands of organizations have been subjected to over 11.5 million attempted attacks involving the critical CitrixBleed 2 vulnerability, tracked as CVE-2025-5777, impacting Citrix NetScaler ADC and Gateway systems, according to CyberScoop.
BleepingComputer reports that intrusions leveraging the maximum severity Wing FTP Server remote code execution flaw, tracked as CVE-2025-47812, have commenced a day after the release of public details regarding the security defect, which security researcher Julien Ahrens noted to have resulted from improper Lua input sanitization and unsafe null-terminated string management.
Malicious actors could exploit a critical unauthorized SQL injection in GUI vulnerability in Fortinet FortiWeb Fabric Connector, tracked as CVE-2025-25257, to facilitate remote code execution and complete system compromise, Hackread reports.
