Vulnerabilities

CISA warns about WinRAR vulnerability The US Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability affecting WinRAR compression software to its catalog of Known Exploited Vulnerabilities (KEV), citing evidence of active exploitation. The vulnerability, tracked as CVE-2025-6218 (CVSS score: 7.8), is a path traversal flaw that could allow code execution. To be exploited, it requires a target to visit a malicious web page or open a malicious file. ...

Fortinet, Ivanti, and SAP have released updates to address critical security flaws in their products. These vulnerabilities could allow authentication bypass or remote code execution if successfully exploited. Fortinet Critical Vulnerabilities (CVE-2025-59718 and CVE-2025-59719) Fortinet has addressed two critical vulnerabilities (CVSS 9.8) affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager. The flaws, identified as CVE-2025-59718 and CVE-2025-59719, are due to incorrect verification of the cryptographic signature (CWE-347). Impact: An unauthenticated attacker could bypass FortiCloud SSO login authentication via a crafted SAML message, if the FortiCloud SSO feature is enabled on the device. Temporary Mitigation: While this feature is not enabled by default, administrators should verify if it was enabled during device registration in FortiCare. It is recommended to temporarily disable the FortiCloud login feature until the update can be applied. Mitigation Instructions: ...

A recent investigation has revealed more than 30 security vulnerabilities in several Integrated Development Environments (IDEs) powered by artificial intelligence (AI). These flaws, collectively called “IDEsaster”, combine prompt injection primitives with legitimate IDE features to achieve data exfiltration and remote code execution (RCE). Security researcher Ari Marzouk (MaccariTA) discovered that the vulnerabilities affect popular IDEs and extensions such as Cursor, Windsurf, Kiro.dev, GitHub Copilot, Zed.dev, Roo Code, Junie and Cline, among others. Of these, 24 vulnerabilities have been given CVE identifiers. ...

Vulnerability Description CVE-2025-12744 is an OS Command Injection vulnerability found in the Automatic Bug Reporting Tool (ABRT) daemon. Technical Details The ABRT daemon copies up to 12 characters from untrusted user-supplied input. These characters are inserted directly into a shell command: docker inspect %s without proper validation. An unprivileged local user can create a payload that injects shell metacharacters. The ABRT process, running as root, executes commands controlled by the attacker. This allows privilege escalation, granting the attacker full root privileges. The vulnerability does not require user interaction, but does require local access. CVSS 3.1: 8.8 (High), reflecting a high impact on confidentiality, integrity and availability, and low exploitation complexity. The root of the problem is insecure handling of shell commands and lack of input validation. Potential Impact ...

Microsoft has quietly fixed a security vulnerability that has been exploited by multiple threat actors since 2017. The fix was included in the November 2025 Patch Tuesday updates. The vulnerability, tracked as CVE-2025-9491 (CVSS score: 7.8/7.0), is a “misinterpretation of the Windows shortcut file (LNK) user interface” flaw that could lead to remote code execution. Vulnerability Details (CVE-2025-9491) The vulnerability lies in how Windows handles .LNK files. The main problem is that a shortcut file can be manipulated to hide malicious commands from the user who inspects the file through the user interface. ...

Security researchers have revealed a critical vulnerability in Avast Free Antivirus that could allow attackers to gain elevated system privileges and execute malicious code with kernel-level access. The vulnerability, tracked as CVE-2025-3500, received a high CVSS score of 8.8 and was made public on April 24, 2025, after Avast issued a patch. Technical Details of the Vulnerability The security flaw resides in the Avast Free Antivirus aswbidsdriver kernel driver and is caused by incorrect validation of user-supplied data. ...

Ontinue security researchers have discovered a “cross-tenant blind spot” in Microsoft Teams that allows attackers to bypass Microsoft Defender for Office 365 protections using the guest access feature. The problem is that when a user operates as a guest in an external tenant, their security protections are determined entirely by the hosting environment, and not by the security policies of their home organization. This fundamental architectural gap opens the door to attack scenarios where users become unprotected guests in a malicious environment controlled by the attacker. ...

Cybersecurity researchers have discovered vulnerable code in outdated Python packages that could pave the way for a supply chain compromise attack on the Python Package Index (PyPI) via a domain takeover technique. Software supply chain security company ReversingLabs identified the vulnerability in bootstrap files provided by a build and deployment automation tool called zc.buildout. The Risk of Takeover by Legacy Packages The problem lies in an old bootstrap script (bootstrap.py) that was used with zc.buildout to initialize the environment. This script had the ability to install the “Distribute” packaging utility, a short-lived fork of the Setuptools project. To do this, the Distribute installation script (distribute_setup.py) is downloaded from the python-distribute[.]org domain. ...

Mattermost Critical Vulnerability Summary A default configuration in Mattermost, an open source collaboration platform used by enterprises and government agencies, exposes deployments to critical Account Takeover risk. The vulnerability, identified as CVE-2025-12421, allows an attacker, via a single request, to hijack any user account on the system. Technical Details of CVE-2025-12421 The flaw lies in Mattermost’s authentication flow, specifically its handling of switching between different authentication methods (such as email/password to OAuth). The problem is in the /users/login/sso/code-exchange endpoint. ...

New research has revealed that organizations in sensitive industries, such as governments, telecommunications, and critical infrastructure, are exposing passwords and credentials by pasting them into online code formatting and validation tools such as JSONformatter and CodeBeautify. Cybersecurity company watchTowr Labs captured a data set of more than 80,000 files from these sites, uncovering thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, cloud environment keys, LDAP configuration information, and API keys. ...