Fortinet on Wednesday said it observed “recent abuse” of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations. The vulnerability in question is CVE-2020-12812 (CVSS score: 5.2), an improper authentication vulnerability in SSL VPN in…
Category: EN
Scams target MENA region, pen testers accused of blackmail, DDoS protection faces fresh challenges
Coordinated scams target MENA region Pen Test Partners accused of ‘blackmail’ Hackers steal record $2.7B in crypto in 2025 Thanks to our episode sponsor, ThreatLocker Want real Zero Trust training? Zero Trust World 2026 delivers hands-on labs and workshops that…
Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls
Cybercriminals are actively abusing a long-patched Fortinet FortiGate flaw from July 2020, slipping past two-factor authentication (2FA) on firewalls and potentially granting unauthorized access to VPNs and admin consoles. Fortinet’s PSIRT team detailed the in-the-wild attacks in a recent blog…
Quantum-resistant key management for AI model deployments.
Discover how quantum-resistant key management secures AI model deployments, protecting against quantum computing threats with advanced encryption and zero-trust strategies. The post Quantum-resistant key management for AI model deployments. appeared first on Security Boulevard. This article has been indexed from…
Product Security Advisory and Analysis: Observed Abuse of FG-IR-19-283
This blog analysis describes the observed abuse and provides additional context so that administrators can confirm that they are not impacted and guidance based on Fortinet observations to prevent FG-IR-19-283 from being exploited. This article has been indexed from…
Microsoft Unveils Hardware-Accelerated BitLocker to Enhance Performance and Security
Microsoft has announced hardware-accelerated BitLocker, a significant security enhancement designed to eliminate performance bottlenecks caused by encryption on modern high-speed NVMe drives. The new technology addresses growing concerns about CPU overhead as storage devices become faster, particularly for users running…
Are the high costs of AI security tools justified
How Can Organizations Justify the Investment in AI Security Tools? Do the benefits of AI security tools truly justify their costs? Where organizations increasingly shift towards cloud environments, there’s a growing need to address security gaps, especially concerning Non-Human Identities…
Can advanced IAM solutions reassure companies on NHI security
How Can Your Organization Ensure NHI Security with IAM Solutions? Have you ever wondered how secure your organization’s machine identities are? Non-Human Identities (NHIs) play a crucial role, especially with the increasing dependency on cloud environments. With the advent of…
How powerful are new age AI-driven cybersecurity tools
How Do AI-Driven Cybersecurity Tools Transform Non-Human Identity Management? Where technology constantly evolves, how do organizations manage the security of their non-human identities (NHIs)? These machine identities play a crucial role, acting as both a gatekeeper and a potential security…
Baker University Data Breach Hits 53,000
The advanced persistent threat actor Infy has been active for over two decades, making it one of the oldest known hacking groups associated with Iran. This article has been indexed from CyberMaterial Read the original article: Baker University Data Breach…
2025 – Excelling at the Edge of Burnout
A look at my year: moving back to technical work, recovering from shoulder surgery, diving into photography, and building tools, blogs and labs. This article has been indexed from ZephrSec – Adventures In Information Security Read the original article: 2025…
Penetration Testing Strategy: How to Make Your Tests Practical, Repeatable, and Risk-Reducing
Penetration testing — “pentesting” — still surprises teams. Some treat it as a checkbox before launch; others expect it to magically find every vulnerability. The truth sits in the middle: a well-planned penetration testing strategy turns a point-in-time assessment into…
FBI seized ‘web3adspanels.org’ hosting stolen logins
The U.S. seized the ‘web3adspanels.org’ domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybercriminals used it to store bank login credentials stolen from U.S. victims. A…
NDSS 2025 – LAMP: Lightweight Approaches For Latency Minimization In Mixnets With Practical Deployment Considerations
Session 7A: Network Security 2 Authors, Creators & Presenters: Mahdi Rahimi (KU Leuven), Piyush Kumar Sharma (University of Michigan), Claudia Diaz (KU Leuven) PAPER LAMP: Lightweight Approaches For Latency Minimization In Mixnets With Practical Deployment Considerations Mixnets are a type…
Randall Munroe’s XKCD ‘Satellite Imagery’
via the cosmic humor & dry-as-interstellar-space wit of Randall Munroe, creator of XKCD Permalink The post Randall Munroe’s XKCD ‘Satellite Imagery’ appeared first on Security Boulevard. This article has been indexed from Security Boulevard Read the original article: Randall Munroe’s…
Pen testers accused of ‘blackmail’ after reporting Eurostar chatbot flaws
AI goes off the rails … because of shoddy guardrails Researchers at Pen Test Partners found four flaws in Eurostar’s public AI chatbot that, among other security issues, could allow an attacker to inject malicious HTML content or trick the…
U.S. Authorities Shut Down Online Network Selling Fake Identity Templates
United States federal authorities have taken down an online operation accused of supplying tools used in identity fraud across multiple countries. The case centers on a Bangladeshi national who allegedly managed several websites that sold digital templates designed to…
M-Files Vulnerability Allows Attackers to Steal Active User Session Tokens
A critical security vulnerability in M-Files Server could allow authenticated attackers to capture active user session tokens via the M-Files Web interface, enabling identity impersonation and unauthorized access to sensitive information. The flaw, tracked as CVE-2025-13008, was disclosed on December…
Israeli Organizations Targeted by AV-Themed Malicious Word and PDF Files
SEQRITE Labs’ Advanced Persistent Threat (APT) Team has uncovered a sophisticated campaign targeting Israeli organizations through weaponized Microsoft Word and PDF documents disguised as legitimate antivirus software. The operation, tracked as UNG0801 or “Operation IconCat,” exploits the trusted branding of…
NVIDIA Isaac Vulnerabilities Enable Remote Code Execution Attacks
NVIDIA released critical security updates for its Isaac Launchable platform on December 23, 2025, addressing three severe vulnerabilities that could allow unauthenticated attackers to execute arbitrary code remotely. All three flaws carry a maximum CVSS score of 9.8, placing them…