Open Source Alerts

Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)

Fortinet released fixes for a critical security flaw impacting FortiWeb that could enable an unauthenticated attacker to run arbitrary database commands on susceptible instances. Tracked as CVE-2025-25257, the bug carries a CVSS score of 9.6.

CISA tags Citrix Bleed 2 as exploited, gives agencies a day to patch

The U.S. Cybersecurity & Infrastructure Security Agency has confirmed active exploitation of the CitrixBleed 2 vulnerability (CVE-2025-5777) in Citrix NetScaler ADC and Gateway and is giving federal agencies one day to apply fixes.

NVIDIA shares guidance to defend GDDR6 GPUs against Rowhammer attacks

NVIDIA is warning users to activate System Level Error-Correcting Code mitigation to protect against Rowhammer attacks on graphical processors with GDDR6 memory. New research demonstrates a Rowhammer attack against an NVIDIA A6000 GPU.

The zero-day that could've compromised every Cursor and Windsurf user

A security researcher stumbled upon a critical zero-day buried deep in the infrastructure powering today’s AI coding tools. Had it been exploited, a non-sophisticated attacker could’ve hijacked over 10 million machines with a single stroke.

Louis Vuitton says UK customer data stolen in cyber-attack

Louis Vuitton, the flagship brand of French luxury conglomerate LVMH, has confirmed a cyber-attack targeting its UK operations, resulting in the unauthorized access and theft of customer data.

Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild

A recently disclosed maximum-severity security flaw impacting the Wing FTP Server has come under active exploitation in the wild. The vulnerability, CVE-2025-47812, is a case of improper handling of null ('\0') bytes in the server's web interface.

Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord

Cryptocurrency users are the target of an ongoing social engineering campaign that employs fake startup companies to trick users into downloading malware that can drain digital assets from both Windows and macOS systems.

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

The SLOW#TEMPEST campaign employs sophisticated obfuscation techniques such as dynamic jumps and obfuscated function calls to evade detection. CFG obfuscation disrupts the predictable execution flow, complicating both static and dynamic analysis.

Anatomy of a Scattered Spider attack: A growing ransomware threat evolves

Scattered Spider is increasingly making headlines of late, evolving its techniques and broadening the scope of its criminal activities against a wider array of enterprises.

MPs Warn of “Significant” Iranian Cyber-Threat to UK

A recent report by the UK Parliament’s ISC has raised alarms over the potential for significant disruption to the UK’s petrochemical, utilities, and finance sectors, especially amid escalating geopolitical tensions.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags