Network Security

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution

Hewlett Packard Enterprise (HPE) has addressed a critical security vulnerability in its OneView software that, if exploited, could allow remote code execution without authentication. The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, highlighting its severity. HPE OneView is an IT infrastructure management platform that provides centralized control over systems and operations […]

HPE OneView Flaw CVSS 10.0 Enables Unauthenticated Remote Code Execution Read More »

SonicWall Patches Actively Exploited CVE-2025-40602 in SMA 100 Appliances

SonicWall has released security updates to address an actively exploited vulnerability affecting its Secure Mobile Access SMA 100 series appliances. The company confirmed that the flaw has been observed in real world attacks, prompting an urgent call for customers to apply the available fixes. The issue, tracked as CVE-2025-40602 with a CVSS score of 6.6,

SonicWall Patches Actively Exploited CVE-2025-40602 in SMA 100 Appliances Read More »

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass

Cybersecurity researchers have confirmed active attacks on Fortinet FortiGate devices exploiting two recently disclosed authentication vulnerabilities, less than a week after they were made public. Arctic Wolf, a cybersecurity firm, reported observing malicious single sign-on (SSO) login attempts on FortiGate appliances on December 12, 2025. The attacks target two critical authentication bypass flaws, tracked as

Fortinet FortiGate Under Active Attack via SAML SSO Authentication Bypass Read More »

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE

Cybersecurity researchers have revealed multiple serious security flaws in the open source PBX platform FreePBX, including issues that could allow attackers to bypass authentication and achieve remote code execution under specific configurations. The vulnerabilities were identified by researchers at Horizon3.ai and responsibly disclosed to the FreePBX maintainers on September 15, 2025. According to the findings,

FreePBX Fixes Critical SQL Injection, File Upload, and AUTHTYPE Bypass Flaws Leading to RCE Read More »

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high severity flaw affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The vulnerability, tracked as CVE-2018-4063, allows remote code execution (RCE) through a specially crafted HTTP request. CVE-2018-4063 Overview The vulnerability involves an unrestricted

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks Read More »

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code

Cybersecurity researchers are warning of ongoing attacks targeting Gladinet CentreStack and Triofox deployments, where threat actors are actively exploiting a weakness caused by hard coded cryptographic keys. According to new findings from Huntress, at least nine organizations have already been impacted. Security researcher Bryan Masters explained that the flaw allows attackers to access sensitive configuration

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code Read More »

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways

JPCERT/CC has confirmed that a command injection vulnerability in Array Networks AG Series secure access gateways has been actively exploited since August 2025. The alert, released this week, warns organizations to take immediate protective measures. The vulnerability, which has not yet received a CVE identifier, was addressed by Array Networks on May 11, 2025. It

JPCERT Confirms Active Command Injection Attacks Targeting Array AG Gateways Read More »

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update

Microsoft has announced a major update to strengthen the security of Entra ID authentication. Starting in October 2026, the company will block unauthorized script injection attacks through a revised Content Security Policy (CSP) for its login platform. Enhanced Security for Entra ID Sign-Ins The CSP update will focus on the sign-in experience at login.microsoftonline[.]com, allowing

Microsoft to block unauthorized scripts in Entra ID logins with 2026 CSP update Read More »

Cloudflare Experiences Outage Impacting Its Global Network Services

Cloudflare, a major internet infrastructure provider, is currently experiencing a global outage affecting its network services. Users have reported encountering “internal server error” messages while accessing websites and online platforms connected to Cloudflare. The company is actively investigating the situation and working to restore normal operations. Scope of Cloudflare’s Global Network Cloudflare operates a distributed

Cloudflare Experiences Outage Impacting Its Global Network Services Read More »

New Browser Security Report Highlights Emerging Enterprise Threats

A new Browser Security Report 2025 reveals a fundamental shift in the corporate threat landscape. The user’s browser has become the central hub where identity, SaaS, and AI-related risks converge. Traditional security tools, operating at a lower level, are failing to protect this new, parallel attack surface where unmanaged extensions, personal AI accounts, and stolen

New Browser Security Report Highlights Emerging Enterprise Threats Read More »