VulnHub

A serious vulnerability has been discovered in Fortinet's Security Information and Event Management (SIEM) solution, FortiSIEM, which allows remote, unauthenticated attackers to execute arbitrary commands. This flaw, classified as a command injection vulnerability, poses a significant risk as it can be exploited without needing any prior access. Researchers have released technical details and exploit code, raising concerns about the potential for widespread attacks. Companies using FortiSIEM should take immediate action to secure their systems, as the implications of this vulnerability could lead to unauthorized access and data breaches. It's crucial for users to stay informed and apply any necessary patches or updates as they become available.

Fortinet has addressed six security flaws, two of which are critical vulnerabilities affecting its FortiFone and FortiSIEM products. These vulnerabilities could potentially allow attackers to exploit the systems without needing any authentication, which raises significant security concerns. Specifically, the flaws could lead to unauthorized access to configuration data or enable the execution of malicious code. Users of these products should prioritize applying the patches provided by Fortinet to safeguard their systems. Given the nature of these vulnerabilities, organizations using FortiFone and FortiSIEM need to act quickly to mitigate any potential risks.

AI agents, once simple tools for individual productivity, are now integral to various organizational processes, including security and IT operations. These agents can automate workflows across multiple systems, which raises concerns about privilege escalation paths. As they gain more access to sensitive data and systems, they could be exploited by attackers to gain unauthorized access or escalate their privileges within an organization. This shift in how AI is utilized in workplaces poses significant risks, as vulnerabilities in these agents could lead to severe security breaches. Companies need to assess their AI implementations and ensure that appropriate security measures are in place to mitigate these risks.

Fortinet has addressed a severe vulnerability in its FortiSIEM product that could allow attackers to execute arbitrary code without authentication. This flaw, known as CVE-2025-64155, has a CVSS score of 9.4, highlighting its potential impact on affected systems. The vulnerability arises from improper handling of special elements in OS commands, which could be exploited by malicious actors. Organizations using FortiSIEM should prioritize applying the latest updates to protect their systems. The existence of such vulnerabilities emphasizes the need for ongoing vigilance in maintaining security protocols and software updates.

Node.js has issued urgent updates to address a serious vulnerability that affects nearly all production applications using the platform. The flaw, related to the async_hooks module, can lead to a stack overflow, resulting in a denial-of-service (DoS) condition. This means that if attackers exploit this vulnerability, they could crash servers running affected applications, disrupting services. Developers and companies using Node.js should prioritize applying these patches to maintain service availability and prevent potential outages. The vulnerability is especially concerning because it touches on core functionality that many frameworks rely on for stability.

A serious vulnerability has been identified in multiple versions of the Apache Struts 2 framework, tracked as CVE-2025-68493. This XML external entity injection flaw could allow attackers to gain unauthorized access to sensitive data, cause denial-of-service attacks, or execute server-side request forgery (SSRF) attacks. Organizations using affected versions of Apache Struts 2 are at risk, which could lead to significant data breaches and disruptions. The issue emphasizes the need for developers and system administrators to ensure their applications are updated and secure against such vulnerabilities. Immediate action is necessary to mitigate potential exploitation.

ServiceNow has addressed a significant flaw in its AI platform that could allow attackers to impersonate users. The company claims there is no evidence that this vulnerability was exploited before the patch was released in October. However, security researchers warn that the configuration of AI agents could still lead to prompt-injection style abuses, which could potentially compromise user accounts. This situation raises concerns about the security of AI systems and the risks they pose if not properly configured. Organizations using ServiceNow's AI features should ensure they implement the latest updates to mitigate any potential risks.

A Dutch appeals court has sentenced a 44-year-old hacker to seven years in prison for his role in hacking port systems to facilitate the smuggling of cocaine through European logistics hubs. The hacker exploited vulnerabilities in port networks to help traffickers move drugs into the Netherlands, highlighting a significant intersection of cybersecurity and organized crime. This case underscores the potential dangers of cyber intrusions in critical infrastructure, as they can be manipulated for illegal activities. The ruling reflects growing legal actions against cybercriminals and aims to deter similar offenses in the future. The incident raises awareness about the importance of securing logistical and transportation networks against cyber threats, which can have far-reaching implications beyond just financial losses.

Experts are warning that power outages in IT and operational technology (OT) systems could lead to significant cybersecurity issues by 2026. These power gaps may turn minor outages into major crises, affecting the reliability and security of critical infrastructure. Companies that rely heavily on interconnected IT and OT systems should be particularly concerned, as the potential for cyberattacks increases during power failures. If attackers take advantage of these vulnerabilities, they could disrupt services, compromise data, or even cause physical damage. This situation highlights the need for organizations to bolster their cybersecurity measures and prepare for the challenges posed by electrical failures.

A 44-year-old man has been sentenced to prison for installing remote access malware on the systems of a logistics company in the Netherlands. He was able to carry out this cyberattack with assistance from some employees of the firm. The malware allowed him to gain unauthorized access to sensitive information, raising serious concerns about insider threats and the security of critical infrastructure. This incident serves as a reminder for companies to strengthen their cybersecurity measures and ensure that employees are aware of the risks associated with insider collaboration. The case highlights the increasing need for vigilance in protecting sensitive systems from both external and internal threats.

ServiceNow has reported a serious security vulnerability in its AI Platform that could allow an unauthenticated user to impersonate another user and take actions on their behalf. This flaw, identified as CVE-2025-12420, has a high severity rating of 9.3 out of 10, indicating a significant risk to users. The potential for impersonation means that attackers could exploit this weakness to gain unauthorized access to sensitive information or perform harmful actions. Organizations using ServiceNow's AI Platform should prioritize applying the patch to mitigate this risk and protect their users. The quick response from ServiceNow in addressing this vulnerability is crucial to maintaining trust in their services.

A 44-year-old Dutch man has been sentenced to seven years in prison for hacking into the ports of Rotterdam and Antwerp, two of Europe's busiest ports. The Amsterdam Court of Appeal found him guilty of multiple offenses, including computer hacking and attempted extortion. His actions raised significant concerns about the security of critical infrastructure, as port operations are vital for trade and logistics. The case serves as a stark reminder of the potential risks posed by cybercriminals to essential services and the economy. Authorities hope this sentence will deter similar attacks in the future.