Latest News

1 minute read

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

info@thehackernews.com (The Hacker News)

January 14, 2026

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. “An improper neutralization of special elements used in an OS command (‘OS command

[[{“value”:”Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.
The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.
“An improper neutralization of special elements used in an OS command (‘OS command”}]] The Hacker News

Latest News

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

January 14, 2026

Latest News

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

January 14, 2026

2 min

U.K. Royal Family Website Faces Cyber Siege: A Close Look at the DDoS Attack

The U.K. Royal Family's website is not just any ordinary website. It's the digital gateway to one of the world's most famous and iconic families.

Omega Balla

October 2, 2023

2 min

Latest News

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. "The malware retrieves the victim's WhatsApp contact list and automatically sends malicious messages to each contact to further

info@thehackernews.com (The Hacker News)

January 8, 2026

2 min

Latest News

Microsoft Links Storm-1175 to GoAnywhere Exploit Deploying Medusa Ransomware

Microsoft on Monday attributed a threat actor it tracks as Storm-1175 to the exploitation of a critical security flaw in Fortra GoAnywhere software to facilitate the deployment of Medusa ransomware. The vulnerability is CVE-2025-10035 (CVSS score: 10.0), a critical deserialization bug that could result in command injection without authentication. It was addressed in version 7.8.4, or the Sustain

info@thehackernews.com (The Hacker News)

October 7, 2025

Hand-Picked Top-Read Stories

Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

Western cyber agencies warn about threats to industrial operational technology

Trending Tags

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Previous Post

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Next Post

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Microsoft disrupts RedVDS cybercrime platform behind $40 million in scam losses

Researchers Null-Route Over 550 Kimwolf and Aisuru Botnet Command Servers

Western cyber agencies warn about threats to industrial operational technology

AI Agents Are Becoming Privilege Escalation Paths

AI CyberCon Summit 2026

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Previous Post

Next Post

Related Posts