Latest News

1 minute read

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

info@thehackernews.com (The Hacker News)

January 14, 2026

Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. “An improper neutralization of special elements used in an OS command (‘OS command

[[{“value”:”Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.
The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.
“An improper neutralization of special elements used in an OS command (‘OS command”}]] The Hacker News

Latest News

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

January 14, 2026

Latest News

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

January 14, 2026

5 min

Latest News

Transparent Tribe Launches New RAT Attacks Against Indian Government and Academia

The threat actor known as Transparent Tribe has been attributed to a fresh set of attacks targeting Indian governmental, academic, and strategic entities with a remote access trojan (RAT) that grants them persistent control over compromised hosts. "The campaign employs deceptive delivery techniques, including a weaponized Windows shortcut (LNK) file masquerading as a legitimate PDF document

info@thehackernews.com (The Hacker News)

January 2, 2026

3 min

Latest News

PLUGGYAPE Malware Uses Signal and WhatsApp to Target Ukrainian Defense Forces

The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of new cyber attacks targeting its defense forces with malware known as PLUGGYAPE between October and December 2025. The activity has been attributed with medium confidence to a Russian hacking group tracked as Void Blizzard (aka Laundry Bear or UAC-0190). The threat actor is believed to be active since at least

info@thehackernews.com (The Hacker News)

January 14, 2026

3 min

Latest News

Russian ELECTRUM Tied to December 2025 Cyber Attack on Polish Power Grid

The "coordinated" cyber attack targeting multiple sites across the Polish power grid has been attributed with medium confidence to a Russian state-sponsored hacking crew known as ELECTRUM. Operational technology (OT) cybersecurity company Dragos, in a new intelligence brief published Tuesday, described the late December 2025 activity as the first major cyber attack targeting distributed energy

info@thehackernews.com (The Hacker News)

January 28, 2026

Hand-Picked Top-Read Stories

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA orders federal agencies to patch exploited SolarWinds bug by Friday

Trending Tags

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Previous Post

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Next Post

Hackers Exploit c-ares DLL Side-Loading to Bypass Security and Deploy Malware

Eclipse Foundation Mandates Pre-Publish Security Checks for Open VSX Extensions

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA orders federal agencies to patch exploited SolarWinds bug by Friday

Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU

UK investigating first suspected breach of cyber sanctions

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Previous Post

Next Post

Related Posts