China’s Flax Typhoon Turns Geo-Mapping Server into a Backdoor
Chinese APT threat actors compromised an organization’s ArcGIS server, modifying the widely...
Read More
Author: Rob Wright
Multiple Unchecked Return Value leading to Null Pointer Dereference
An Unchecked Return Value vulnerability [CWE-252] in FortiOS API may allow an authenticated user to cause a Null Pointer Dereference, crashing the http daemon via a specialy crafted request. Revised on 2025-10-14 00:00:00
Read MoreInsertion of Sensitive 2FA Information in logs and debug command
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose...
Read MoreImproper session handling during authentication
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in the FortiIsolator authentication mechanism may allow a remote unauthenticated attacker to deauthenticate logged...
Read MoreMicrosoft Patch Tuesday October 2025, (Tue, Oct 14th)
I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft’s cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in...
Read More