Cyberthreat Blog, Author at Cyberthreat Blog from Fortify24x7 Page 32 of 28407

Insufficient Session Expiration in SSLVPN

Posted by Cyberthreat Blog | Dec 9, 2025 | Fortinet PSIRT Advisories |

CVSSv3 Score: 5.3 An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSLVPN may allow an attacker to maintain access to network resources via an active session not terminated after a user’s password...

Insertion of sensitive information into REST API logs

Posted by Cyberthreat Blog | Dec 9, 2025 | Fortinet PSIRT Advisories |

CVSSv3 Score: 6.3 An insertion of sensitive information into log file vulnerability [CWE-532] in FortiOS, FortiProxy, FortiPAM and FortiSRA may allow a read-only administrator to retrieve API tokens of other administrators via...

Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass

Posted by Cyberthreat Blog | Dec 9, 2025 | Fortinet PSIRT Advisories |

CVSSv3 Score: 9.1 An Improper Verification of Cryptographic Signature vulnerability[CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitchManager mayallow an unauthenticated attacker to bypass the FortiCloud SSO...

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Posted by Cyberthreat Blog | Dec 9, 2025 | DARKREADING |

Shanya is the latest in an emerging field of packing malware, selling obfuscation functionality in...

Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)

Posted by Cyberthreat Blog | Dec 9, 2025 | SANS ISC Bulletins |

This release addresses 57 vulnerabilities. 3 of these vulnerabilities are rated critical. One vulnerability was already exploited, and two were publicly disclosed before the patch was released. CVE-2025-62221: This privilege...

Author: Cyberthreat Blog

Insufficient Session Expiration in SSLVPN

Insertion of sensitive information into REST API logs

Multiple Fortinet Products’ FortiCloud SSO Login Authentication Bypass

Packer-as-a-Service Shanya Hides Ransomware, Kills EDR

Microsoft Patch Tuesday December 2025, (Tue, Dec 9th)