A critical vulnerability has been discovered in Fortra’s GoAnywhere MFT software that demands urgent attention from IT administrators and security teams. On September 18th, 2025, Fortra released a security advisory detailing a severe vulnerability in their popular GoAnywhere Managed File Transfer (MFT) solution. This isn’t just another routine security update – with a maximum CVSS…

Continue Reading

A new zero-click vulnerability, dubbed ShadowLeak, has been discovered in OpenAI’s ChatGPT Deep Research agent, according to a report by The Hacker News. The flaw has the potential to expose Gmail inbox data to attackers, without any direct user interaction, simply by sending a malicious email to a victim. This security breach underscores the growing…

Continue Reading

In today’s rapidly evolving digital landscape, securing critical infrastructure and applications is more important than ever. Nokia, a global leader in telecommunications, has recently issued two important security advisories for its CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS). These vulnerabilities, tracked as CVE-2023-49564 and CVE-2023-49565, affect some versions of these products, and both…

Continue Reading

The Jenkins project has issued a new security advisory detailing multiple vulnerabilities affecting recent versions of Jenkins core. The issues include a high-severity denial-of-service (DoS) vulnerability affecting instances configured to use HTTP/2, as well as several medium-severity flaws related to permission checks and log handling. The most critical issue, tracked as CVE-2025-5115, involves a vulnerability…

Continue Reading

SonicWall has confirmed a security incident involving its MySonicWall cloud backup service, after detecting a series of brute-force attacks that successfully accessed configuration files for a subset of customer firewalls. According to the disclosure, the incident impacts fewer than 5% of SonicWall firewall customers. The affected files, referred to as firewall preference files, were stored…

Continue Reading

Qrator Labs, a cybersecurity company, has successfully defended against what appears to be the largest botnet-driven DDoS attack recorded this year, involving 5.76 million compromised devices targeting government infrastructure. Security researchers first identified this particular botnet earlier in the year with over 1 million infected devices, growing to nearly six million compromised systems by early…

Continue Reading

Security researchers at Okta have uncovered a previously unknown phishing-as-a-service operation called VoidProxy that represents a significant escalation in cybercriminal capabilities targeting business email and cloud accounts. Unlike traditional phishing attacks that simply steal passwords, VoidProxy uses real-time “adversary-in-the-middle” techniques that can bypass common two-factor authentication methods including SMS codes and authenticator apps. The service…

Continue Reading