Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay protected. Source link Author: Fortinet…
Today, CISA, in partnership with Sandia National Laboratories, announced the public availability of Thorium, a scalable and distributed platform for automated file analysis and result aggregation. Thorium enhances cybersecurity teams’ capabilities by automating analysis workflows through seamless integration of commercial, open-source, and custom tools. It…
Learn how FortiCNAPP uses feedback loops, machine learning, and composite signal scoring to continuously refine intrusion detection. Improve precision, recall, and alert accuracy at cloud scale. Source link Author: Fortinet Article used for cyber security disclosure.
CISA, in partnership with the U.S. Coast Guard (USCG), released a joint Cybersecurity Advisory aimed at helping critical infrastructure organizations improve their cyber hygiene. This follows a proactive threat hunt engagement conducted at a U.S. critical infrastructure facility. During this engagement, CISA and USCG did…
Learn about opportunities to connect with our team of experts who will be offering insights, advice, and showcasing our products, services, and threat intelligence solutions. Source link Author: Fortinet Article used for cyber security disclosure.
Today, CISA released the Eviction Strategies Tool to provide cyber defenders with critical support and assistance during the containment and eviction phases of incident response. This tool includes: Cyber Eviction Strategies Playbook Next Generation (Playbook-NG): A web-based application for next-generation operations. COUN7ER: A database of…
It’s 2025, and at this point, we’re convinced there’s a secret industry-wide pledge: every network appliance must include at least one trivially avoidable HTTP header parsing bug – preferably pre-auth. Bonus points if it involves sscanf. If that’s the case, well done! SonicWall’s SMA100 series…
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2025-20281 Cisco Identity Services Engine Injection Vulnerability CVE-2025-20337 Cisco Identity Services Engine Injection Vulnerability CVE-2023-2533 PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability These types of vulnerabilities are…
