Security Alerts

Windows users had been exposed to 5 zero-day in Jan and Feb. Six Windows zero-days now.

FinalDraft has been using Outlook email drafts for command-and-control communication in attacks; discovered by Elastic Security Labs that rely on malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation

Brand new vulnerabilities in OpenSSHnew now have patches for CVE-2025-26465 and CVE-2025-26466. The vulnerabilities allow miscreants to perform machine-in-the-middle attacks on the OpenSSH client and pre-authentication denial-of-service attacks.

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files.

Fortinet stated the new CVE-2025-24472 flaw added to FG-IR-24-535 is not a zero-day and was fixed in January. CVE-2024-55591 was exploited & a workaround provided.

CVE-2025-21298 is a high-severity vulnerability in OLE that enables remote code execution, with a CVSS score of 9.8.

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers.

Microsoft Sneaky 2FA bypass attack and another 2FA bypass kit called FlowerStorm that is targeting Microsoft users cloned login pages.

Fortinet has released a security update with the fixes for 15 vulnerabilities ranging from critical to high severity.

Over 4 million systems on the internet, including VPN servers and home routers, are vulnerable to attacks due to tunneling protocol flaws.

Microsoft is investigating an ongoing MFA outage that is blocking customers from accessing Microsoft 365 Office apps.

Cybersecurity researchers at EXPMON have uncovered an intriguing “zero-day behavior” in PDF samples that leak sensitive NTLM authentication data.

Tenable urges users to update their Nessus instances to avoid a potential plugin security issue since a previous plugin update saw agents going offline.

A significant surge in brute-force attacks targeting Citrix NetScaler devices across multiple organizations.

Multiple vulnerabilities were identified in VMware products. A remote attacker could exploit some of these vulnerabilities to trigger elevation of privilege and remote code execution on the targeted system.