Category: General

Executive Summary As of March 10, 2026, threat actors are actively exploiting Fortinet authentication-bypass vulnerabilities to compromise FortiGate and related Fortinet infrastructure, extract service account credentials, and move laterally across victim networks. Three CVEs are central to this campaign: CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858. All three have confirmed exploitation in the wild according to NVD and multiple industry sources [1][2][3]. Patches exist for most affected

Critical Dell RecoverPoint Vulnerability CVE‑2026‑22769 exploited by UNC6201; review impact, affected versions, and patch guidance to secure virtualized environments.

This project at Leargas has been a six-year journey that evolved to match a rapidly shifting threat landscape. Here is an overview of our progression from standalone intelligence to local vLLM processing. Phase 1: Standalone CIRCL AIL — Discovery at Scale Six years ago, we deployed CIRCL AIL as a standalone engine to address a lack of visibility into external leaks. Our focus was

Cybersecurity Advisory As of December 26, 2025, Fortinet confirms active exploitation of CVE‑2020‑12812, an improper authentication vulnerability in FortiOS SSL VPN that allows users to bypass two‑factor authentication (2FA) by altering the case of the username. The flaw affects several FortiOS branches and remains under active exploitation by multiple threat actors according to Fortinet’s December 24, 2025 advisory(thehackernews.com). The vulnerability is listed in CISA’s

Cybersecurity Advisory As of December 19, 2025, WatchGuard Fireware OS is impacted by a critical out‑of‑bounds write vulnerability, CVE‑2025‑14733, actively exploited in the wild according to the vendor’s advisory [1]. The flaw affects IKEv2 Mobile User VPN and Branch Office VPN configurations involving dynamic gateway peers. Patch updates are available for supported versions, and exploitation attempts have been confirmed from multiple IPs. The vulnerability carries

Fortinet has released security fixes for four vulnerabilities that affect authentication and login flows across multiple products, including two critical FortiCloud SSO authentication bypass issues in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE‑2025‑59718 and CVE‑2025‑59719) and additional login weaknesses in FortiSOAR (CVE‑2025‑59808) and FortiWeb (CVE‑2025‑64471). As of December 9, 2025, patches are available, and administrators are urged to disable FortiCloud SSO login where in use

As of October 15, 2025, enterprise operators of Fortinet and Ivanti platforms should immediately review and apply October 2025 security patches and advisories. Fortinet published multiple PSIRTs, including issues in FortiOS/FortiProxy ZTNA, FortiOS CLI controls on specific appliances, FortiIsolator authentication/session handling, FortiClientMac LaunchDaemon permissions, and weak authentication affecting FortiPAM and FortiSwitchManager. Patches and fixed versions are available per PSIRT/NVD.

Red Hat disclosed on October 2, 2025 that a third party accessed a GitLab instance used for internal collaboration by Red Hat Consulting in select engagements; Red Hat removed access, isolated the instance, involved authorities, and is continuing the investigation. The company emphasized the incident is confined specifically to that Consulting GitLab environment. [1][2]. (redhat.com) Who claims what A group calling itself Crimson Collective

In August 2025, a coalition of cybersecurity agencies from the U.S., Canada, Australia, New Zealand, the Netherlands, Germany—and later joined by the U.K.—issued new guidance calling on OT/ICS operators to develop and maintain a definitive, continually updated system inventory. This isn’t just bureaucratic advice. It addresses a core pain point: if you don’t reliably know what’s in your environment and how it connects, you

As of September 26, 2025, CISA’s ED 25‑03 mandates immediate action to identify and mitigate potential compromise of Cisco ASA and Firepower devices amid an active campaign chaining CVE‑2025‑20362 (missing authorization) with CVE‑2025‑20333 (RCE). Cisco also disclosed CVE‑2025‑20363 (web services RCE) across ASA/FTD and IOS families. Patching is available. CISA set aggressive deadlines: core dump submissions and urgent upgrades by September 26, 2025, and

As of September 18, 2025, SonicWall advises impacted customers to perform a MySonicWall breach password reset and rotate other secrets after threat actors accessed some cloud‑stored firewall configuration backups. SonicWall reports fewer than 5% of firewalls had backup preference files accessed; credentials in those files were encrypted; no leak evidence is known and this was not a ransomware event, but brute-force activity against the

As of September 18, 2025, organizations that build or run JavaScript software face a high‑risk supply chain incident: the Shai‑Hulud npm worm is actively compromising maintainer accounts, inserting a malicious postinstall bundle.js into popular packages, harvesting tokens and secrets, and mass‑migrating private GitHub repositories to public. Evidence shows large‑scale propagation and data exposure; no CVE/KEV entry applies because this is a campaign, not a