It is the right time to talk about this. Cloud-based Artificial Intelligence, or specifically those big, powerful Large Language Models we see everywhere, they’ve completely changed the game. They’re more than just a new application tier. They’re an entirely new attack surface. You’ve moved your critical applications to the public cloud. You did it for..

The post The Attack Surface of Cloud-Based Generative AI Applications is Evolving appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446/CVE-2025-58034); Combined exploitation can realize unauthorized remote code execution. At present, the vulnerability details and PoC have been made public, and wild exploitation has been found. Relevant users are requested to take measures to […]

The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice appeared first on Security Boulevard.

An OS command injection flaw, the exploited zero-day allows attackers to execute arbitrary code on the underlying system.

The post Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week appeared first on SecurityWeek.

Security firms say the flaw has been actively exploited for weeks, even as Fortinet quietly shipped fixes and CISA added the bug to its KEV catalog.

The post Fortinet Confirms Active Exploitation of Critical FortiWeb Vulnerability appeared first on SecurityWeek.

The post Detectify security updates for January 25 appeared first on Detectify Blog.

The post Detectify now checks for File Disclosure in SSL VPNs – Pulse Secure and Fortinet appeared first on Detectify Blog.