SEK | Content hub

Cyber Threat Intelligence, SEK Security Advisory

12/31/2025

Fortinet warns of active exploitation of legacy vulnerabilities

#Resumo do(a) Post Fortinet has confirmed the active exploitation of CVE-2020-12812, a critical FortiOS SSL VPN flaw that enables 2FA authentication bypass in specific LDAP configurations.

Cyber Threat Intelligence, Notificação de Vulnerabilidades OT/ICS

12/29/2025

Monthly OT-ICS VN – December 2025

The December 2025 OT-ICS NDV highlights critical and high-severity vulnerabilities impacting industrial control environments.

Cyber Threat Intelligence, SEK Security Advisory

12/23/2025

Critical vulnerabilities in WatchGuard Fireware OS allow remote code execution

Critical flaws in WatchGuard Fireware OS (CVSS 9.3) enable unauthenticated remote code execution via IKEv2 VPNs.

Cyber Threat Intelligence, SEK Security Advisory

12/23/2025

Critical RCE vulnerability in n8n allows arbitrary code execution

A critical flaw in n8n (CVE-2025-68613 – CVSS 9.9) allows authenticated users to achieve remote code execution via expression injection in workflows.

Cyber Threat Intelligence, Vulnerability Notification

12/16/2025

Monthly NDV – December/2025

The December NDV highlights the most critical and high-severity vulnerabilities, including actively exploited flaws in widely used technologies.

Cyber Threat Intelligence, SEK Security Advisory

12/11/2025

Critical vulnerability enables remote code execution in n8n via Git node manipulation

A critical flaw (CVE-2025-65964, CVSS 9.4) in n8n allows remote code execution by abusing Git Node configuration, letting attackers run malicious scripts on the host server.

Cyber Threat Intelligence, SEK Security Advisory

12/10/2025

Critical Fortinet vulnerabilities allow authentication bypass

Fortinet has patched two critical flaws (CVSS 9.8) that enable full authentication bypass via SAML response forgery in FortiOS.

Cyber Threat Intelligence, SEK Security Advisory

12/10/2025

Microsoft fixes actively exploited zero-day and 56 additional vulnerabilities in December Patch Tuesday

Microsoft’s December Patch Tuesday delivers fixes for 57 vulnerabilities, including an actively exploited zero-day (CVE-2025-62221) enabling SYSTEM-level privilege escalation.

Cyber Threat Intelligence, SEK Security Advisory

12/10/2025

SAP fixes critical vulnerabilities in the December 2025 Patch Day

SAP released patches for 14 flaws, including critical vulnerabilities enabling code execution and full system compromise in Solution Manager, Commerce Cloud, and jConnect, requiring urgent updates.