- Cyber Threat Intelligence, SEK Security Advisory
Critical Fortinet vulnerabilities allow authentication bypass
Fortinet has patched two critical flaws (CVSS 9.8) that enable full authentication bypass via SAML response forgery in FortiOS.
- Cyber Threat Intelligence, SEK Security Advisory
Microsoft fixes actively exploited zero-day and 56 additional vulnerabilities in December Patch Tuesday
Microsoft’s December Patch Tuesday delivers fixes for 57 vulnerabilities, including an actively exploited zero-day (CVE-2025-62221) enabling SYSTEM-level privilege escalation.
- Cyber Threat Intelligence, SEK Security Advisory
SAP fixes critical vulnerabilities in the December 2025 Patch Day
SAP released patches for 14 flaws, including critical vulnerabilities enabling code execution and full system compromise in Solution Manager, Commerce Cloud, and jConnect, requiring urgent updates.
- Cyber Threat Intelligence, Intelligence Bulletin
Intelligence Brief – WhatsApp Malware in Brazil: Water Saci, Maverick & Coyote
Cybercriminals are using WhatsApp to deliver multi-stage malware designed to steal data and gain remote access.
- Cyber Threat Intelligence, Notificação de Vulnerabilidades OT/ICS
Monthly NDV OT-ICS – November/2025
An issue in Azure Front Door led to worldwide disruptions across Microsoft services, impacting applications relying on the platform.
- Cyber Threat Intelligence, Notificação de Vulnerabilidades OT/ICS
Monthly NDV – November/2025
See November’s most critical vulnerabilities and the urgent actions needed to reduce risk.
- Cyber Threat Intelligence, SEK Security Advisory
New Sha1-Hulud Wave Hits Over 25,000 Repositories via NPM Supply Chain
The new malware variant compromises thousands of npm repositories, stealing credentials and wiping directories if exfiltration fails.
- Cyber Threat Intelligence, SEK Security Advisory
Privilege Escalation Vulnerability in Cisco Catalyst Center Virtual Appliance
CVE-2025-20341 (CVSS 8.8) allows low-privileged authenticated users to escalate to Administrator through crafted HTTP requests. No workarounds exist, and Cisco urges immediate upgrade to version 2.3.7.10-VA.
- Cyber Threat Intelligence, SEK Security Advisory
Critical Vulnerability in Fortinet FortiWeb
CVE-2025-64446 (CVSS 9.1) allows unauthenticated attackers to run administrative commands through a path traversal flaw, is actively exploited in the wild, and requires urgent patching of vulnerable FortiWeb appliances.
