U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Source: https://securityaffairs.com/180162/hacking/u-s-cisa-adds-fortinet-fortiweb-flaw-to-its-known-exploited-vulnerabilities-catalog.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability affecting Fortinet's FortiWeb product to its Known Exploited Vulnerabilities (KEV) catalog. FortiWeb is a web application firewall (WAF) designed to protect web applications from attacks such as SQL injection, cross-site scripting, and other OWASP Top 10 threats. Although specific technical details about the vulnerability are not provided in the source, the inclusion in the KEV catalog indicates that this flaw is actively exploited or poses a significant risk of exploitation. The vulnerability likely allows attackers to bypass security controls or execute unauthorized commands, potentially compromising the confidentiality, integrity, or availability of protected web applications. The absence of a CVSS score and patch details suggests that the vulnerability is newly disclosed or under active investigation. The medium severity rating implies a moderate risk level, possibly due to exploitation complexity or limited impact scope. Given FortiWeb's role as a frontline defense in web security, exploitation could lead to data breaches, service disruptions, or unauthorized access to sensitive systems.

Reddit InfoSec News

Detailed information about U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. Get real-time updates, technical details, and m

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog - Live Threat Intelligence - Threat Radar | OffSeq.com

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Reddit Discussion: U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Source: https://thehackernews.com/2025/07/malware-injected-into-6-npm-packages.html

This threat involves the injection of malware into five npm packages following a successful phishing attack that compromised maintainer tokens. npm (Node Package Manager) is a widely used package manager for JavaScript, hosting millions of packages that developers rely on globally. In this incident, attackers targeted the maintainers of certain npm packages, stealing their authentication tokens through phishing. With these tokens, the attackers gained unauthorized access to the maintainers' accounts and injected malicious code directly into the legitimate packages. This supply chain attack method is particularly dangerous because it leverages trusted software components, making detection difficult and increasing the likelihood of widespread impact. When developers or organizations install or update these compromised packages, the malware executes, potentially leading to data exfiltration, system compromise, or further propagation of malicious code within affected environments. Although there are no specific affected versions listed and no known exploits in the wild yet, the high severity rating reflects the potential for significant damage due to the trust placed in npm packages and the widespread use of JavaScript in modern applications. The attack vector—phishing to steal tokens—highlights the importance of securing developer credentials and access controls. The minimal discussion level and low Reddit score suggest that this is a recent discovery with limited public discourse, but the trusted source (The Hacker News) and newsworthiness assessment confirm its relevance and urgency in the cybersecurity community.

Detailed information about Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack. Get real-time updates, technical details, and

Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack - Live Threat Intelligence - Threat Radar | OffSeq.com

Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Reddit Discussion: Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

Source: https://thehackernews.com/2025/07/critical-microsoft-sharepoint-flaw.html

A critical zero-day vulnerability has been discovered in Microsoft SharePoint, which is currently unpatched and actively exploited in the wild. This vulnerability has led to breaches in over 75 company servers, indicating a widespread and impactful attack campaign. Although specific technical details and affected SharePoint versions are not provided, the nature of the vulnerability being a zero-day implies that attackers are exploiting an unknown or unmitigated flaw in SharePoint's codebase. SharePoint is widely used for collaboration, document management, and intranet portals, often containing sensitive corporate data. Exploitation of this zero-day could allow attackers to execute arbitrary code, escalate privileges, or bypass authentication controls, leading to unauthorized access to confidential information, data exfiltration, and potential lateral movement within affected networks. The lack of an available patch increases the risk and urgency for organizations to implement interim mitigations. The breach of 75+ company servers underscores the active exploitation and the threat's severity. Given SharePoint's integration with Microsoft ecosystems and its deployment in many enterprise environments, this vulnerability poses a significant risk to organizations relying on this platform for critical business operations.

Detailed information about Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers. Get real-time updates, technical details, an

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers - Live Threat Intelligence - Threat Radar | OffSeq.com

Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

Reddit Discussion: Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely.

CVE-2025-7896 is a path traversal vulnerability identified in the MoneyPrinterTurbo application developed by harry0703, affecting versions 1.2.0 through 1.2.6. The vulnerability resides in the download_video and delete_video functions within the app/controllers/v1/video.py file. Path traversal vulnerabilities occur when an attacker manipulates file path inputs to access files and directories outside the intended scope, potentially exposing sensitive data or allowing unauthorized file operations. In this case, the flaw allows remote attackers to craft requests that manipulate the file path parameters used by these functions, enabling them to traverse directories and access or delete arbitrary files on the server hosting the application. The vulnerability is remotely exploitable without requiring user interaction, but it does require low-level privileges (PR:L) on the system, indicating that some form of limited authentication or access is necessary. The CVSS 4.0 base score is 5.3, categorizing it as medium severity, reflecting the moderate impact on confidentiality, integrity, and availability. The attack vector is network-based (AV:N), with low attack complexity (AC:L), and no privileges required (PR:L) but no user interaction (UI:N). The vulnerability does not affect system confidentiality, integrity, or availability to a high degree but does pose a risk of unauthorized file access or deletion, which could lead to data leakage or service disruption. No known exploits are currently reported in the wild, and no patches have been linked yet. The lack of patches suggests that organizations using MoneyPrinterTurbo should prioritize mitigation and monitoring until an official fix is released.

CVE Database V5

Detailed information about CVE-2025-7896: Path Traversal in harry0703 MoneyPrinterTurbo affecting harry0703 MoneyPrinterTurbo. Get real-time updates, technical 

CVE-2025-7896: Path Traversal in harry0703 MoneyPrinterTurbo - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7896: Path Traversal in harry0703 MoneyPrinterTurbo

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely.

Detailed information about CVE-2025-7897: Missing Authentication in harry0703 MoneyPrinterTurbo affecting harry0703 MoneyPrinterTurbo. Get real-time updates, te

CVE-2025-7897: Missing Authentication in harry0703 MoneyPrinterTurbo

CVE-2025-7897: Missing Authentication in harry0703 MoneyPrinterTurbo

Description

Technical Details

Related Threats

CVE-2025-7896: Path Traversal in harry0703 MoneyPrinterTurbo

CVE-2025-46385: CWE-918 Server-Side Request Forgery (SSRF) in Emby Windows

CVE-2025-46384: CWE-434 Unrestricted Upload of File with Dangerous Type in Emby Windows

CVE-2025-7895: Unrestricted Upload in harry0703 MoneyPrinterTurbo

CVE-2025-46383: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Emby Windows

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility