Welcome back to VulnVerse! It's our 26th weekly dispatch, and we've got another jam-packed edition for you. Let's dive into the latest vulnerabilities, exploits, and cyber threats.

Content:

• Vulnerabilities and Exploits 🔥: 15

• Data Breaches 💥: 2

• Malware and Ransomware 🐛: 9

• Software and System Issues ⚙️: 4

• Cloud ☁️: 9

• Tools 🛠️: 1

• Cybersecurity Measures and Recommendations 🔒️: 3

• Advanced Persistent Threats (APT) 🕵️: 3

Vulnerabilities and Exploits 🔥

Imperva Protects Against the Exploited CVEs in the Cleo Data Theft Attacks

Vulnerabilities exploited in the Cleo data theft attacks are addressed with protective measures. Detailed insights into the exploited CVEs and mitigation strategies demonstrate efforts to safeguard sensitive data from emerging threats.

Fortinet Zero-Day CVE-2024-55591 Exposed: Super-Admin Access Risk

CVE-2024-55591 is a critical vulnerability affecting Fortinet products, posing risks to critical systems. Immediate action is recommended to mitigate potential exploitation and secure affected environments.

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users

Multiple vulnerabilities in Mozilla products are identified, prompting security advisories. Users are encouraged to apply patches promptly to prevent potential exploits.

JoCERT Issues Warning on Exploitable Command Injection Flaws in HPE Aruba Products

Command injection flaws in HPE Aruba products present security risks. Organizations are advised to assess exposure and apply necessary patches to prevent exploitation.

Aircraft Collision Avoidance Systems Hit by High-Severity ICS Vulnerability

A flaw in industrial control systems (ICS) introduces risks of mid-air aircraft collisions. Urgent corrective measures are needed to ensure aviation safety.

phpMyAdmin 5.2.2 Addresses Critical XSS and Library Vulnerabilities

phpMyAdmin version 5.2.2 addresses critical cross-site scripting (XSS) vulnerabilities and updates libraries to enhance security. Users are advised to upgrade promptly to mitigate potential exploitation risks associated with these vulnerabilities.

Critical Vulnerabilities in Node.js Expose Systems to Remote Attacks

Critical vulnerabilities identified in Node.js could expose systems to security risks. Immediate attention and patching are recommended to protect applications from potential exploits targeting these weaknesses.

ICS Vulnerability Report: Urges Critical mySCADA Fixes

A report emphasizes critical vulnerabilities in mySCADA systems, urging immediate fixes. Addressing these issues is essential to prevent potential exploitation that could compromise industrial operations.

CVE-2025-23006: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Reportedly Exploited

A zero-day vulnerability identified as CVE-2025-23006 affects SonicWall Secure Mobile Access (SMA) 1000 series devices and has reportedly been exploited. Users should apply available patches and follow security advisories to mitigate risks.

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591

CVE-2024-55591 is a critical authentication bypass vulnerability in FortiOS, allowing attackers to gain super admin privileges. Organizations are urged to apply patches immediately to mitigate risks.