News - Page 2 of 28 - UZCERT xizmati

Computer Emergency
Response Team

News

Critical SSO Flaw in the Fortinet Ecosystem: Unauthorized Administrator-Level Access via FortiCloud Identified

On December 9, 2025, Fortinet issued an emergency warning regarding a serious security vulnerability discovered in several of its products, including FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, and others. According to official information, the flaw allows attackers to bypass FortiCloud Single Sign-On…

News

A 0-Day Vulnerability in Windows Allowing SYSTEM Privilege Escalation Has Been Disclosed

On December 9, 2025, Microsoft released emergency security updates addressing a critical 0-day vulnerability — CVE-2025-62221 — discovered in Windows systems. The flaw was found in the Cloud Files Mini Filter Driver (cldflt.sys), a kernel-level driver, and allows attackers to…

News

Burp Suite Update: Added Ability to Detect React2Shell Vulnerabilities

PortSwigger has updated the ActiveScan++ extension for Burp Suite, and it can now automatically detect two critical vulnerabilities found in React applications, known as React2Shell — CVE-2025-55182 and CVE-2025-66478. These vulnerabilities allow attackers to send unauthorized requests to the server…

News

A Highly Critical XXE Vulnerability Discovered in Apache Tika: Immediate System Updates Required

A new and extremely dangerous vulnerability has been identified in the Apache Tika platform. Registered as CVE-2025-66516, this flaw has received the maximum CVSS score of 10.0. The vulnerability allows an attacker to infiltrate the system through a specially crafted…

News

A Google Play App with Over 50,000 Downloads Found Distributing the Anatsa Banking Trojan

Even the official Google Play Store can sometimes fall victim to cybercriminals’ tactics. Experts from Zscaler ThreatLabz recently discovered that an app called “Document Reader – File Manager”, which had been downloaded more than 50,000 times, was actually distributing the…

News

A Dangerous Vulnerability Found in React and Next.js: PoC Release Sparks Global Concern

Millions of websites and web applications around the world rely on React and Next.js. Therefore, the discovery of a new vulnerability — CVE-2025-55182 — has caused serious concern among developers. The flaw enables remote code execution (RCE) on the server…

News

CISA and NSA Warn of BRICKSTORM Malware Targeting VMware ESXi and Windows Systems

A new cyber threat that has drawn significant attention from the international cybersecurity community — a sophisticated malware known as BRICKSTORM — has been highlighted in a joint advisory issued by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the…

News

Critical WordPress RCE Vulnerability: Wide-Scale Attacks Launched Through Sneeit Framework Plugin

The WordPress ecosystem is facing another serious security threat. In recent days, cybercriminals have begun actively exploiting a critical Remote Code Execution (RCE) vulnerability in the Sneeit Framework plugin. The flaw, identified as CVE-2025-6389 with a CVSS score of 9.8,…

News

Critical Vulnerability in K7 Antivirus: How a Regular User Can Gain SYSTEM Privileges

Cybersecurity experts have discovered a new vulnerability in K7 Computing’s K7 Ultimate Security product, leading to a major security issue. This flaw allows ordinary users with limited privileges to gain the highest level of operating system access — SYSTEM rights.…

News

New Android “0-Day” Vulnerabilities: CISA Issues Warning

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an official warning about two serious actively exploited “0-day” vulnerabilities in the Android operating system. These vulnerabilities pose a direct threat to the security of millions of Android users worldwide.…