Author: admin

Fortinet on Tuesday informed customers about more than a dozen vulnerabilities found and patched in its products.  The company has published 17 new advisories describing 18 vulnerabilities affecting FortiOS, FortiProxy, FortiPAM, FortiSRA, FortiAnalyzer, FortiManager, FortiAnalyzer-BigData, FortiSandbox, FortiNDR, FortiWeb, FortiSIEM and FortiADC. High-severity vulnerabilities include CVE-2023-48790, an XSS flaw in FortiNDR that can be exploited by unauthenticated hackers for arbitrary code or command execution.  In FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiWeb, the company patched CVE-2024-45325, which allows a privileged attacker to execute code or commands via specially crafted requests. Technical information describing this flaw appears to be publicly available.  Another high-severity…

The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials. The U.S. Cybersecurity and Infrastructure Security Agency, known as CISA, has ended about $10 million in annual funding to the nonprofit Center for Internet Security, a CISA spokesperson said in an email Monday. It’s the latest move by Trump administration officials to rein in the federal government’s role in election security, which has prompted concerns about an erosion of guardrails to prevent foreign meddling in U.S. elections. CISA announced a few weeks ago that it…

Meta is facing an AI copyright lawsuit in France that’s been brought by authors and publishers who are accusing it of economic “parasitism,” Reuters reports. The French litigation was filed in a Paris court this week by the National Publishing Union (SNE), the National Union of Authors and Composers (SNAC), and the Society of People of Letters (SGDL), which are accusing Meta of unlawfully training its AI models on their protected content. The case is thought to be the first such action against an AI giant in the country. Meta is facing similar litigation in the U.S. in relation to…

A Windows zero-day vulnerability addressed by Microsoft with its March 2025 Patch Tuesday updates has been exploited in the wild since March 2023, ESET says. The issue, tracked as CVE-2025-24983 (CVSS score of 7.0), is described as a use-after-free bug in the Win32 kernel subsystem that could allow attackers to elevate privileges to System. “Successful exploitation of this vulnerability requires an attacker to win a race condition. An attacker who successfully exploited this vulnerability could gain SYSTEM privileges,” Microsoft notes on its advisory. On Tuesday, the tech giant rolled out patches for CVE-2025-24983 and five other security defects marked as…

The contentious arrest of Columbia University student Mahmoud Khalil, who played a key role in organising the pro-Palestine protests at the Ivy League campus last year, has sparked outrage and raised concerns about free speech protections in the United States. Khalil, a 29-year-old Palestinian student, was arrested from his university residence in New York’s upper Manhattan over the weekend by Immigration and Customs Enforcement (ICE) agents, who said they would revoke his permanent residency – popularly known as a green card – at the behest of the Department of State. Though no federal charges have been pressed against Khalil. “This…

ZestyAI has partnered with the Colorado FAIR Plan to improve insurance access for homeowners struggling to secure coverage due to wildfire and climate risks.The partnership will achieve this by integrating ZestyAI’s AI-driven risk models—Z-FIRE™, Z-HAIL™, and Z-WIND™—to provide property-specific assessments for wildfire, hail, and wind.By integrating these models, the Colorado FAIR Plan seeks to improve risk-based pricing and guide homeowners on mitigation strategies.ZestyAI develops advanced AI-driven risk analytics using data sources such as aerial imagery, historical building permits, geospatial data, and structural attributes.Its models help insurers assess factors like vegetation proximity, roof condition, and building materials to enhance underwriting, pricing,…

Threat actors accessed the customer support portal of education tech giant PowerSchool several months before the massive December 2024 data breach, cybersecurity firm CrowdStrike says. In January, PowerSchool revealed that hackers had stolen personal information from its Student Information System (SIS) environments, which were accessed through the PowerSource community-focused customer support portal. Using compromised credentials for a maintenance account, the hackers stole names, contact details, dates of birth, medical information, Social Security numbers, and other information of both students and educators. PowerSchool has not shared information on the number of potentially impacted individuals, but multiple school districts in the US…

On Tuesday, Ukrainian President Volodymyr Zelenskyy said that Ukraine has accepted a 30-day ceasefire with Russia after critical peace talks with the United States in Saudi Arabia. Washington has, in turn, lifted its pause on military aid and intelligence sharing with Kyiv. After eight hours of negotiations in the port city of Jeddah, the terms of peace were jointly signed and will be presented to Russia, US Secretary of State Marco Rubio, who represented Washington in Saudi Arabia, said. The ball is now in Moscow’s court, said Rubio. Here is what we know about the deal that was struck –…

UK PayTech platform Blink Payment, which specialises in digital payment solutions, has announced its integration with ParaCode to enhance the payment processes for insurance brokers.The move will see the integration of modern digital payment capabilities into ParaCode’s customer platform.This collaboration seeks to address inefficiencies in traditional insurance payment methods, which often rely on manual processes such as phone payments.These outdated methods contribute to late payments, with over one in ten payments to insurance brokers being delayed.The integration of Blink Payment into ParaCode’s platform will enable the use of open banking and card payment links, helping insurance firms process transactions more…

U.S. officials have not determined who was behind an apparent cyberattack on the social media site X that limited access to the platform for thousands of users, according to a Trump administration official familiar with the ongoing investigation into the matter. Monday’s outage was described as a cyberattack by the official, who was not authorized to comment publicly on the matter and spoke Tuesday on the condition of anonymity. The official added that the Republican administration takes all cyberattacks against American companies seriously but underscored that the U.S. government had not gleaned any specific intelligence about who might have been…