Introduction: what happened and why it matters SAP has released fixes and additional hardening for a maximum-severity (CVSS 10.0) vulnerability in SAP NetWeaver AS Java: CVE-2025-42944. The flaw is an insecure deserialization issue reachable without authentication through the RMI-P4 interface,…
Introduction: a fake “urgent security update” that hands over your PC An active phishing campaign is impersonating LastPass and Bitwarden with emails that claim the vendors were hacked and urge recipients to install a “more secure desktop app.” The download…
Introduction — what happened and when On October 14, 2025, Spanish fashion retailer MANGO began notifying customers of a data breach at an external marketing service provider. The company says the incident did not impact MANGO’s core infrastructure but did…
Introduction: the problem at a glance Fortinet and Ivanti released coordinated October security updates addressing dozens of vulnerabilities across popular network-security and endpoint-management products. Highlights include a weak-authentication flaw in FortiPAM and FortiSwitchManager (CVE-2025-49201), cookie-handling issues in FortiIsolator (CVE-2024-33507), FortiClient…
Introduction / vulnerability definition Adobe has released security fixes addressing a critical vulnerability in Adobe Connect, a platform for virtual meetings and webinars. The most severe issue is a DOM-based XSS (CVE-2025-49553), rated CVSS 9.3, which—given the right sequence of…