The European AllSky7 fireball network
Article URL: https://www.allsky7.net/#archive Comments URL: https://news.ycombinator.com/item?id=47539767 Points: 122 # Comments: 13
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Country that put backdoors in Cisco routers to spy on world bans foreign routers
Article URL: https://www.theregister.com/2026/03/24/fcc_foreign_routers/ Comments URL: https://news.ycombinator.com/item?id=47506279 Points: 162 # Comments: 53
‘CanisterWorm’ Springs Wiper Attack Targeting Iran
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wi…
My home network observes bedtime with OpenBSD and pf
Article URL: https://ratfactor.com/openbsd/pf-gateway-bedtime Comments URL: https://news.ycombinator.com/item?id=47489620 Points: 136 # Comments: 35
Migrating the American express payment network, twice
Article URL: https://americanexpress.io/migrating-the-payments-network-twice/ Comments URL: https://news.ycombinator.com/item?id=47483830 Points: 101 # Comments: 36
Feds Disrupt IoT Botnets Behind Huge DDoS Attacks
The U.S. Justice Department joined authorities in Canada and Germany in dismantling the online infrastructure behind four highly disruptive botnets that compromised more than three…
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Article URL: https://blog.qualys.com/vulnerabilities-threat-research/2026/03/17/cve-2026-3888-important-snap-flaw-enables-local-privilege-escalation-to-root Comments URL: https://n…
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Mich…
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this mo…
Privilege escalation using undocumented CLI command
CVSSv3 Score: 6.4 An Inclusion of Undocumented Features [CWE-1242] in FortiManager and FortiAnalyzer CLI may allow a remote authenticated read-only admin with CLI access to e…
Protected hostname bypass
CVSSv3 Score: 5.0 An authentication bypass by spoofing [CWE-290] vulnerability in FortiWeb protected hostname feature may allow a remote unauthenticated attacker to bypass ho…
Local privilege escalation via improper symlink following
CVSSv3 Score: 7.4 A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to …
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score: 6.3 An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential informat…
Reflected Cross Site Scripting (XSS) in error page
CVSSv3 Score: 4.1 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') [CWE-79] in FortiSIEM's error page may allow a remote unauthenticate…
SQL injection in jsonrpc api
CVSSv3 Score: 5.6 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiAnalyzer and FortiAnalyzer-BigData AP…
Authentication Lockout Bypass via Race Condition
CVSSv3 Score: 3.4 An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass brute…
Stack buffer overflow in API
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker who can bypass stack protection and ASLR to exec…
Stack-based Buffer Overflow in API protection
CVSSv3 Score: 5.9 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiWeb may allow a remote authenticated attacker to execute arbitrary code or commands via crafte…
Arbitrary file deletion in administrative interface
CVSSv3 Score: 6.0 An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged a…
Authentication rate-limit bypass permits to brute force admin logins
CVSSv3 Score: 7.3 An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication ra…
Buffer Overflow in LLDP OUI field
CVSSv3 Score: 7.7 A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker…
Null Pointer Dereference in Anti-Defacement feature
CVSSv3 Score: 2.5 A NULL Pointer Dereference vulnerability [CWE-476] in FortiWeb may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests. …
OS Command injection in FortiWeb API
CVSSv3 Score: 6.7 An OS Command Injection vulnerability [CWE-78] in FortiWeb API may allow an authenticated attacked to execute arbitrary commands via a specialy crafted HTTP…
Path traversal vulnerability in FortiSOAR Agent Connector Bridge server
CVSSv3 Score: 5.5 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR Agent Connector Bridge may allow an un…
Buffer overflow via fgtupdates service
CVSSv3 Score: 7.0 A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized…
OS command injection on vmimages update feature
CVSSv3 Score: 6.7 An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiSandbox Cloud and FortiSandbox …
MFA Bypass in GUI
CVSSv3 Score: 6.8 An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow a…
Insecure Exposure of Plaintext Passwords in Debug Logs
CVSSv3 Score: 3.8 A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiMail, FortiVoice and FortiRecorder debug logs may allow an authenticated malici…
Format string vulnerability in fazsvcd
CVSSv3 Score: 6.5 A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daem…
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popular…