PS1Bot malvertising delivers multi‑stage, in‑memory modules
Cisco Talos details a modular PowerShell/C# framework focused on stealth and in‑memory execution to reduce forensic artifacts and persist on hosts. Read more on THN.
News Roundup • Aug 13, 2025
Zoom (CVE‑2025‑49457) and Xerox push critical fixes
Untrusted search path in Windows clients enables privilege escalation; update Zoom Workplace/Rooms/SDK to ≥ 6.3.10. Xerox FreeFlow Core also receives security updates. Details on THN.
Fortinet: FortiSIEM RCE (CVE‑2025‑25256) exploited in the wild
OS command injection (CVSS 9.8) impacts several FortiSIEM branches; migrate/upgrade to fixed releases immediately. Advisory via THN.
Microsoft Patch Tuesday: 111 fixes including Kerberos zero‑day
Release includes 16 Critical and 92 Important severity issues across the portfolio. Prioritize Kerberos and Exchange hybrid items. Summary at THN.
[Your pick] Cybernews headline
Two‑to‑three sentence summary in your own words. Link to the original: Read on Cybernews.
[Your pick] SecurityWeek headline
Two‑to‑three sentence summary in your own words. Link to the original: Read on SecurityWeek.
OWASP Top 10 2025 – what changed and how to prepare
A concise overview of the most important updates and a practical checklist for teams improving their testing workflows.
API security: testing gRPC and GraphQL in CI/CD
How to automate tests for modern APIs and reduce false positives with regression checks.
Incident post‑mortem: SSRF via metadata endpoint
A practical example of SSRF exploitation and mitigation in cloud environments, including detection signals.