Threat Advisories

Google has released emergency security updates addressing CVE20265281, a high severity (CVSS score: N/A), actively exploited zero day impacting its Chrome browser.

On July 8, 2025, Microsoft released its monthly Patch Tuesday update, addressing 130+ vulnerabilities across its product portfolio. This cycle includes 10 critical-rated bugs, with one publicly disclosed zero-day vulnerability affecting Microsoft SQL Server.  

Researchers at Watchtowr have released technical details on an exploit for the “CitrixBleed 2” (CVE-2025-5777) vulnerability released on 2025-06-17, leading to the development of a Proof of Concept (PoC) exploit.

A critical vulnerability in Erlang's Open Telecom Platform (OTP) SSH implementation has recently been published. OTP is a collection of middleware, libraries and tools written in the Erlang programming language and is used by a large number of global companies for communications. According to https://erlang-companies.org, companies that may be affected include Ericsson, T-Mobile, BT and Bet365 (that reportedly use it in it's live betting infrastructure) and major products that may be affected include WhatsApp, Klarna and Discord. 

Foundational security organisation MITRE announced on the 15th April that the funding it received to maintain the CVE and CWE program would not be renewed. This was important, because MITRE, along with NIST and the CISA, are a huge contributor to the CVE program.

This advisory highlights a critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products that is being actively exploited in the wild. The flaw allows unauthenticated remote code execution via the SSL VPN interface, potentially giving attackers full control over affected devices. With multiple versions impacted across FortiOS and FortiProxy, and threat actors reportedly selling related exploits on dark web forums, the risk of widespread exploitation is high. Fortinet strongly urges immediate patching and additional mitigation steps, making this advisory crucial for organisations relying on Fortinet products to secure their networks. 

Fortinet has released security updates to address a critical security flaw impacting FortiSwitch that could permit an attacker to make unauthorized password changes.