Fortra® Security & Trust Center

Blog

Your Taxes Are Done but the Scammers Aren’t

By Meriam Senouci on Wed, 04/16/2025

This blog conducts a deep dive into a recent and widespread tax scam identified through Fortra’s threat research. It offers the reader a detailed analysis into the email lure and provides insights with predictions into how these scammers can continue targeting victims even after the tax deadline has passed.

Blog

Patch Tuesday Update April 2025

By Tyler Reguly on Fri, 04/11/2025

This is a Patch Tuesday, where the casual observer needs to pay a bit more attention.

Emerging Threats

CrushFTP Authentication Bypass

Tue, 04/08/2025

Fortra is actively researching a critical authentication bypass vulnerability CVE-2025-31161 that allows attackers to bypass authentication and takeover of the CrushFTP admin account on the file transfer server through an exposed HTTP(S) port. The vulnerability can be exploited remotely.

Emerging Threats

Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes

Fri, 01/17/2025

Wiz Research has discovered several vulnerabilities in the ingress-nginx Controller for Kubernetes. These vulnerabilities could expose all secrets stored across all namespaces in the Kubernetes cluster.

Blog

Patch Tuesday Update March 2025

By Tyler Reguly on Thu, 03/13/2025

This is a Patch Tuesday, where the casual observer needs to pay a bit more attention.

Emerging Threats

Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates

Fri, 03/07/2025

Fortra is actively researching multiple vulnerabilities impacting VMware ESXi, Workstation, and Fusion Updates.

Blog

Patch Tuesday Update February 2025

By Tyler Reguly on Thu, 02/13/2025

After dumping patches on us last month, Microsoft must have felt sorry for us this month because, size-wise, we’re only getting 38% of the updates we had last month.

Blog

Tripwire Patch Priority Index for January 2025

By Lane Thames on Tue, 02/04/2025

January 2025’s Patch Priority Index covers Microsoft vulnerabilities in Office, Windows, .NET, SharePoint, Hyper-V, and more.

Emerging Threats

Multiple Vulnerabilities Impacting rsync

Fri, 01/17/2025

Fortra is actively researching multiple vulnerabilities impacting rsync: CVE-2024-12084: CVSS 3.1: 9.8, CVE-2024-12085: CVSS 3.1: 7.5, CVE-2024-12086: CVSS 3.1: 6.1, CVE-2024-12087: CVSS 3.1: 6.5, CVE-2024-12088: CVSS 3.1: 6.5, CVE-2024-12747: CVSS 3.1: 5.6.

Emerging Threats

FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module

Wed, 01/15/2025

Fortra is actively researching a critical authentication bypass vulnerability CVE-2024-55591 in the Node.js websocket module affecting FortiOS firewalls and FortiProxy web gateways. This vulnerability affects FortiOS firewalls and FortiProxy web gateways and has been exploited as a zero-day by attackers to compromise publicly-exposed FortiGate firewalls.

Fortra® Security & Trust Center

Your Taxes Are Done but the Scammers Aren’t

Patch Tuesday Update April 2025

CrushFTP Authentication Bypass

Multiple Vulnerabilities Impacting ingress-nginx Controller for Kubernetes

Patch Tuesday Update March 2025

Multiple Vulnerabilities Impacting VMware ESXi, Workstation, and Fusion Updates

Patch Tuesday Update February 2025

Tripwire Patch Priority Index for January 2025

Multiple Vulnerabilities Impacting rsync

FortiOS & FortiProxy: Authentication Bypass in Node.js Websocket Module

Privacy Policy

Cookie Policy

Accessibility

Impressum