N4N053: Well Actually 03 – Multicast, Routing Protocols, RFC 1918
We asked for follow ups and you did not disappoint! On today’s show we respond to listener comments and corrections on multicast, routing protocols, security, and more. We also hav…
Security & Lifecycle News
Aggregated from vendor advisories, security research, and industry publications.
Show HN: MacMind – A transformer neural network in HyperCard on a 1989 Macintosh
I trained a transformer in HyperCard. 1,216 parameters. 1989 Macintosh. And yes, it took a while.MacMind is a complete transformer neural network, embeddings, positional encodin…
D2DO300: Open Source Malware!
Malware has shifted from phishing expeditions to open source packages, domains, and repositories. Ned and Kyler welcome Jenn Gile, co-founder of Open Source Malware, to discuss how…
Out-Of-Bounds Write in administrative interface
CVSSv3 Score: 6.7 An out-of-bounds write vulnerability [CWE-787] in FortiWeb CGI daemon may allow a remote privileged attacker to execute arbitrary code or command via crafte…
Amazon to acquire Globalstar and expand Amazon Leo satellite network
Article URL: https://www.businesswire.com/news/home/20260414237496/en/Amazon-to-Acquire-Globalstar-and-Expand-Amazon-Leo-Satellite-Network Comments URL: https://news.ycombinator.co…
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-d…
PP105: Cybercrime Has Gone Industrial: Insights from HPE Threat Labs (Sponsored)
Threat actors are behaving more like professional organizations in an effort to launch more effective and profitable attacks. We explore this and other themes from the latest Threa…
HW075: Speedtest Certified
Speedtest Certified is a network connectivity verification program for properties and venues, allowing them to prove the performance of their Wi-Fi. Alan Blake of Ookla joins the s…
Multiple Path traversals in CLI
CVSSv3 Score: 6.2 Multiple Relative Path Traversal vulnerabilities [CWE-23] in FortiWeb may allow a local privileged attacker to execute unauthorized code on the underlying s…
Reflected XSS in Operation Center
CVSSv3 Score: 4.9 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may al…
Cleartext Credentials in response for API endpoints
CVSSv3 Score: 6.2 A Cleartext Transmission of Sensitive Information vulnerability [CWE-319] in FortiSOAR may allow an authenticated attacker to view cleartext password in re…
SQL Injection via API
CVSSv3 Score: 7.9 An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiDDoS-F may allow an authenticated att…
Unauthenticated Authentication bypass and Privilege escalation in FortiSandbox
CVSSv3 Score: 9.1 A Path Traversal vulnerability [CWE-24] in FortiSandbox JRPC API may allow an unauthenticated attacker to bypass authentication via specially crafted HTTP …
Stored Cross Site Scripting (XSS) in Reports View page
CVSSv3 Score: 4.4 An Improper neutralization of input during web page generation ('cross-site scripting') vulnerability [CWE-79] in FortiSOAR may allow an authenticated remot…
2FA request can be replayed without a valid token after one successful request
CVSSv3 Score: 6.7 An Improper authentication vulnerability [CWE-287] in FortiSOAR web GUI may allow an unauthenticated attacker to bypass authentication via replaying capture…
unauthorized backup file access
CVSSv3 Score: 5.4 An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiNDR and FortiVoice may allow a remote authenticated attacker w…
SSRF via Report template and scheduling
CVSSv3 Score: 4.1 A Server-Side request forgery (SSRF) vulnerability [CWE-918] in FortiSOAR may allow an authenticated attacker to discover services running on local ports vi…
SQL Injection via JSON RPC API
CVSSv3 Score: 6.8 An improper neutralization of special elements used in an SQL command ('SQL injection') [CWE-89] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and For…
Path Traversal on File Content Extraction connector
CVSSv3 Score: 6.2 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability [CWE-22] in FortiSOAR may allow an authenticated remote atta…
Missing Authentication for critical function in CAPWAP daemon
CVSSv3 Score: 6.2 A missing authentication for critical function vulnerability [CWE-306] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a local unauthenticated att…
Integer Overflow Denial of Service in administrative interface
CVSSv3 Score: 4.4 An Integer Overflow or Wraparound vulnerability [CWE-190] in FortiWeb may allow a privileged authenticated attacker to perform a denial of service of the sy…
Heap-based buffer overflow in oftpd daemon
CVSSv3 Score: 7.3 A heap-based buffer overflow vulnerability [CWE-122] in FortiAnalyzer Cloud oftpd daemon may allow a remote unauthenticated attacker to execute arbitrary co…
Hardcoded symmetric encryption key for Postgresql
CVSSv3 Score: 5.2 A use of hard-coded cryptographic key vulnerability [CWE 321] in FortiClientEMS may allow an attacker in possession of an encrypted dump of the database to…
Path Traversal in CLI
CVSSv3 Score: 5.4 An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and Fort…
Path Traversal in CLI
CVSSv3 Score: 5.4 An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] in the command line interpreter of FortiOS, FortiPAM, FortiProxy …
Open Redirection via Import CSV option
CVSSv3 Score: 2.2 An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F may allow a remote privileged attacker with system administrato…
OS Command Injection through API endpoint
CVSSv3 Score: 9.1 An Improper Neutralization of Special Elements used in an OS Command ('OS command injection') vulnerability [CWE-78] in FortiSandbox may allow an unauthenti…
Multiple Stored XSS
CVSSv3 Score: 4.3 An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox and FortiSandbox Cloud may al…
Multiple SQL Injections
CVSSv3 Score: 7.1 An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an authenticated …
Axios npm Package Compromised
On March 31, 2026, the Axios npm package was compromised via a maintainer account takeover. Two malicious versions were published - [email protected] and [email protected] - which introduced…