At a glance.
- Fortinet patches critical SQL injection flaw.
- India-aligned espionage campaign targets the Italian government.
- Russian pro basketball player arrested for alleged ties to ransomware operations.
Fortinet patches critical SQL injection flaw.
Fortinet has patched a critical vulnerability (CVE-2025-25257) in its FortiWeb firewall that could allow unauthenticated attackers to run SQL commands and achieve remote code execution, BeyondMachines reports. The vulnerability, which received a CVSS score of 9.6, is caused by "improper neutralization of special elements used in SQL commands within FortiWeb's Graphical User Interface (GUI) component." Users are urged to patch the flaw or implement a temporary mitigation by disabling the HTTP/HTTPS administrative interface.
ThreatLocker, the Zero Trust solution that stops ransomware in its tracks
Ransomware is a growing threat to businesses — but ThreatLocker stops it before it can execute. Built for business environments, ThreatLocker is a Zero Trust cybersecurity solution that puts you in control. With default deny, application control, and ringfencing, only approved software runs. It’s easy to install, simple to manage, and powerful enough to meet enterprise demands. Protect your organization with a solution that blocks ransomware at the source — without adding complexity to your stack.
India-aligned espionage campaign targets the Italian government.
Trellix has published a report on an India-aligned cyberespionage campaign targeting Italian government entities, Infosecurity Magazine reports. Trellix states, "The attackers impersonated European defense officials mentioning their visit to Bangladesh and lured their targets to click on a malicious Google Drive link. This delivered a malicious RAR archive, ultimately deploying malware consistent with the group's known toolset. This incident underscores the group's persistent focus on governmental and diplomatic entities and their adaptability in using common cloud services for initial infection."
Russian pro basketball player arrested for alleged ties to ransomware operations.
French authorities have arrested a former Russian pro basketball player over his alleged ties to a ransomware gang, Ars Technica reports. 26-year-old Daniil Kasatkin, who played for MBA Moscow and had a brief stint with Penn State University, was arrested at the de Gaulle airport last month at the request of the United States. He's accused of acting as a negotiator for a prolific ransomware syndicate. Kasatkin's attorney maintains his client's innocence, saying he bought a second-hand computer that must have belonged to a criminal. Kasatkin remains in custody as he awaits extradition to the US.
