Security Affairs
U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. This week, Microsoft’s July 2026 Patch Tuesday addressed the SharePoint remote code execution bug […]

CISA BlueHammer (CVE-2026-33825)

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog.

  • CVE-2026-25089 (CVSS score of 9.8) Fortinet FortiSandbox OS Command Injection Vulnerability  
  • CVE-2026-39808 (CVSS score of 9.8) Fortinet FortiSandbox OS Command Injection Vulnerability  
  • CVE-2026-58644 (CVSS score of 9.8) Microsoft SharePoint Deserialization of Untrusted Data Vulnerability

This week, Microsoft’s July 2026 Patch Tuesday addressed the SharePoint remote code execution bug CVE-2026-58644, which can be triggered without authentication or user interaction. The flaw stems from the deserialization of untrusted data.

“Deserialization of untrusted data in Microsoft Office SharePoint allows an unauthorized attacker to execute code over a network.” reads the advisory. “In a network-based attack, an attacker authenticated as at least a Site Owner, could write arbitrary code to inject and execute code remotely on the SharePoint Server.”

Microsoft confirmed it is aware of active exploitation of this vulnerability.

The second issue added to the KeV catalog is an OS command injection flaw, tracked as CVE-2026-25089, in FortiSandbox products. The vulnerability could allow remote, unauthenticated attackers to send specially crafted HTTP requests and execute arbitrary commands on affected devices. Adham El Karn of Fortinet Product Security team discovered the vulnerability.

The last issue added to the catalog, tracked as CVE-2026-39808, is an OS command injection flaw.

“An Improper Neutralization of Special Elements used in an OS Command (‘OS command injection’) vulnerability [CWE-78] in FortiSandbox may allow an unauthenticated attacker to execute unauthorized code or commands via crafted HTTP requests.” reads the advisory.

Cybersecurity firm Defused Cyber confirmed it’s seen active exploitation of this vulnerability within a 24-hour window.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to urgently fix these flaws by July 19, 2026.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, CISA)