Your source for the latest in zero trust architecture, quantum-resistant technologies, and next-gen cybersecurity for distributed networks.
The WP Ghost plugin has a critical vulnerability tracked as CVE-2025-26909. Users are strongly advised to update to version 5.4.02 immediately to mitigate risks. The vulnerability allows unauthenticated Local File Inclusion (LFI), which could lead to Remote Code Execution (RCE) on approximately 200,000 sites.
Fortinet has issued a security patch addressing a significant SQL injection vulnerability tracked as CVE-2025-25257 in its FortiWeb web application firewall. This flaw allows unauthenticated attackers to execute arbitrary SQL commands, presenting a critical risk to database security. The vulnerability has been assigned a CVSS score of 9.6, indicating its severity.