Information Security Alerts

The following products have discovered critical security vulnerabilities recently. These vulnerabilities could allow remote attackers to invade your devices. It is strongly recommended updating your following product versions to the latest immediately.

Phishing Alerts
- Phishing emails reported by CUHK users
Active Vulnerabilities to be concerned

Product	Vulnerability	Publish Date
Fortinet	FortiWeb Authentication Bypass Vulnerability (CVE-2025-52970) ^[new]	18 Aug 2025
WinRAR	Zero-Day WinRAR Path Traversal Vulnerability (CVE-2025-8088) ^[new]	14 Aug 2025

Enquiry
- For enquiries, please contact infosec@cuhk.edu.hk. Thanks a lot.

Active Vulnerabilities in last12 months

For General Users:

Product	Vulnerability	Publish Date
Google Chrome	Zero-Day Remote Code Execution Vulnerability (CVE-2024-7965)	26 Sep 2024
Adobe Acrobat and Reader	Remote Code Execution Vulnerability (CVE-2024-41869)	17 Sep 2024
Microsoft Windows	Kernel Elevation of Privilege Vulnerability (CVE-2024-38106)	06 Sep 2024

For Technical Professionals:

Product	Vulnerabilities	Publish Date
Palo Alto	PAN-OS Denial of Service (DoS) Vulnerability (CVE 2024-3393)	27 Dec 2024
Palo Alto	PAN-OS Authentication Bypass Vulnerability (CVE-2024-0012) & Privilege Escalation Vulnerability (CVE-2024-9474)	19 Nov 2024
Palo Alto	OS Command Injection & SQL Injection vulnerabilities on Palo Alto Expedition (CVE 2024-9463 & CVE-2024-9465)	15 Nov 2024
Palo Alto	Remote Code Execution Vulnerability via PAN-OS management interface	12 Nov 2024
Fortinet	FortiManager Remote Code Execution Vulnerability (CVE-2024-47575)	31 Oct 2024

Active Ransomware Attack to be concerned

Vulnerabilities and Ransomware Variants in past years

Reference Information

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.