Specific Software Risks: When Administrator Tools Become Gateways for Hackers

We usually worry about employees opening emails with viruses or visiting questionable websites. But what happens when the danger comes from the very programs that IT uses to manage the network?

In 2026, we witnessed a wave of critical vulnerabilities in extremely popular infrastructure software, such as pgAdmin, Plesk or Fortinet equipment. At Altanet Craiova we know that a "hole" in these programs is like leaving the right key in the server entrance door.

Top 3 Vulnerabilities Targeting Corporate Infrastructure

Hackers are now directly targeting the "brain" of the network. Here are the most risky targets identified recently:

1. pgAdmin (Databases)

pgAdmin is the most widely used tool for managing PostgreSQL databases. Recently, vulnerabilities were discovered that allow attackers to execute remote code if the pgAdmin server is exposed to the internet.

Risk: Hackers can steal or delete a company's entire database without needing the administrator password.

2. Plesk (Hosting Web)

Plesk is the control panel used by thousands of businesses to host their websites. A recent XSS (Cross-Site Scripting) vulnerability combined with root privileges could give attackers complete control over all websites on that server.

Risk: Your website could be replaced with phishing pages or used to attack other customers.

3. Fortinet (Network Security)

Fortinet VPN and Firewall appliances are the guardians of your network. However, the “Remote Code Execution” vulnerabilities discovered in their operating system (FortiOS) allow hackers to slip through your firewall like cheese.

The Risk: Attackers can get into your internal network and install ransomware unhindered, even if you have a VPN enabled.

How do you "think" about your infrastructure?

The solution is not to give up on these tools (they are industry standard), but to manage them correctly:

• Don't expose admin panels to the internet: Golden rule. pgAdmin or the Plesk login page should not be accessible directly from the browser, from anywhere. Hide them behind a VPN.
• Aggressive Patch Management: In the case of security equipment (Fortinet), the update must be done within 24 hours of the patch release. Hackers automatically scan the internet for outdated equipment.
• Monitor Logs: Periodically check who is logged into your admin panels. If you see a login from Brazil at 4am, you have a problem.

To stay up to date with the latest discovered vulnerabilities and required patches, we recommend consulting security bulletins from CISA (Cybersecurity & Infrastructure Security Agency).

Conclusion

The fact that you use professional software does not make you immune. On the contrary, these powerful tools require even greater responsibility. An outdated server is a ticking time bomb.

Do you need a network equipment check or a secure server upgrade? Our team offers proactive maintenance and IT services. Visit our contact page and let the professionals take care of your infrastructure.

This material is part of Altanet's educational series on digital security. Want to know what other risks you are exposed to this year? See Complete list of cyber threats in 2026.