Vulnerebility Blog 2025- 2026 2025 2024 2023 2022 2021 2020 2019 2018
APT blog Attack blog BigBrother blog BotNet blog Cyber blog Cryptocurrency blog Exploit blog Hacking blog ICS blog Incident blog IoT blog Malware blog OS Blog Phishing blog Ransom blog Safety blog Security blog Social blog Spam blog Vulnerebility blog
| 27.12.25 | The Week in Vulnerabilities: More Than 2,000 New Flaws Emerge | Vulnerabilities from Microsoft, Adobe and Fortinet are among those getting attention during a record week for new flaws. | Vulnerebility blog | |
| 27.12.25 | UNG0801: Tracking Threat Clusters obsessed with AV Icon Spoofing targeting Israel | Key Targets. Industries Affected. Geographical Focus. Infection Chain – Operation IconCat. Infection Chain – I. Infection Chain – II. Campaign-Analysis – Operation IconCat. Campaign-I Initial Findings. Looking into the malicious PDF File. Technical Analysis. Malicious PyInstaller implant – PYTRIC... | Vulnerebility blog | Seqrite |
| 27.12.25 | Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component | A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation | Vulnerebility blog | |
| 20.12.25 | The Week in Vulnerabilities: Cyble Tracks New ICS Threats, Zero-Days, and Active Exploitation | CRIL reports this week’s IT vulnerabilities, highlighting zero-days, active exploits, and trending threats across IT and industrial networks. | Vulnerebility blog | |
| 20.12.25 | Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components | CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks. | Vulnerebility blog | Microsoft blog |
| 20.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0. | Vulnerebility blog | SonicWall |
| 13.12.25 | A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up | Vulnerebility blog | SOPHOS | |
| 13.12.25 | React2Shell flaw (CVE-2025-55182) exploited for remote code execution | The availability of exploit code will likely lead to more widespread opportunistic attacks | Vulnerebility blog | SOPHOS |
| 13.12.25 | The Week in Vulnerabilities: Cyble Urges D-Link, React Server Fixes | This week’s report looks at 12 IT and 6 ICS vulnerabilities at high risk of exploitation, affecting both consumer and enterprise environments. | Vulnerebility blog | |
| 13.12.25 | Zero-Day to Zero-Hour: React2Shell (CVE-2025-55182) Becomes One of the Most Rapidly Weaponized RSC Vulnerability | React2Shell (CVE-2025-55182) was exploited within minutes by China-nexus groups, exposing critical weaknesses in React Server Components. | Vulnerebility blog | |
| 13.12.25 | Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know | CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). | Vulnerebility blog | |
| 13.12.25 | CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation | CVE-2025-55182 is a CVSS 10.0 pre-authentication RCE affecting React Server Components. Amid the flood of fake proof-of-concept exploits, scanners, exploits, and widespread misconceptions, this technical analysis intends to cut through the noise. | Vulnerebility blog | |
| 13.12.25 | Microsoft Security Bulletin Coverage for December 2025 | Microsoft’s December 2025 Patch Tuesday has 55 vulnerabilities, of which 27 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2025 and has produced coverage for 7 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 13.12.25 | React2Shell (CVE-2025-55182) Critical Unauthenticated RCE | SonicWall Capture Labs’ threat research team became aware of CVE-2025-55182 (React2Shell), assessed its impact and developed mitigation measures. React2Shell is a critical, unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) in React 19.0.0 through 19.2.0 | Vulnerebility blog | SonicWall |
| 13.12.25 | Microsoft Patch Tuesday for December 2025 — Snort rules and prominent vulnerabilities | The Patch Tuesday for December of 2025 includes 57 vulnerabilities, including two that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” Microsoft assessed that exploitation of the two “critical” vulnerabilities is “less likely.” | Vulnerebility blog | |
| 13.12.25 | Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p | Vulnerebility blog | |
|
6.12.25 |
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know |
CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see the context section for a more exhaustive list of affected frameworks). |
||
|
6.12.25 |
Critical Vulnerabilities in React Server Components and Next.js |
On Dec. 3, 2025, researchers publicly disclosed critical remote code execution (RCE) vulnerabilities in the Flight protocol used by React Server Components (RSC). These vulnerabilities are tracked as CVE-2025-55182 (React) and CVE-2025-66478 (Next.js), which have been assigned a maximum severity rating of CVSS 10.0. |
||
|
6.12.25 |
Socomec DIRIS Digiware M series and Easy Config, PDF XChange Editor vulnerabilities |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed an out-of-bounds read vulnerability in PDF XChange Editor, and ten vulnerabilities in Socomec DIRIS Digiware M series and Easy Config products. The vulnerabilities mentioned in this blog post have been p |
||
|
6.12.25 |
CVE-2025-55182: Critical Vulnerability, React2Shell, Allows for Unauthenticated RCE |
A critical vulnerability dubbed “React2Shell”, being tracked as CVE-2025-55182 with a CVSS score of 10.0, was recently discovered in React’s Server Components (RSC) that could allow for pre-authentication remote code execution |
||
|
6.12.25 |
The new security threat is speed. Learn why you must pause, verify, and secure your systems before deploying any AI-generated code. |
|||
| 29.11.25 | The Week in Vulnerabilities: Cyble Urges Fortinet, Microsoft Fixes | We look at 15 high-priority IT and ICS vulnerabilities – 7 of which are under discussion by threat actors on the dark web. | Vulnerebility blog | Cyble |
| 29.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 29.11.25 | Triofox Unauthenticated Access Control Vulnerability (CVE-2025-12480) | The SonicWall Capture Labs threat research team became aware of an Improper Access Control Vulnerability in Gladinet Triofox, assessed its impact, and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 29.11.25 | Dell ControlVault, Lasso, GL.iNet vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Dell ControlVault 3 firmware and its associated Windows software, four vulnerabilities in Entr'ouvert Lasso, and one vulnerability in GL.iNet Slate AX. The vulnerabilities men | Vulnerebility blog | CISCO TALOS |
| 22.11.25 | The Week in Vulnerabilities: 3 Microsoft Flaws Among High-Priority Fixes | Cyble researchers tracked 971 vulnerabilities this week, with 60 rated critical . Key threats include a 9.8-severity Microsoft GDI+ heap buffer overflow, Firefox sandbox escape, QNAP SQL injection, and five CISA KEV additions. | Vulnerebility blog | Cyble |
| 22.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 15.11.25 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. This now-patched n-day vulnerability, assigned CVE-2025-12480, allowed an attacker to bypass authentication and access the application configuration pages, enabling the upload and execution of arbitrary payloads. | Vulnerebility blog | Google Threat Intelligence | |
| 15.11.25 | The Week in Vulnerabilities: From IT Systems to Airport Weather Monitoring | Vulnerabilities flagged by Cyble this week cover everything from IT and security products to critical airport weather systems. | Vulnerebility blog | Cyble |
| 15.11.25 | Redis 8.2.2: Hardening the Lua Engine Against Four Critical Vulnerabilities | Introduction Redis is an open-source, in-memory data store widely used as a cache, message broker, and high-performance NoSQL database. It offers rich data structures like strings, hashes, lists, sets, sorted sets, bitmaps, HyperLogLogs, and streams, backed by atomic operations... | Vulnerebility blog | Seqrite |
| 15.11.25 | Microsoft Security Bulletin Coverage for November 2025 | Microsoft’s November 2025 Patch Tuesday has 63 vulnerabilities, of which 29 are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2025 and has produced coverage for 5 of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 15.11.25 | Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236) | The SonicWall Capture Labs threat research team became aware of an Improper Input Validation Vulnerability in Adobe Commerce and Magento Open-Source Platforms, assessed its impact and developed mitigation measures. Adobe Commerce and Magento Open-Source Platforms are e-commerce platforms that empower businesses to scale efficiently. Expanding on the trusted foundation of Magento, Adobe Commerce offers enterprise scale and performance, modern, API-first development, and seamless integration. | Vulnerebility blog | SonicWall |
| 15.11.25 | Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE | The SonicWall Capture Labs threat research team would like to highlight the vulnerability listed under CVE-2024-9916, as it remains unpatched and poses a potential risk to customer environments. Below is an analysis of the vulnerability itself, along with the mitigation measures against exploits that may target this vulnerability. | Vulnerebility blog | SonicWall |
| 11.11.25 | No Place Like Localhost: Unauthenticated Remote Access via Triofox Vulnerability CVE-2025-12480 | Mandiant Threat Defense has uncovered exploitation of an unauthenticated access vulnerability within Gladinet’s Triofox file-sharing and remote access platform. | Vulnerebility blog | Google Threat Intelligence |
| 8.11.25 | The Week in Vulnerabilities: Cyble Urges Apache, Microsoft Fixes | This week’s vulnerability report examines 15 IT and ICS flaws at high risk of exploitation by threat actors. | Vulnerebility blog | Cyble |
| 8.11.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Tenda | Jira Increase in | Vulnerebility blog | Cyfirma |
| 8.11.25 | Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) | On Oct. 14, 2025, a critical, unauthenticated remote code execution (RCE) vulnerability was identified in Microsoft's Windows Server Update Services (WSUS), a core enterprise component for patch management | Vulnerebility blog | Palo Alto |
| 8.11.25 | Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and Memory Exposure | Check Point Research (CPR) identified three security vulnerabilities in the Graphics Device Interface (GDI) in Windows. We promptly reported these issues to Microsoft, and they were addressed in the Patch Tuesday updates in May, July, and August 2025. | Vulnerebility blog | CHECKPOINT |
| 8.11.25 | Defeating KASLR by Doing Nothing at All | I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. | Vulnerebility blog | Project Zero |
| 1.11.25 | The Week in Vulnerabilities: Oracle, Microsoft & Adobe Fixes Urged by Cyble | Critical vulnerabilities from Oracle, Microsoft and Adobe are just a few of the flaws meriting high-priority attention by security teams. | Vulnerebility blog | Cyble |
| 1.11.25 | Trick, treat, repeat | Thor gets into the Halloween spirit, sharing new CVE trends, a “treat” for European Windows 10 users, and a reminder that patching is your best defense against zombie vulnerabilities. | Vulnerebility blog | CISCO TALOS |
| 1.11.25 | The Bug Report - October 2025 Edition | October's cybersecurity horror show is here! Zero-days in WSUS (CVE-2025-59287) and SessionReaper (Adobe) are under active attack. Patch these RCE and LPE monsters now or risk full possession of your network. | Vulnerebility blog | Trelix |
| 25.10.25 | How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit | ExPRT.AI is built into Falcon Exposure Management to eliminate noise and prioritize which vulnerabilities present the greatest risk. | Vulnerebility blog | CROWDSTRIKE |
| 25.10.25 | From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918) | In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from a standard domain user to SYSTEM level access, potentially compromising entire Active Directory environments. | Vulnerebility blog | CROWDSTRIKE |
| 25.10.25 | CISA Adds Oracle, Microsoft, Apple, Kentico Bugs to KEV Catalog | CISA has added five critical vulnerabilities impacting Oracle, Microsoft, Apple, and Kentico products to its Known Exploited Vulnerabilities catalog. Organizations must apply vendor patches before November 10, 2025, to mitigate exploitation risks. | Vulnerebility blog | Cyble |
| 25.10.25 | CVE-2025-6541 : TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis | EXECUTIVE SUMMARY CVE-2025-6541 is a critical Remote Command Injection vulnerability in TP-Link Omada Gateway devices, caused by improper input validation in the web | Vulnerebility blog | Cyfirma |
| 25.10.25 | Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. | Vulnerebility blog | Trend Micro |
| 18.10.25 | The Week in Vulnerabilities: Cyble Urges Adobe, Microsoft Fixes | Vulnerabilities in products from Microsoft, Adobe, Fortinet, OpenSSL and more are getting attention this week. Patch now. | Vulnerebility blog | Cyble |
| 18.10.25 | Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits | Trend™ Research has uncovered an attack campaign exploiting the Cisco SNMP vulnerability CVE-2025-20352, allowing remote code execution and rootkit deployment on unprotected devices, with impacts observed on Cisco 9400, 9300, and legacy 3750G series. | Vulnerebility blog | Trend Micro |
| 18.10.25 | Denial of Fuzzing: Rust in the Windows kernel | Check Point Research (CPR) identified a security vulnerability in January 2025 affecting the new Rust-based kernel component of the Graphics Device Interface (commonly known as GDI) in Windows. | Vulnerebility blog | CHECKPOINT |
|
11.10.25 |
Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began tracking a new, large-scale extortion campaign by a threat actor claiming affiliation with the CL0P extortion brand. | Vulnerebility blog | Google Threat Intelligence | |
|
11.10.25 |
Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability | Storm-1175, a financially motivated actor known for deploying Medusa ransomware and exploiting public-facing applications for initial access, was observed exploiting the deserialization vulnerability in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035. | Vulnerebility blog | Microsoft blog |
|
11.10.25 |
A Cascade of Insecure Architectures: Axis Plugin Design Flaw Expose Select Autodesk Revit Users to Supply Chain Risk | We discovered Azure Storage Account credentials exposed in Axis Communications’ Autodesk Revit plugin, allowing unauthorized modification of cloud-hosted files. This exposure, combined with vulnerabilities in Autodesk Revit, could enable supply-chain attacks targeting end users. | Vulnerebility blog | Trend Micro |
|
11.10.25 |
Invoice Ninja Deserialization Flaw (CVE-2024-55555) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-55555, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
|
11.10.25 |
Nvidia and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Nvidia and one in Adobe Acrobat. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerabili | Vulnerebility blog | CISCO TALOS |
|
11.10.25 |
Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Addressing CL0P Extortion Campaign Targeting Oracle EBS CVE-2025-61882 | Vulnerebility blog | Cybereason |
|
11.10.25 |
The Bug Report – September 2025 Edition | September's Bug Report is here! Learn about critical CVEs affecting Chrome, Windows, Django, and FreePBX. Stay secure—patch now. | Vulnerebility blog | Trelix |
| 4.10.25 | The Week in Vulnerabilities: PoCs and Zero-Days Merit Rapid Patching | A high percentage of Proof-of-Concept exploits and new zero days this week should have security teams on high alert. | Vulnerebility blog | Cyble |
| 4.10.25 | The Week in Vulnerabilities: MFT, Help Desk Fixes Urged by Cyble | The week’s top vulnerabilities include several that could attract the attention of threat actors, and some that already have. | Vulnerebility blog | Cyble |
| 4.10.25 | Cisco SNMP Vulnerability CVE-2025-20352 Exploited in the Wild | CVE-2025-20352 is a critical SNMP vulnerability in Cisco IOS and IOS XE software, which has been actively exploited in the wild (added to the CISA KEV on September 29th), resulting in reported attacks affecting up to 2 million devices globally. | Vulnerebility blog | Eclypsium |
| 4.10.25 | Deserialization Leads to Command Injection in GoAnywhere MFT: CVE-2025-10035 | The SonicWall Capture Labs threat research team has identified a critical command injection vulnerability in GoAnywhere MFT. Tracked as CVE-2025-10035, this flaw allows attackers with a forged license response signature to deserialize malicious objects, potentially compromising the entire network access control infrastructure. | Vulnerebility blog | SonicWall |
| 4.10.25 | TOTOLINK X6000R: Three New Vulnerabilities Uncovered | We have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: | Vulnerebility blog | Palo Alto |
| 27.9.25 | Cyble Honeypots Detect Exploit Attempts of Nearly Two Dozen Vulnerabilities | Recent Cyble reports have detailed dozens of vulnerabilities under active attack by threat actors and ransomware groups. | Vulnerebility blog | Cyble |
| 27.9.25 | Exploited in the Wild: DELMIA Apriso Insecure Deserialization (CVE-2025-5086) | The SonicWall Capture Labs threat research team became aware of a deserialization of untrusted data vulnerability in DELMIA Apriso, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 20.9.25 | The Week in Vulnerabilities: 1000+ Bugs with 135 Publicly Known PoCs | This week, critical vulnerabilities in Apple, Zimbra, Samsung, and Adobe demand urgent attention as exploits surface in the wild and underground communities weaponize flaws. | Vulnerebility blog | Cyble |
| 20.9.25 | Critical ViewState Deserialization Zero-Day in Sitecore (CVE-2025-53690) | The SonicWall Capture Labs threat research team identified CVE-2025-53690 and assessed its impact. Sitecore is a widely used digital experience platform (DXP) that provides content management, personalization and e-commerce capabilities for enterprises. | Vulnerebility blog | Palo Alto |
| 20.9.25 | Microsoft Patch Tuesday for September 2025 – Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for September 2025, which includes 86 vulnerabilities affecting a range of products. | Vulnerebility blog | CISCO TALOS |
| 20.9.25 | HybridPetya: The Petya/NotPetya copycat comes with a twist | HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality | Vulnerebility blog | Eset |
| 13.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 13.9.25 | The Week in Vulnerabilities: ‘Patch Tuesday’ Yields 1,200 New Flaws | Vulnerabilities in SAP, Sophos, Adobe and Android were among the fixes issued by vendors during a very busy Patch Tuesday week. | Vulnerebility blog | Cyble |
| 13.9.25 | Australian Cyber Authorities Warn of Active Exploitation of SonicWall SSL Vulnerability (CVE-2024-40766) | ASD’s ACSC warns of active CVE-2024-40766 exploits in SonicWall SSL VPNs, allowing unauthorized access and firewall crashes across multiple device generations. | Vulnerebility blog | Cyble |
| 13.9.25 | SAP NetWeaver Metadata Uploader Vulnerability (CVE-2025-31324) | Executive Summary CVE-2025-31324 is a critical remote code execution (RCE) vulnerability affecting the SAP NetWeaver Development Server, one of the core components used in enterprise environments for application development and integration. The vulnerability stems from improper validation of uploaded... | Vulnerebility blog | Seqrite |
| 13.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 13.9.25 | Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass | UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal | Vulnerebility blog | Eset |
| 6.9.25 | ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | In a recent investigation, Mandiant Threat Defense discovered an active ViewState deserialization attack affecting Sitecore deployments leveraging a sample machine key that had been exposed in Sitecore deployment guides from 2017 and earlier. An attacker leveraged the exposed ASP.NET machine key to perform remote code execution. | Vulnerebility blog | Google Threat Intelligence |
| 6.9.25 | The Week in Vulnerabilities: Apple, Citrix Flaws Draw Threat Actor Interest | Several vulnerabilities this week were the focus of intense online discussion and face active exploitation. | Vulnerebility blog | Cyble |
| 6.9.25 | Apache NiFi Code Injection (CVE-2023-34468) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2023-34468, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 6.9.25 | ToolShell Unleashed: Decoding the SharePoint Attack Chain | A wave of active exploitation is targeting recently disclosed vulnerabilities in Microsoft SharePoint Server (CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771). Collectively referred to as ToolShell, these vulnerabilities impact self-hosted SharePoint Server 2016, 2019, and Subscription Edition, enabling unauthenticated remote code execution and security bypasses. | Vulnerebility blog | Trelix |
| 30.8.25 | The Week in Vulnerabilities: Threat Actors Claim Exploits, Zero Days | Cyble has detected new attack campaigns and threat actors claiming to offer vulnerability exploits and zero days for sale on the dark web. | Vulnerebility blog | Cyble |
| 30.8.25 | WinRAR Directory Traversal & NTFS ADS Vulnerabilities (CVE-2025-6218 & CVE-2025-8088) | Executive Summary Two high-severity vulnerabilities in WinRAR for Windows — CVE-2025-6218 and CVE-2025-8088 — allow attackers to write files outside the intended extraction directory. CVE-2025-6218 involves traditional path traversal, while CVE-2025-8088 extends the attack using NTFS Alternate Data Streams.. | Vulnerebility blog | Seqrite |
| 30.8.25 | CVE-2025-8671 – HTTP/2 MadeYouReset Vulnerability DDoS Attack | EXECUTIVE SUMMARY CVE-2025-8671, dubbed "MadeYouReset", is a newly disclosed HTTP/2 denial-of-service (DoS) vulnerability identified by researchers at Tel Aviv University an | Vulnerebility blog | Cyfirma |
| 30.8.25 | Critical RCE Vulnerabilities in Commvault: CVE-2025-57791 & CVE-2025-57790 | The SonicWall Capture Labs threat research team became aware of a critical chain of remote code execution (RCE) vulnerabilities in Commvault CommServe. | Vulnerebility blog | SonicWall |
| 30.8.25 | The Bug Report – August 2025 Edition | August's bug report is here. We break down active threats from Fortinet, Apple, and SAP to help you patch critical zero-days before it's too late. | Vulnerebility blog | Trelix |
| 23.8.25 | The Week in Vulnerabilities: Patch Tuesday Yields Hundreds of Vendor Fixes | Monthly fixes from IT vendors led to hundreds of newly disclosed vulnerabilities in the past week. Here are over a dozen to prioritize | Vulnerebility blog | Cyble |
| 23.8.25 | The Week in Vulnerabilities: 717 New Cybersecurity Flaws Reported! | Cyble found 717 new vulnerabilities, including 222 with PoCs and 17 in EOL products, exposing systems to growing cyberattack risks. | Vulnerebility blog | Cyble |
| 23.8.25 | Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth | We have detected a campaign aimed at gaining access to victims’ machines and monetizing access to their bandwidth. It functions by exploiting the CVE-2024-36401 vulnerability in the GeoServer geospatial database. This Critical-severity remote code execution vulnerability has a CVSS score of 9.8. Criminals have used the vulnerability to deploy legitimate software development kits (SDKs) or modified apps to gain passive income via network sharing or residential proxies. | Vulnerebility blog | Palo Alto |
| 17.8.25 | Check Point Research uncovered six fresh vulnerabilities in Microsoft Windows, including one critical flaw with ... | Vulnerebility blog | Checkpoint | |
| 17.8.25 | CVE-2025-54136 – MCPoison Key Insights Critical RCE Flaw in Popular AI-powered IDE Check Point Research ... | Vulnerebility blog | Checkpoint | |
| 17.8.25 | Keys to the Kingdom: Erlang/OTP SSH Vulnerability Analysis and Exploits Observed in the Wild | This article presents our observations of exploit attempts targeting CVE-2025-32433. This vulnerability allows unauthenticated remote code execution (RCE) in the Secure Shell (SSH) daemon (sshd) from certain versions of the Erlang programming language's Open Telecom Platform (OTP). | Vulnerebility blog | Palo Alto |
| 17.8.25 | Microsoft Security Bulletin Coverage for August 2025 | Microsoft’s August 2025 Patch Tuesday has 109 vulnerabilities, of which 44 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2025 and has produced coverage for seven of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 17.8.25 | Critical Unauthenticated RCE Vulnerability in Cisco ISE (CVE-2025-20281) | The SonicWall Capture Labs threat research team became aware of a critical remote code execution (RCE) vulnerability in Cisco Identity Services Engine (ISE). | Vulnerebility blog | SonicWall |
| 17.8.25 | Docassemble Path-Traversal + SSTI Enables RCE (CVE-2024-27292) | SonicWall Capture Labs threat research team became aware of the threat CVE-2024-27292, assessed its impact, and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 16.8.25 | CVE-2025-54136 – MCPoison Cursor IDE: Persistent Code Execution via MCP Trust Bypass | Cursor is a developer-focused AI IDE that combines local code editing with large language model (LLM) integrations. Due to its flexibility and deep LLM integration, Cursor is increasingly adopted by startups, research teams, and individual developers looking to integrate AI tooling directly into their development workflow. | Vulnerebility blog | Checkpoint |
| 16.8.25 | Microsoft Patch Tuesday for August 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for August 2025, which includes 111 vulnerabilities affecting a range of products, including 13 that Microsoft marked as “critical”. In this month's release, Microsoft observed none of the included vulnerabilities being ac | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | ReVault! When your SoC turns against you… deep dive edition | Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | WWBN, MedDream, Eclipse vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed seven vulnerabilities in WWBN AVideo, four in MedDream, and one in an Eclipse ThreadX module. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adheren | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | ReVault! When your SoC turns against you… | Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”. | Vulnerebility blog | CISCO TALOS |
| 16.8.25 | Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability | ESET Research discovered a zero-day vulnerability in WinRAR being exploited in the wild in the guise of job application documents; the weaponized archives exploited a path traversal flaw to compromise their targets | Vulnerebility blog | Eset |
| 16.8.25 | CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities | Two critical vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have been discovered in on-premise Microsoft SharePoint. | Vulnerebility blog | Cybereason |
| 16.8.25 | The Bug Report - July 2025 Edition | Beat the heat and the hackers! Our July 2025 Bug Report details unauthenticated RCEs & critical flaws in SharePoint, Git, FTP, and FortiWeb. Patch immediately! | Vulnerebility blog | Trelix |
| 26.7.25 | SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild | Sophos X-Ops sees exploitation across multiple customer estates | Vulnerebility blog | SOPHOS |
| 26.7.25 | Inside The ToolShell Campaign | FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and KeySiphon for stealthy remote code execution and credential theft. | Vulnerebility blog | FORTINET |
| 26.7.25 | Beyond Convenience: Exposing the Risks of VMware vSphere Active Directory Integration | Broadcom's VMware vSphere product remains a popular choice for private cloud virtualization, underpinning critical infrastructure. Far from fading, organizations continue to rely heavily on vSphere for stability and control. | Vulnerebility blog | Google Threat Intelligence |
| 26.7.25 | *Updated July 24, 2025 with latest findings from Check Point Research* Key findings: A critical ... | Vulnerebility blog | Checkpoint | |
| 26.7.25 | The Week in Vulnerabilities: Time to Exploit Continues to Fall | Of more than 900 new vulnerabilities in the last week, nearly 200 already have public Proofs-of-Concept (POC). | Vulnerebility blog | Cyble |
| 26.7.25 | Australian Cyber Security Centre Warns of an Active Exploit Taking Advantage of Microsoft SharePoint Vulnerability CVE-2025-53770 | ACSC warns of active exploits targeting CVE-2025-53770 on on-premises Microsoft SharePoint and urges urgent patching to prevent remote code execution attacks. | Vulnerebility blog | Cyble |
| 26.7.25 | Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771) | CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse. | Vulnerebility blog | Trend Micro |
| 26.7.25 | Citrix NetScaler Devices Memory Leak: CVE-2025-5777 | The SonicWall Capture Labs threat research team became aware of a pre-authentication memory leak vulnerability leading to information disclosure in Citrix NetScaler devices assessed its impact and developed mitigation measures. NetScaler ADC and NetScaler Gateway are both networking products from Citrix. NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) are primarily used for optimizing application delivery, enhancing security, and improving user experience across networks. | Vulnerebility blog | SonicWall |
| 26.7.25 | Bloomberg Comdb2 null pointer dereference and denial-of-service vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed five vulnerabilities in Bloomberg Comdb2. Comdb2 is an open source, high-availability database developed by Bloomberg. It supports features such as clustering, transactions, snapshots, and isolation. T | Vulnerebility blog | CISCO TALOS |
| 26.7.25 | ToolShell: Details of CVEs affecting SharePoint servers | Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019. | Vulnerebility blog | CISCO TALOS |
| 26.7.25 | ToolShell: An all-you-can-eat buffet for threat actors | ESET Research has been monitoring attacks involving the recently discovered ToolShell zero-day vulnerabilities | Vulnerebility blog | Eset |
| 26.7.25 | CVE-2025-53770 & CVE-2025-53771: Critical On-Prem SharePoint Vulnerabilities | Two critical vulnerabilities, tracked as CVE-2025-53770 and CVE-2025-53771, have been discovered in on-premise Microsoft SharePoint. | Vulnerebility blog | Cybereason |
| 26.7.25 | Critical SharePoint Vulnerabilities Under Active Exploitation | On-premises Microsoft SharePoint servers are currently facing high-impact, ongoing threat activity due to a set of critical vulnerabilities, notably CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771. | Vulnerebility blog | Trelix |
| 19.7.25 | CSA Issues Alert on Critical VMware Vulnerabilities: Patch Now, Experts Warn | Singapore’s Cyber Security Agency alerts critical VMware flaws risking code execution and data leaks. | Vulnerebility blog | Cyble |
| 19.7.25 | CVE-2025-5777 – Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2) | EXECUTIVE SUMMARY CVE‑2025‑5777 is a critical information disclosure vulnerability in Citrix NetScaler ADC and Gateway appliances, caused by unsafe memory handling in the | Vulnerebility blog | Cyfirma |
| 19.7.25 | Vulnerabilities in Netgear Firmware-Based IoT Devices In The Enterprise | Netgear (and similar) devices, such as IoT routers, have remained a significant target for vulnerability research and exploitation. This is due to their widespread use in both consumer and enterprise environments, their role as network edge devices, and the persistent challenge of securing firmware and managing patches. With over 500 security advisories released by Netgear, the scale of the problem is undeniable. | Vulnerebility blog | Eclypsium |
| 19.7.25 | Wing FTP Server Remote Code Execution: CVE-2025-47812 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Wing FTP Server, assessed its impact and developed mitigation measures. Wing FTP Server is a cross-platform FTP server software available for Windows, Linux, and macOS. It supports a range of protocols, including FTP, FTPS, HTTP, HTTPS, and SFTP, making it a flexible choice for secure file transfers. | Vulnerebility blog | SonicWall |
| 19.7.25 | Asus and Adobe vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities each in Asus Armoury Crate and Adobe Acrobat products. | Vulnerebility blog | CISCO TALOS |
| 12.7.25 | Count(er) Strike – Data Inference Vulnerability in ServiceNow | Varonis Threat Labs discovered a high severity vulnerability in ServiceNow’s platform that can lead to significant data exposure and exfiltration. | Vulnerebility blog | VARONIS |
| 12.7.25 | Microsoft Security Bulletin Coverage for July 2025 | Microsoft’s July 2025 Patch Tuesday has 127 vulnerabilities, 53 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2025 and has produced coverage for 12 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
| 12.7.25 | Unauthenticated File Upload-to-RCE in VvvebJs (CVE-2024-29272) | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-29272, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 11.7.25 | Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack | In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. | Vulnerebility blog | Palo Alto |
| 5.7.25 | The Week in Vulnerabilities: High-Risk IT and ICS Flaws Flagged by Cyble | Cyble threat intelligence researchers identified several high-risk IT and ICS flaws this week, including some under active exploitation. | Vulnerebility blog | Cyble |
| 5.7.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products D-Link | Teamcity | Netbox Fortnightly | Vulnerebility blog | Cyfirma |
| 5.7.25 | Eclypsium Releases Tools for Detecting AMI MegaRAC BMC Vulnerabilities | An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening in the wild. Organizations must inventory IT assets and then determine if a given vulnerability is present. | Vulnerebility blog | Eclypsium |
| 5.7.25 | Apache Under the Lens: Tomcat’s Partial PUT and Camel’s Header Hijack | In March 2025, Apache disclosed CVE-2025-24813, a vulnerability impacting Apache Tomcat. This is a widely used platform that allows Apache web servers to run Java-based web applications. The flaw allows remote code execution, affecting Apache Tomcat versions 9.0.0.M1 to 9.0.98, 10.1.0-M1 to 10.1.34 and 11.0.0-M1 to 11.0.2. | Vulnerebility blog | Palo Alto |
| 5.7.25 | Automagic Reverse Engineering | Overall, the required time to analyze a binary goes down with this approach, as a lot of manual tasks have been automated. Being able to run these scripts headless allows you to integrate them into your workflow of choice, making the methodology as flexible as possible. | Vulnerebility blog | Trelix |
| 5.7.25 | The Bug Report - June 2025 Edition | Stay cool this summer with June 2025’s top 4 CVEs: RCEs, NTLM exploits, router worms & a Google supply chain flaw. Read now to patch fast and stay safe. | Vulnerebility blog | Trelix |
| 29.6.25 | Threat Spotlight: CVE-2025-5777: Citrix Bleed 2 Opens Old Wounds | Citrix released an advisory for CVE-2025-5777 affecting NetScaler ADC and Gateway devices, allowing attackers to hijack user sessions and bypass authentication. | Vulnerebility blog | RELIAQUEST |
| 28.6.25 | Trix Shots: Remote Code Execution on Aviatrix Controller | This blog post highlights a Mandiant Red Team case study simulating an “Initial Access Brokerage” approach that discovered two vulnerabilities on Aviatrix Controller, a Software-Defined Networking (SDN) utility that allows for the creation of links between different cloud vendors and regions: | Vulnerebility blog | Google Threat Intelligence |
| 28.6.25 | A Historic First: BMC Vulnerability CVE-2024-054085 Joins CISA's Most Critical List | While BMC vulnerabilities have been reported for years, the inclusion of CVE-2024-54085 marks the first time that CISA has publicly acknowledged that these critical, foundational components are being exploited in the wild. | Vulnerebility blog | Eclypsium |
| 28.6.25 | ZendTo Vulnerability (CVE-2025-34508) Could Lead to Data Exposure and Service Disruption | The SonicWall Capture Labs threat research team became aware of CVE-2025-34508, a medium-severity (CVSS 6.3) path traversal vulnerability in the ZendTo file transfer application. ZendTo is an open-source, web-based tool commonly used by universities, research institutions, and enterprises to securely exchange large files with external users. | Vulnerebility blog | SonicWall |
| 28.6.25 | Decrement by one to rule them all: AsIO3.sys driver exploitation | Cisco Talos uncovered and analyzed two critical vulnerabilities in ASUS' AsIO3.sys driver, highlighting serious security risks and the importance of robust driver design. | Vulnerebility blog | CISCO TALOS |
| 27.6.25 | Surge in MOVEit Transfer Scanning Could Signal Emerging Threat Activity | GreyNoise has identified a notable surge in scanning activity targeting MOVEit Transfer systems, beginning on May 27, 2025. Prior to this date, scanning was minimal — typically fewer than 10 IPs observed per day. But on May 27, that number spiked to over 100 unique IPs, followed by 319 IPs on May 28. | Vulnerebility blog | GREYNOISE |
| 27.6.25 | Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk | We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000 developers. | Vulnerebility blog | KOI SECURITY |
| 26.6.25 | Responsible Disclosure: Vulnerabilities in SAP GUI Client (CVE-2025-0056 & CVE-2025-0055) | As an SAP Security Analyst and Lead Researcher at Pathlock, I believe that responsible security research is the foundation for maintaining secure IT environments. Today, I am excited to disclose research on two vulnerabilities in the SAP Graphical User Interface (SAP GUI) input history feature, which we identified together with Julian Petersohn of Fortinet. | Vulnerebility blog | PATHLOCK |
| 26.6.25 | nOAuth Abuse Alert: Full Account Takeover of Entra Cross-Tenant SaaS Applications | The nOAuth vulnerability exposes a critical authentication flaw in vulnerable software-as-a-service (SaaS) applications. With only access to an Entra tenant—a low barrier—and the target user’s email address, an attacker can take over that user’s account in the vulnerable application. From there, the attacker can access all the data that the target has access to within that application. | Vulnerebility blog | SEMPERIS |
| 21.6.25 | CERT-In Vulnerability Note Highlights Critical Security Risks in Ivanti, Trend Micro, Apache Kafka, and SAP Products | CERT-In Vulnerability Note reveals serious flaws in Ivanti, Trend Micro, Apache Kafka, and SAP products. | Vulnerebility blog | Cyble |
| 21.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 21.6.25 | Pre-Auth RCE Alert: Critical SSH Flaw in Erlang/OTP (CVE-2025-32433) | The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in Erlang/OTP (Open Telegram Platform) SSH server implementation, assessed its impact, and developed mitigation measures | Vulnerebility blog | SonicWall |
| 21.6.25 | Microsoft Patch Tuesday for June 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for June 2025, which includes 66 vulnerabilities affecting a range of products, including 10 that Microsoft marked as “critical.” | Vulnerebility blog | CISCO TALOS |
| 21.6.25 | catdoc zero-day, NVIDIA, High-Logic FontCreator and Parallel vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three zero-day vulnerabilities in catdoc, as well as vulnerabilities in Parallel, NVIDIA and High-Logic FontCreator 15. | Vulnerebility blog | CISCO TALOS |
| 18.6.25 | Team46 and TaxOff: two sides of the same coin | In March 2025, the Threat Intelligence Department of the Positive Technologies Expert Security Center (PT ESC) analyzed an attack that exploited a Google Chrome zero-day vulnerability (sandbox escape), which was registered around the same time and has since been tracked as CVE-2025-2783. | Vulnerebility blog | POSITIVE TECHNOLOGIES |
| 18.6.25 | Is b For Backdoor? Pre-Auth RCE Chain In Sitecore Experience Platform | Welcome to June! We’re back—this time, we're exploring Sitecore’s Experience Platform (XP), demonstrating a pre-auth RCE chain that we reported to Sitecore in February 2025. | Vulnerebility blog | labs.watchtowr |
| 18.6.25 | Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet | This blog uncovers an active campaign exploiting CVE-2025-3248 in Langflow versions before 1.3.0 that deploys the Flodrix botnet, enabling threat actors to achieve full system compromise, initiate DDoS attacks, and potentially exfiltrate sensitive data. | Vulnerebility blog | Trend Micro |
| 14.6.25 | Detecting Compromise of CVE-2024-3400 on Palo Alto Networks GlobalProtect Devices | Last month, Volexity reported on its discovery of zero-day, in-the-wild exploitation of CVE-2024-3400 in the GlobalProtect feature of Palo Alto Networks PAN-OS by a threat actor Volexity tracks as UTA0218. | Vulnerebility blog | VELOXITY |
| 14.6.25 | The Week in Vulnerabilities: Ivanti, Versa Flaws Flagged by Cyble | The week also included Patch Tuesday for many vendors, making it a busy one for security teams dealing... | Vulnerebility blog | Cyble |
| 14.6.25 | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) | Security Flaws in eMagicOne Store Manager for WooCommerce in WordPress (CVE-2025-5058 and CVE-2025-4603) The eMagicOne Store Manager for WooCommerce plugin is in WordPress used to simplify and improve store management by providing functionality not found in the normal WooCommerce... | Vulnerebility blog | Seqrite |
| 14.6.25 | Even More Holes In Your Boot: Critical UEFI Secure Boot Bypass Vulnerabilities | Short Description: CVE-2025-427 (aka “Hydroph0bia”), CVE-2025-3052, and CVE-2025-47827 expose fundamental flaws in how firmware handles Secure Boot validation. Affecting systems using UEFI firmware, these vulnerabilities allow attackers to bypass critical security controls and execute malicious code during early boot phases. Here’s what you need to know: | Vulnerebility blog | Eclypsium |
| 14.6.25 | Critical SAP Vulnerability Exposes Enterprises | CVE-2025-31324 in SAP NetWeaver Visual Composer enables unauthenticated file uploads, exposing systems to RCE and data loss - learn what to do about it. | Vulnerebility blog | Trend Micro |
| 14.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. | Vulnerebility blog | SonicWall |
| 14.6.25 | CVE-2025-33053, Stealth Falcon and Horus: A Saga of Middle Eastern Cyber Espionage | Check Point Research (CPR) discovered a new campaign conducted by the APT group Stealth Falcon. The attack used a .url file that exploited a zero-day vulnerability (CVE-2025-33053) to execute malware from an actor-controlled WebDAV server. | Vulnerebility blog | Checkpoint |
| 7.6.25 | Security Flaws in Chrome Extensions: The Hidden Dangers of Hardcoded Credentials | API keys, secrets, and tokens commonly left exposed in browser extensions’ code. | Vulnerebility blog | SYMANTEC BLOG |
| 7.6.25 | How a Malicious Excel File (CVE-2017-0199) Delivers the FormBook Payload | Read how a malicious Excel file exploits CVE-2017-0199 to deliver FormBook malware via phishing. | Vulnerebility blog | FOTINET |
| 7.6.25 | Versa Concerto: Understanding and Mitigating CVE-2025-34027 | EXECUTIVE SUMMARY In May 2025, a set of critical zero-day vulnerabilities was disclosed in Versa Concerto, a popular SD-WAN and SASE solution used across enterprises for secure | Vulnerebility blog | Cyfirma |
| 7.6.25 | SMM Callout Vulnerabilities in UEFI | Eclypsium Automata has identified multiple, separate SMM callout vulnerabilities in UEFI modules supplied by AMD and leading firmware vendor AMI. | Vulnerebility blog | Eclypsium |
| 7.6.25 | Cacti v1.2.25 CVE-2023-49085 and CVE-2023-49084 Enable SQLi, LFI, and RCE | SonicWall Capture Labs threat research team became aware of the threat CVE-2023-49085, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 7.6.25 | High-Severity Open Redirect Vulnerability in Grafana Leads to Account Takeover: CVE-2025-4123 | The SonicWall Capture Labs threat research team became aware of an open redirect vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is known for creating dynamic charts, graphs, and alerts based on data sources, making it a critical component in many monitoring stacks. | Vulnerebility blog | SonicWall |
| 1.6.25 | The Week in Vulnerabilities: Cyble Sensors Detect Attack Attempts on SAP, Ivanti | Attack attempts picked up by Cyble Sensors’ honeypots highlight threat actors’ resourcefulness and the need for strong security defenses. | Vulnerebility blog | Cyble |
| 1.6.25 | The Windows Registry Adventure #8: Practical exploitation of hive memory corruption | In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. | Vulnerebility blog | Project Zero |
| 24.5.24 | Critical SysAid XXE Vulnerabilities Expose Systems to Remote Exploitation (CVE-2025-2775–2777) | The SonicWall Capture Labs threat research team became aware of multiple critical XML External Entity (XXE) injection vulnerabilities in SysAid’s IT service management (ITSM) platform. SysAid is used by organizations to streamline and automate help desk operations, asset management and IT workflows, and is available as both a cloud-based and on-premises solution. | Vulnerebility blog | SonicWall |
| 24.5.24 | Threat Brief: CVE-2025-31324 (Updated May 23) | Update May 23, 2025: We have added further details and indicators of compromise (IoC) to this post, to provide defenders additional information to hunt with. This information can be found in the Appendix section. | Vulnerebility blog | Palo Alto |
| 24.5.24 | Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability | Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java. | Vulnerebility blog | F5 |
| 17.5.24 | Threat Brief: CVE-2025-31324 | On April 24, 2025, SAP disclosed CVE-2025-31324, a critical vulnerability with a CVSS score of 10.0 affecting the SAP NetWeaver's Visual Composer Framework, version 7.50. This threat brief shares a brief overview of the vulnerability and our analysis, and also includes details of what we’ve observed through our incident response services and telemetry. | Vulnerebility blog | Palo Alto |
| 17.5.24 | Sednit abuses XSS flaws to hit gov't entities, defense companies | Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EU | Vulnerebility blog | Eset |
| 10.5.24 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products Linux | D-Link | Totolink Fortnightly | Vulnerebility blog | Cyfirma |
| 10.5.24 | Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape | Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. We shared our findings with Apple and a fix was released for this vulnerability, now identified as CVE-2025-31191. We encourage macOS users to apply security updates as soon as possible. | Vulnerebility blog | Microsoft blog |
| 10.5.24 | CraftCMS Vulnerability Exposes Systems to Pre-Auth RCE, Now Exploited in the Wild (CVE-2025-32432) | The SonicWall Capture Labs threat research team became aware of a pre-authentication vulnerability in CraftCMS's asset transform generation feature, assessed its impact and developed mitigation measures. | Vulnerebility blog | Palo Alto |
| 25.4.25 | IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX | Get an overview on how the CVE-2025-1974 works, a proof-of-concept demo of the exploit, along with outlined mitigations and detection strategies. | Vulnerebility blog | FOTINET |
| 25.4.25 | Critical TorchServe Vulnerability (CVE-2023-43654) Enables Remote Code Execution | SonicWall Capture Lab's threat research team became aware of the threat CVE-2023-43654, assessed its impact and developed mitigation measures for this vulnerability. | Vulnerebility blog | SonicWall |
| 25.4.25 | CVE-2025-32433: Unauthenticated RCE Vulnerability in Erlang/OTP’s SSH Implementation | A critical vulnerability, tracked as CVE-2025-32433, has been discovered in the SSH server component of Erlang/Open Telecom Platform (OTP) | Vulnerebility blog | Cybereason |
| 25.4.25 | ReliaQuest Uncovers New Critical Vulnerability in SAP NetWeaver | On April 22, 2025, ReliaQuest published details of our investigation into exploitation activity targeting SAP NetWeaver systems that could enable unauthorized file uploads and execution of malicious files. On April 24, 2025, SAP disclosed "CVE-2025-31324," a critical vulnerability in SAP NetWeaver Visual Composer with the highest severity score of 10. | Vulnerebility blog | ReliaQuest |
| 25.4.25 | Security Analysis of Rack Ruby Framework: CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610 | Through a comprehensive security analysis conducted by OPSWAT's Red Team, security researchers Thai Do and Minh Pham identified multiple vulnerabilities impacting the Rack Ruby framework, specifically CVE-2025-25184, CVE-2025-27111, and CVE-2025-27610. | Vulnerebility blog | OPSWAT |
| 19.4.25 | Fortnightly Vulnerability Summary | Fortnightly Vulnerability Summary CHECK OUT THESE FAST FACTS ON FORTNIGHTLY OBSERVED VULNERABILITIES. Fortnight's Most Impacted Products Linux | ColdFusion | FrameMaker | Vulnerebility blog | Cyfirma |
| 19.4.25 | ZDI-23-1527 and ZDI-23-1528: The Potential Impact of Overly Permissive SAS Tokens on PC Manager Supply Chains | In ZDI-23-1527 and ZDI-23-1528 we uncover two possible scenarios where attackers could have compromised the Microsoft PC Manager supply chain. | Vulnerebility blog | Trend Micro |
| 19.4.25 | Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks | A previously disclosed vulnerability in NVIDIA Container Toolkit has an incomplete patch, which, if exploited, could put a wide range of AI infrastructure and sensitive data at risk. | Vulnerebility blog | Trend Micro |
| 19.4.25 | CVE-2025-29927: Next.js Middleware Can Be Bypassed with Crafted Header | The SonicWall Capture Labs threat research team became aware of an authorization bypass vulnerability in Next.js, assessed its impact, and developed mitigation measures. Next.js is a react framework designed to simplify building web applications, focusing on performance, SEO, and ease of use. It provides features like server-side rendering (SSR), static site generation (SSG), and automatic code splitting, making it a popular choice for building fast and scalable web applications. | Vulnerebility blog | SonicWall |
| 19.4.25 | CVE-2025-24054, NTLM Exploit in the Wild | CVE-2025-24054 is a vulnerability related to NTLM hash disclosure via spoofing, which can be exploited using a maliciously crafted .library-ms file. Active exploitation in the wild has been observed since March 19, 2025, potentially allowing attackers to leak NTLM hashes or user passwords and compromise systems. Although Microsoft released a patch on March 11, 2025, threat actors already had over a week to develop and deploy exploits before the vulnerability began to be actively abused. | Vulnerebility blog | Checkpoint |
| 19.4.25 | Eclipse and STMicroelectronics vulnerabilities | Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities found in Eclipse ThreadX and four vulnerabilities in STMicroelectronics. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adh | Vulnerebility blog | Palo Alto |
| 13.4.25 | Campaign Targets Amazon EC2 Instance Metadata via SSRF | Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS. | Vulnerebility blog | F5 |
| 12.4.25 | IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble | After investigating recent IT vulnerabilities, Cyble threat researchers identified eight high-priority fixes for security teams. | Vulnerebility blog | Cyble |
| 12.4.25 | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization | CVE-2025-24813: Remote Code Execution in Apache Tomcat via Malicious Session Deserialization Apache Tomcat is a popular, open-source web server and servlet container maintained by the Apache Software Foundation. It provides a reliable and scalable environment for executing Java Servlets... | Vulnerebility blog | Seqrite |
| 12.4.25 | Microsoft Security Bulletin Coverage for April 2025 | Microsoft’s April 2025 Patch Tuesday has 123 vulnerabilities, of which 49 are Elevation of Privilege. SonicWall Capture Labs' threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2025 and has produced coverage for ten of the reported vulnerabilities | Vulnerebility blog | SonicWall |
| 12.4.25 | Microsoft Patch Tuesday for April 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for April of 2025 which includes 126 vulnerabilities affecting a range of products, including 11 that Microsoft has marked as “critical”. | Vulnerebility blog | Palo Alto |
| 5.4.25 | Critical CrushFTP Authentication Bypass (CVE-2025-2825) Exposes Servers to Remote Attacks | The SonicWall Capture Labs threat research team became aware of an authentication bypass vulnerability in CrushFTP Servers, assessed its impact, and developed mitigation measures. CrushFTP is a resourceful enterprise-grade file transfer application used widely among organizations. It also supports multi-protocols for data exchange among systems and users with S3-compatible API access. | Vulnerebility blog | SonicWall |
| 5.4.25 | The Bug Report - March 2025 Edition | March Madness hits infosec: kernel bugs, Tomcat deserialization, and SonicWall shenanigans. Catch the highlights and patch fast before you’re benched! | Vulnerebility blog | Trelix |
|
29.3.25 |
CVE-2025-26633: How Water Gamayun Weaponizes MUIPath using MSC EvilTwin | Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. | Vulnerebility blog | |
|
29.3.25 |
A Deep Dive into Water Gamayun’s Arsenal and Infrastructure | Trend Research discusses the delivery methods, custom payloads, and techniques used by Water Gamayun, the suspected Russian threat actor abusing a zero-day vulnerability in the Microsoft Management Console framework (CVE-2025-26633) to execute malicious code on infected machines. | Vulnerebility blog | |
|
29.3.25 |
Critical Strapi Vulnerability Allows RCE via Server-Side Template Injection | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
29.3.25 |
Critical Apache Tomcat RCE Vulnerability (CVE-2025-24813) Under Active Exploitation | The SonicWall Capture Labs threat research team became aware of the threat CVE-2025-24813, assessed its impact and developed mitigation measures for the vulnerability. | Vulnerebility blog | SonicWall |
|
22.3.25 |
ZDI-CAN-25373: Windows Shortcut Exploit Abused as Zero-Day in Widespread APT Campaigns | Trend Zero Day Initiative™ (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows .lnk file vulnerability that enables hidden command execution. | Vulnerebility blog | |
|
22.3.25 |
Microsoft Security Bulletin Coverage for March 2025 | Microsoft’s March 2025 Patch Tuesday has 56 vulnerabilities, of which 23 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2025 and has produced coverage for 10 of the reported vulnerabilities. | Vulnerebility blog | SonicWall |
|
15.3.25 |
Critical Mautic Vulnerability (CVE-2024-47051) Enables Arbitrary File Uploads |
The SonicWall Capture Labs threat research team became aware of a critical arbitrary file upload in Mautic, assessed its impact, and developed mitigation measures. |
||
|
15.3.25 |
Enterprises Should Consider Replacing Employees’ Home TP-Link Routers |
An examination of CVE trends from February 2025 scanning data. |
||
|
15.3.25 |
Why Critical MongoDB Library Flaws Won't See Mass Exploitation |
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks. |
||
|
15.3.25 |
Check Point Research discovered a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. The campaigns are linked to Blind Eagle, also known as APT-C-36, and deliver malicious .url files, which cause a similar effect to the CVE-2024-43451 vulnerability |
|||
|
15.3.25 |
Thorsten picks apart some headlines, highlights Talos’ report on an unknown attacker predominantly targeting Japan, and asks, “Where is the victim, and does it matter?” |
|||
|
15.3.25 |
Microsoft Patch Tuesday for March 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for March of 2025 which includes 57 vulnerabilities affecting a range of products, including 6 that Microsoft marked as “critical”. |
||
|
22.2.25 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | Vulnerebility blog | |
|
22.2.25 | CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks | The Trend ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks. | Vulnerebility blog | |
|
22.2.25 | Critical Wazuh RCE Vulnerability (CVE-2025-24016): Risks, Exploits and Remediation | SonicWall Capture Labs threat research team has become aware of a critical remote code execution (RCE) vulnerability in Wazuh Server (CVE-2025-24016) and has implemented mitigating measures | Vulnerebility blog | |
|
22.2.25 | Microsoft Security Bulletin Coverage for February 2025 | Microsoft’s February 2025 Patch Tuesday has 57 vulnerabilities, of which 21 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2025 and has produced coverage for six of the reported vulnerabilities. | Vulnerebility blog | |
|
22.2.25 | Critical WordPress File Upload Vulnerability (CVE-2024-8856): Threat Analysis and SonicWall Protections | The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-8856, assessed its impact, and developed mitigation measures for this vulnerability. Since it is tied to CWE-434 (“Unrestricted Upload of File with Dangerous Type”) and listed in CISA bulletins, it signals a strong likelihood of active exploitation. | Vulnerebility blog | |
|
22.2.25 |
Windows Bug Class: Accessing Trapped COM Objects with IDispatch |
Object orientated remoting technologies such as DCOM and .NET Remoting make it very easy to develop an object-orientated interface to a service which can cross process and security boundaries. |
||
|
22.2.25 |
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update) |
Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. |
||
|
22.2.25 |
CVE-2025-23006: Critical Vulnerability Discovered in SonicWall SMA 1000 Series |
A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall SMA 1000 Series. | ||
|
22.2.25 |
Patch or perish: How organizations can master vulnerability management |
|||
|
22.2.25 | ||||
|
22.2.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|||
|
22.2.25 |
This article reviews nine vulnerabilities we recently discovered in two utilities called cuobjdump and nvdisasm, both from NVIDIA's Compute Unified Device Architecture (CUDA) Toolkit. |
|||
|
22.2.25 |
Microsoft Patch Tuesday for February 2025 — Snort rules and prominent vulnerabilities |
Microsoft has released its monthly security update for January of 2025 which includes 58 vulnerabilities, including 3 that Microsoft marked as “critical” and one marked as "moderate". The remaining vulnerabilities listed are classified as “important.” | ||
|
22.2.25 |
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed two vulnerabilities in ClearML and four vulnerabilities in Nvidia. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party |
|||
|
22.2.25 |
Small praise for modern compilers - A case of Ubuntu printing vulnerability that wasn’t |
During an earlier investigation of the macOS printing subsystem, IPP-USB protocol caught our attention. We decided to take a look at how other operating systems handle the same functionality. | ||
|
18.1.25 | Windows LDAP Denial of Service Vulnerability (CVE-2024-49113): Crucial Information and How to Stay Protected | OverviewThe SonicWall Capture Labs threat research team became aware of a denial-of-service vulnerability in the Windows Lightweight Directory Access (LDAP) Protocol, assessed its impact and developed... | Vulnerebility blog | SonicWall |
|
18.1.25 | Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17) | On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. | Vulnerebility blog | |
|
18.1.25 | Slew of WavLink vulnerabilities | Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application. The Wavlink AC3000 | Vulnerebility blog | |
|
18.1.25 | Microsoft Patch Tuesday for January 2025 — Snort rules and prominent vulnerabilities | Microsoft has released its monthly security update for January of 2025 which includes 159 vulnerabilities, including 10 that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.” | Vulnerebility blog | |
|
18.1.25 | UEFI Secure Boot: Not so secure | Vulnerebility blog | ||
|
18.1.25 | Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 | The story of a signed UEFI application allowing a UEFI Secure Boot bypass | Vulnerebility blog | |
|
11.1.25 | Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware. | Vulnerebility blog | |
|
11.1.25 | Apache Struts Path Traversal to RCE: CVE-2024-53677 | OverviewThe SonicWall Capture Labs threat research team became aware of an unauthenticated, remote code execution vulnerability in the Apache Struts 2 framework, assessed its impact, and developed mit... | Vulnerebility blog | SonicWall |
|
4.1.25 | What We Know About CVE-2024-49112 and CVE-2024-49113 | This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation. | Vulnerebility blog |