As the summer heat continues to climb, so does the surge of critical vulnerabilities in popular software products, intensifying the global cyber threat landscape. Hot on the heels of the disclosure of CVE-2025-25257, a critical flaw in Fortinet’s FortiWeb web application firewall, another high-impact vulnerability has emerged. Adversaries are exploiting a critical zero-day vulnerability in […]
Following the recent disclosure of CVE-2025-47981, a critical heap-based buffer overflow in Windows SPNEGO Extended Negotiation, security teams now face another major threat, this time affecting Fortinet’s FortiWeb web application firewall. Designated as CVE-2025-25257 and assigned a CVSS score of 9.6, this vulnerability is an unauthenticated SQL injection flaw that allows attackers to execute arbitrary […]
With over 1.4 billion devices running Windows and widespread adoption of Microsoft 365 and Azure, Microsoft technologies continue to form the foundation of modern enterprise infrastructure. However, this ubiquity also makes them an attractive target for threat actors. According to the 2025 BeyondTrust Microsoft Vulnerabilities Report findings, 2024 saw a record-breaking 1,360 Microsoft-related vulnerabilities — […]
Shortly after the disclosure of two Sudo-related local privilege escalation vulnerabilities affecting major Linux distributions, attention has shifted to a critical security issue in NetScaler ADC, which has already been exploited in the wild. The vulnerability tracked as CVE-2025-5777 is characterized as a memory overflow issue that may lead to unexpected control flow and potential […]
Following the disclosure of two local privilege escalation (LPE) vulnerabilities, CVE-2025-6018 and CVE-2025-6019, less than a month ago, that impact major Linux distributions, a new wave of security flaws targeting Linux systems has recently emerged. Security researchers have identified two local privilege escalation vulnerabilities, tracked as CVE-2025-32462 and CVE-2025-32463, that affect a widely used Sudo […]
As the summer heat intensifies, so does the wave of critical vulnerabilities heating up the cyber threat landscape. Hot on the heels of the disclosure of the CVE-2025-49144 vulnerability in Notepad++, multiple critical flaws in Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) have come to light. The newly identified flaws tracked […]
The summer season has proven to be alarmingly hot, not due to rising temperatures, but because of a surge in critical cybersecurity vulnerabilities. Threat actors have ramped up exploitation efforts, targeting widely used software and systems. Recent examples include CVE-2025-6018 and CVE-2025-6019, two local privilege escalation (LPE) flaws targeting major Linux distributions, as well as […]
June has been a challenging month for cybersecurity teams, with a wave of high-impact vulnerabilities disrupting the threat landscape. After the disclosure of a newly patched XSS zero-day in Grafana (CVE-2025-4123), affecting over 46,500 active instances, two other critical flaws have surfaced that can be chained together, significantly increasing the potential for exploitation. Adversaries can […]
June has been a turbulent month for cyber defenders, marked by a surge of high-profile vulnerabilities shaking the security landscape. Following the exploitation of SimpleRMM flaws by the DragonForce ransomware group and the active use of the CVE-2025-33053 WebDAV zero-day by the Stealth Falcon APT, researchers have now identified yet another critical threat. A newly […]
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert notifying about ransomware actors abusing unpatched vulnerabilities in SimpleHelp’s Remote Monitoring and Management (RMM) software—a tactic increasingly used to compromise organizations since early 2025. With over 21,000 new CVEs already logged by NIST this year, cybersecurity teams are under growing pressure to stay ahead. […]