Tag: Vulnerability

CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution 
CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution 

Zero-day vulnerabilities are no longer rare anomalies—they’re now a core weapon in the modern attacker’s arsenal, with exploitation activity escalating year over year. According to Google’s Threat Intelligence Group (GTIG), in 2024 alone, 75 zero-day vulnerabilities were exploited in the wild—a stark indicator of the growing threat to business-critical systems.  One of the latest critical […]

Read More
CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code Execution
CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code Execution

Following the disclosure of the Command Center CVE-2025-34028 vulnerability, researchers are now warning about another critical threat: a max-severity flaw in Craft CMS, tracked as CVE-2025-32432. Attackers are chaining it with a critical input validation bug in the Yii framework (CVE-2025-58136) to power zero-day attacks, leading to server breaches and data theft. By mid-April, around […]

Read More
CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE
CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE

Following the CVE-2025-30406 disclosure, an RCE flaw in the widely used Gladinet CentreStack and Triofox platforms, another highly critical vulnerability that could also allow remote execution of arbitrary code without authentication, is coming to the scene. The flaw, tracked as CVE-2025-34028, has been recently uncovered in the Command Center installation, which could lead to a […]

Read More
CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation
CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation

A critical vulnerability in the widely used Gladinet CentreStack and Triofox enterprise file sharing and remote access platforms has surfaced — and it’s already under active exploitation. At least seven organizations have reportedly been compromised through this flaw, tracked as  CVE-2025-30406. The root cause? A hard-coded cryptographic key that leaves internet-facing servers dangerously exposed to […]

Read More
CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks
CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks

Hot on the heels of the CVE-2025-1449 disclosure, a vulnerability in Rockwell Automation software, another critical security issue affecting widely used software products is now drawing the attention of the defenders. CVE-2025-29824 is a zero-day vulnerability in the Windows Common Log File System (CLFS) that gives threat actors the green light to escalate privileges to […]

Read More
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands

Hard on the heels of the disclosure of CVE-2025-24813, a RCE flaw in Apache Tomcat actively leveraged in the wild shortly after the release of its PoC, another vulnerability identified as CVE-2025-1449 that can be exploited remotely comes into the spotlight. Once weaponized,  CVE-2025-1449 gives admin-level threat actors the green light to run arbitrary commands. […]

Read More
CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE
CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE

Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting Ingress NGINX have been recently patched, posing a serious risk to the clusters. With over 40% of Kubernetes environments relying on Ingress NGINX, swift action is crucial to safeguard your systems and data against RCE attacks. […]

Read More
CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability 
CVE-2025-29927 Next.js Middleware Authorization Bypass Vulnerability 

Hot on the heels of the disclosure of CVE-2025-24813, a newly uncovered RCE vulnerability in Apache Tomcat—actively exploited just 30 hours after its public disclosure and PoC release—another critical security threat has now emerged. Tracked as CVE-2025-29927,  the newly uncovered vulnerability has been identified in the Next.js React framework, potentially giving adversaries the green light […]

Read More
CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild
CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild

A newly revealed RCE vulnerability in Apache Tomcat is under active exploitation, just 30 hours after its public disclosure and the release of a PoC. The successful exploitation of CVE-2025-24813 gives adversaries the green light to remotely execute code on targeted systems by leveraging unsafe deserialization. Detect CVE-2025-24813 Exploitation Attempts With the sharp increase in […]

Read More
CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks
CVE-2025-24201 Exploitation: Apple Fixes the WebKit Zero-Day Vulnerability Used in Sophisticated Attacks

Hot on the heels of the exploitation attempts of the medium-severity vulnerability in Espressif ESP32 Bluetooth chips, leveraged in over 1 billion devices, another security issue in a widely popular product, a cross-platform browser engine, WebKit, poses an increasing threat to organizations and individual users worldwide. Tracked as CVE-2025-24201, the newly uncovered zero-day vulnerability is […]

Read More