Tag: Vulnerability

BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory
BadSuccessor Detection: Critical Windows Server Vulnerability Can Compromise Any User in Active Directory

Following the disclosure of CVE-2025-4427 and CVE-2025-4428, two Ivanti EPMM vulnerabilities that can be chained for RCE, another critical security issue has emerged, posing a severe threat to organizations that rely on Active Directory (AD). A recently uncovered privilege escalation vulnerability in Windows Server 2025 gives attackers the green light to gain control over any […]

Read More
ELPACO-Team Ransomware Attack Detection: Hackers Exploit Atlassian Confluence Vulnerability (CVE-2023-22527) to Gain RDP Access and Enable RCE
ELPACO-Team Ransomware Attack Detection: Hackers Exploit Atlassian Confluence Vulnerability (CVE-2023-22527) to Gain RDP Access and Enable RCE

In today’s fast-evolving ransomware landscape, threat actors are accelerating their tactics to gain access and deploy payloads with alarming speed. Increasingly, attackers are leveraging known vulnerabilities as entry points, as seen in a recent attack where adversaries exploited CVE-2023-22527, a maximum-severity template injection flaw in Atlassian Confluence, to compromise an internet-exposed system. Just 62 hours […]

Read More
CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE 
CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE 

Following the disclosure of CVE-2025-31324, an unauthenticated file upload vulnerability in SAP NetWeaver enabling RCE, two more security flaws have surfaced in Ivanti Endpoint Manager Mobile (EPMM) software. Identified as CVE-2025-4427 and CVE-2025-4428, these vulnerabilities can be chained together to achieve RCE on vulnerable devices without requiring authentication. Detect CVE-2025-4427 and CVE-2025-4428 Exploit Chain With […]

Read More
CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution 
CVE-2025-31324 Detection: SAP NetWeaver Zero-Day Under Active Exploitation Exposes Critical Systems to Remote Code Execution 

Zero-day vulnerabilities are no longer rare anomalies—they’re now a core weapon in the modern attacker’s arsenal, with exploitation activity escalating year over year. According to Google’s Threat Intelligence Group (GTIG), in 2024 alone, 75 zero-day vulnerabilities were exploited in the wild—a stark indicator of the growing threat to business-critical systems.  One of the latest critical […]

Read More
CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code Execution
CVE-2025-32432: Critical Craft CMS Vulnerability Is Actively Exploited in Zero-Day Attacks, Leads to Remote Code Execution

Following the disclosure of the Command Center CVE-2025-34028 vulnerability, researchers are now warning about another critical threat: a max-severity flaw in Craft CMS, tracked as CVE-2025-32432. Attackers are chaining it with a critical input validation bug in the Yii framework (CVE-2025-58136) to power zero-day attacks, leading to server breaches and data theft. By mid-April, around […]

Read More
CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE
CVE-2025-34028 Detection: A Maximum-Severity Vulnerability in the Commvault Command Center Enables RCE

Following the CVE-2025-30406 disclosure, an RCE flaw in the widely used Gladinet CentreStack and Triofox platforms, another highly critical vulnerability that could also allow remote execution of arbitrary code without authentication, is coming to the scene. The flaw, tracked as CVE-2025-34028, has been recently uncovered in the Command Center installation, which could lead to a […]

Read More
CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation
CVE-2025-30406 Detection: Critical RCE Vulnerability in Gladinet CentreStack & Triofox Under Active Exploitation

A critical vulnerability in the widely used Gladinet CentreStack and Triofox enterprise file sharing and remote access platforms has surfaced — and it’s already under active exploitation. At least seven organizations have reportedly been compromised through this flaw, tracked as  CVE-2025-30406. The root cause? A hard-coded cryptographic key that leaves internet-facing servers dangerously exposed to […]

Read More
CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks
CVE-2025-29824 Vulnerability: Exploitation of a Windows CLFS Zero-Day Could Trigger Ransomware Attacks

Hot on the heels of the CVE-2025-1449 disclosure, a vulnerability in Rockwell Automation software, another critical security issue affecting widely used software products is now drawing the attention of the defenders. CVE-2025-29824 is a zero-day vulnerability in the Windows Common Log File System (CLFS) that gives threat actors the green light to escalate privileges to […]

Read More
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands
CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands

Hard on the heels of the disclosure of CVE-2025-24813, a RCE flaw in Apache Tomcat actively leveraged in the wild shortly after the release of its PoC, another vulnerability identified as CVE-2025-1449 that can be exploited remotely comes into the spotlight. Once weaponized,  CVE-2025-1449 gives admin-level threat actors the green light to run arbitrary commands. […]

Read More
CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE
CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE

Heads-up for Kubernetes admins! A batch of five critical vulnerabilities called “IngressNightmare” (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974) affecting Ingress NGINX have been recently patched, posing a serious risk to the clusters. With over 40% of Kubernetes environments relying on Ingress NGINX, swift action is crucial to safeguard your systems and data against RCE attacks. […]

Read More