Cybersecurity Threat Advisory: Critical Adobe Commerce flaw
A critical security vulnerability, tracked as CVE-2025-54236 (with a CVSS score of 9.1) is also known as “SessionReaper”. This vulnerability has been uncovered in Adobe Commerce and Magento Open Source. The flaw could allow cybercriminals to takeover customer accounts, putting...
Cybersecurity Threat Advisory: Passwordstate emergency patch released
Click Studios has released an emergency update for Passwordstate 9.9 to address a high-severity security vulnerability. According to the changelog, the flaw could be exploited to bypass authentication. Review the details in this Cybersecurity Threat Advisory to reduce your risk...
Cybersecurity Threat Advisory: Citrix patches NetScaler flaws
Citrix has issued patches for three zero-day vulnerabilities affecting NetScaler ADC and Gateway, including one that attackers have already begun exploiting. Review the details in this Cybersecurity Threat Advisory to reduce your risk from these threats. What is the threat?...
Cybersecurity Threat Advisory: Global Microsoft Exchange attack
A recent cyber campaign has compromised over 70 Microsoft Exchange servers across 26 countries by injecting JavaScript-based keyloggers into Outlook Web Access (OWA) login pages. Review the details of this Cybersecurity Threat Advisory to safeguard against these vulnerabilities. What is...
Cybersecurity Threat Advisory: Critical Fortinet vulnerability exploited by Qilin ransomware
The Qilin ransomware group is exploiting two critical Fortinet vulnerabilities that allow attackers to bypass authentication and execute remote code on vulnerable systems. Read this Cybersecurity Threat Advisory to discover the tactics used and the best practices you can implement...
Cybersecurity Threat Advisory: Google Chrome zero-day vulnerability
Google has issued a security update for Chrome desktop to address CVE-2025-5419, which has a CVSS score of 8.8. It is a critical zero-day flaw in the V8 JavaScript engine that is actively exploited by attackers. Continue to read this...
Cybersecurity Threat Advisory: Cisco critical vulnerability
Cisco has released software patches to fix a critical security flaw, CVE-2025-20188, affecting its IOS XE Wireless Controller software. With a maximum CVSS score of 10.0, the vulnerability could enable unauthenticated remote attackers to gain full root access to impacted...
Cybersecurity Threat Advisory: Critical CrushFTP vulnerability
A critical CrushFTP, CVE-2025-2825, with a CVSS score of 9.8, flaw has been discovered. It enables attackers to bypass authentication on CrushFTP servers, posing a high-severity risk to corporate environments. Continue reading this Cybersecurity Threat Advisory for details on how...
Cybersecurity Threat Advisory: Apache Tomcat vulnerability
A severe remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2025-24813, is actively exploited in the wild, allowing attackers to gain server control using a simple PUT request. Review the details in this Cybersecurity Threat Advisory to learn...
Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL
Security experts identified a critical PostgreSQL vulnerability, CVE-2025-1094, with a CVSS of 8.1. The vulnerability poses a significant risk to database integrity in enterprise and production environments. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks. What...
