Cybersecurity Threat Advisory: Apple security updates for iOS vulnerabilities
Apple has released urgent security updates for older iPhones and iPads to address multiple vulnerabilities actively exploited in the wild via the Coruna exploit kit—a sophisticated attack framework used by both espionage groups and cybercriminals. Read this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Critical FortiCloud SSO flaws
Fortinet has disclosed two critical authentication bypass vulnerabilities in its FortiCloud SSO login feature. Both carry a CVSS score of 9.8, signaling near-maximum severity. Read this Cybersecurity Threat Advisory for more details on how to secure your network infrastructure. What...
Cybersecurity Threat Advisory: Critical Microsoft Entra ID vulnerability
A critical token validation vulnerability, tracked as CVE-2025-55241 with a CVSS of 10, in Microsoft Entra ID has been discovered. This flaw could have allowed attackers to impersonate any user, including global admins, across any tenant. Continue reading this Cybersecurity...
Cybersecurity Threat Advisory: SonicWall SSL VPN targeted by Akira ransomware – updated
Update: This post was updated on August 7, 2025, to reflect corrected information regarding this threat. An Akira ransomware campaign is specifically targeting SonicWall SSL VPN devices. Attackers are actively exploiting these vulnerabilities to gain unauthorized access to corporate networks....
Cybersecurity Threat Advisory: Critical SSL.com vulnerability
A significant flaw has been identified in SSL.com’s Domain Control Validation (DCV) process, which poses a risk of issuing unauthorized SSL/TLS certificates. This vulnerability could expose trusted domains to impersonation, man-in-the-middle (MITM) attacks, and the interception of encrypted traffic. We recommend...
Cybersecurity Threat Advisory: Critical Ivanti vulnerability found in appliances
Researchers identified a critical vulnerability, CVE-2025-0282, that affects Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons, zero trust access (ZTA) gateways. This vulnerability can enable unauthenticated remote code execution (RCE), allow attackers to compromise the security and integrity of...
Cybersecurity Threat Advisory: Critical Ingress vulnerabilities
Researchers identified several critical vulnerabilities in the Ingress NGINX Controller for Kubernetes, including CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974. These flaws enables threat actors to execute unauthenticated remote code. Review the details of this Cybersecurity Threat Advisory to keep your...
Cybersecurity Threat Advisory: Vulnerability within TP-Link routers
A vulnerability that could lead to critical status, tracked as CVE-2023-1389, was identified in TP-Link Archer AX-21 routers. The Ballista botnet is currently exploiting this vulnerability, which can spread automatically across the web. Continue reading this Cybersecurity Threat Advisory to...
Cybersecurity Threat Advisory: Critical Juniper vulnerability
A critical vulnerability, CVE-2025-21589, is found in Juniper Networks’ Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. This flaw enables threat actors to bypass authentication mechanisms and gain administrative control over affected devices. Continue reading this Cybersecurity...
Cybersecurity Threat Advisory: Severe Cisco ISE vulnerabilities
Two critical vulnerabilities have been identified in Cisco’s Identity Services Engine (ISE). These vulnerabilities can enable attackers to execute arbitrary commands with root privileges and bypass authorization mechanisms, potentially compromising the security and integrity of network access controls. Continue reading...
