Cybersecurity Threat Advisory: Critical VMware vCenter Server vulnerability
CISA has added a critical VMware vCenter Server vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The flaw is tracked as CVE‑2024‑37079 with a CVSS score of 9.8. It was originally patched in June 2024...
Cybersecurity Threat Advisory: Urgent patch for Trend Micro RCE flaw
Trend Micro has released security updates addressing multiple vulnerabilities in on-premises versions of Apex Central. The most critical issue, CVE-2025-69258 with a CVSS score of 9.8, is a remote code execution vulnerability in LoadLibraryEX. Two other vulnerabilities, CVE-2025-69259 with a...
Cybersecurity Threat Advisory: Oracle Identity Manager vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. Read this Cybersecurity Threat Advisory to learn about the current risk and apply relevant patches now. What...
Cybersecurity Threat Advisory: Oracle E-Business Suite vulnerability
Oracle has issued a warning about a new security flaw in its E-Business Suite (EBS), tracked as CVE-2025-61884, with a CVSS score of 7.5. This vulnerability is remotely exploitable without authentication via HTTP and targets Oracle Configurator, a module used...
Cybersecurity Threat Advisory: Fake password managers
LastPass has issued a warning about a widespread cyber campaign targeting macOS users. Malicious software is being disguised as legitimate applications and distributed through fake GitHub repositories. Read this Cybersecurity Threat Advisory to stay informed and protect your data. What...
Cybersecurity Threat Advisory: SonicWall VPN attacked
There has been a rise in ransomware attacks targeting SonicWall. Many incidents trace back to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over without being reset. Review this Cybersecurity Threat Advisory to ensure...
Cybersecurity Threat Advisory: Microsoft Exchange high-severity vulnerability
CVE-2025-53786 is a high-severity vulnerability affecting Microsoft Exchange servers, allowing attackers to move laterally within Microsoft cloud environments and potentially compromise entire domains. Currently, approximately 29,000 Exchange servers remain unpatched, leaving organizations exposed to significant risk. Review the information in...
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability
CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...
Cybersecurity Threat Advisory: New OpenSHH vulnerabilities
Two OpenSSH vulnerabilities, CVE-2025-26465 and CVE-2025-26466, affect multiple versions of OpenSSH. These vulnerabilities can be exploited for man-in-the-middle (MitM) attacks or cause a denial-of-service (DoS) attack. Review this Cybersecurity Threat Advisory to mitigate your risk. What is the threat? OpenSSH...
Cybersecurity Threat Advisory: SonicWall SMA1000 vulnerability
A pre-authentication deserialization vulnerability has been discovered in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) and is already being used in zero-day attacks. Review the details within this Cybersecurity Threat Advisory to protect your organization. What...
