Cybersecurity Threat Advisory: Critical GitHub vulnerability
Researchers have recently disclosed details of a critical vulnerability affecting GitHub and GitHub Enterprise Server that could allow authenticated users to achieve remote code execution using a single git push command. The flaw has raised concerns about the security of millions...
Cybersecurity Threat Advisory: Axios NPM compromised by supply chain attack
The widely used HTTP client Axios was compromised recently in an incident that many researchers are attributing to a North Korean–linked cyberattack. Attackers gained access to the NPM account of an Axios maintainer, “jasonsaayman,” and published two malicious versions of...
Cybersecurity Threat Advisory: Apache ZooKeeper vulnerability
Recently, two important‑level severity vulnerabilities were identified in Apache ZooKeeper, a service widely used for configuration management and naming in distributed applications. These issues make timely security updates critical. The vulnerabilities could allow attackers to access sensitive configuration data or...
Cybersecurity Threat Advisory: Critical VMware vCenter Server vulnerability
CISA has added a critical VMware vCenter Server vulnerability to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. The flaw is tracked as CVE‑2024‑37079 with a CVSS score of 9.8. It was originally patched in June 2024...
Cybersecurity Threat Advisory: Urgent patch for Trend Micro RCE flaw
Trend Micro has released security updates addressing multiple vulnerabilities in on-premises versions of Apex Central. The most critical issue, CVE-2025-69258 with a CVSS score of 9.8, is a remote code execution vulnerability in LoadLibraryEX. Two other vulnerabilities, CVE-2025-69259 with a...
Cybersecurity Threat Advisory: Oracle Identity Manager vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical flaw impacting Oracle Identity Manager to its Known Exploited Vulnerabilities (KEV) catalog. Read this Cybersecurity Threat Advisory to learn about the current risk and apply relevant patches now. What...
Cybersecurity Threat Advisory: Oracle E-Business Suite vulnerability
Oracle has issued a warning about a new security flaw in its E-Business Suite (EBS), tracked as CVE-2025-61884, with a CVSS score of 7.5. This vulnerability is remotely exploitable without authentication via HTTP and targets Oracle Configurator, a module used...
Cybersecurity Threat Advisory: Fake password managers
LastPass has issued a warning about a widespread cyber campaign targeting macOS users. Malicious software is being disguised as legitimate applications and distributed through fake GitHub repositories. Read this Cybersecurity Threat Advisory to stay informed and protect your data. What...
Cybersecurity Threat Advisory: SonicWall VPN attacked
There has been a rise in ransomware attacks targeting SonicWall. Many incidents trace back to migrations from Gen 6 to Gen 7 firewalls, where local user passwords were carried over without being reset. Review this Cybersecurity Threat Advisory to ensure...
Cybersecurity Threat Advisory: Microsoft Exchange high-severity vulnerability
CVE-2025-53786 is a high-severity vulnerability affecting Microsoft Exchange servers, allowing attackers to move laterally within Microsoft cloud environments and potentially compromise entire domains. Currently, approximately 29,000 Exchange servers remain unpatched, leaving organizations exposed to significant risk. Review the information in...
