Category: Security

Cybersecurity Threat Advisory: Critical CentreStack and Triofox vulnerability
A critical security vulnerability, tracked as CVE-2025-30406, has been disclosed in Gladinet’s CentreStack and Triofox file-sharing platforms. According to reports, this flaw arises from the presence of hardcoded administrative credentials embedded in default software builds. Attackers can use these credentials...

Cybersecurity Threat Advisory: Windows zero-day vulnerability actively exploited
A newly discovered Windows zero-day vulnerability, CVE-2025-29824, is actively exploited by a targeted ransomware campaign involving the PipeMagic trojan. Continue reading this Cybersecurity Threat Advisory to limit the impact of this vulnerability. What is the threat? CVE-2025-29824 is critical flaw...

Cybersecurity Threat Advisory: Critical RCE flaw in Apache Roller blog server
Researchers have discovered a critical session management vulnerability within Apache Roller. It is being tracked as CVE-2025-24859 and has been assigned the maximum CVSS score of 10.0. Review the details in this Cybersecurity Threat Advisory to mitigate your risks. What...

Cybersecurity Threat Advisory: Critical Fortinet admin password change flaw
Fortinet has recently addressed a critical vulnerability in its FortiSwitch products, identified as CVE-2024-48887, with a CVSS score of 9.3. This “unverified password change” flaw allows remote, unauthenticated attackers to modify administrator passwords through specially crafted requests to the FortiSwitch...

Cybersecurity 2025 trends: GenAI and supply chains top of the threat list
It is hard to believe that we are now over three months into 2025. With Q1 in the books, we have approached the one-third of the year mark. This is a good time to pause and survey stakeholders and cybersecurity...

Cybersecurity Threat Advisory: Critical CrushFTP vulnerability
A critical CrushFTP, CVE-2025-2825, with a CVSS score of 9.8, flaw has been discovered. It enables attackers to bypass authentication on CrushFTP servers, posing a high-severity risk to corporate environments. Continue reading this Cybersecurity Threat Advisory for details on how...

Cybersecurity Threat Advisory: Critical Ivanti Connect Secure flaw
A critical vulnerability, identified as CVE-2025-22457, has been discovered in Ivanti Connect Secure (ICS) VPN appliances. This flaw is actively exploited in the wild, allowing attackers to execute arbitrary code remotely. Review the details within this Cybersecurity Threat Advisory to...

Cybersecurity Threat Advisory: Apache RCE vulnerability
A critical remote code execution (RCE) vulnerability in Apache Parquet, identified as CVE-2025-30065, with a CVSS score of 10.0, has been discovered. Continue reading this Cybersecurity Threat Advisory to learn how to effectively mitigate your risks. What is the threat?...

Threat Spotlight: The good, the bad, and the ‘gray bots’
This edition of the Threat Spotlight focuses on the ‘gray bots’. Bots are automated software programs designed to carry out online activities at scale. There are good bots — such as search engine crawler bots, SEO bots, and customer service...