Category: Security
Cybersecurity Threat Advisory: Critical CrushFTP vulnerability
A critical CrushFTP, CVE-2025-2825, with a CVSS score of 9.8, flaw has been discovered. It enables attackers to bypass authentication on CrushFTP servers, posing a high-severity risk to corporate environments. Continue reading this Cybersecurity Threat Advisory for details on how...
Cybersecurity Threat Advisory: Critical Ivanti Connect Secure flaw
A critical vulnerability, identified as CVE-2025-22457, has been discovered in Ivanti Connect Secure (ICS) VPN appliances. This flaw is actively exploited in the wild, allowing attackers to execute arbitrary code remotely. Review the details within this Cybersecurity Threat Advisory to...
Cybersecurity Threat Advisory: Apache RCE vulnerability
A critical remote code execution (RCE) vulnerability in Apache Parquet, identified as CVE-2025-30065, with a CVSS score of 10.0, has been discovered. Continue reading this Cybersecurity Threat Advisory to learn how to effectively mitigate your risks. What is the threat?...
Threat Spotlight: The good, the bad, and the ‘gray bots’
This edition of the Threat Spotlight focuses on the ‘gray bots’. Bots are automated software programs designed to carry out online activities at scale. There are good bots — such as search engine crawler bots, SEO bots, and customer service...
Cybersecurity Threat Advisory: Exploited Cisco backdoor flaw
CVE-2024-20439 is a critical authentication bypass vulnerability in Cisco’s Smart Licensing Utility (CSLU). Attackers exploit this backdoor to gain unauthorized administrative access to vulnerable systems. The vulnerability affects specific versions of the standalone CSLU software, which is used to manage...
Cybersecurity Threat Advisory: Critical Ivanti vulnerability found in appliances
Researchers identified a critical vulnerability, CVE-2025-0282, that affects Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons, zero trust access (ZTA) gateways. This vulnerability can enable unauthenticated remote code execution (RCE), allow attackers to compromise the security and integrity of...
The SOC case files: RansomHub exploits FortiGate bug in attack blocked by XDR
Barracuda’s Managed XDR team recently contained a determined and complex attack by a ransomware gang. The attackers had been trying to find a way into a manufacturing company’s network since December 2024 and finally succeeded by exploiting an exposed firewall...
Staying Ahead cybersecurity risks stemming from global events
News events can often serve as a gateway for hackers. Disasters or wars provide cybercriminals with immediate opportunities for phishing attacks, while political unrest opens doors for exploitation and financial gain. Even seemingly positive news can pose cybersecurity risks. For...
Cybersecurity Threat Advisory: Microsoft zero-day vulnerability
Microsoft disclosed a vulnerability, CVE-2025-26633, affecting the Microsoft Management Console (MMC). A known threat actor called EncryptHub is exploiting it. Read this Cybersecurity Threat Advisory to learn how to mitigate your risks from this zero-day vulnerability. What is the threat?...
Cybersecurity Threat Advisory: Critical NetApp SnapCenter vulnerability
NetApp SnapCenter disclosed a critical security vulnerability, identified as CVE-2025-26512. This flaw enables authenticated users to escalate their privileges and gain unauthorized administrative access upon successful exploitation. Continue reading this Cybersecurity Threat Advisory to learn more about this vulnerability and...
