Tag: critical vulnerability

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Linux sudo vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical Linux sudo vulnerability

Security researchers have uncovered a serious vulnerability in sudo, the tool that runs commands with elevated privileges on Linux systems. It is tracked as CVE-2025-32463 and carries a CVSS score of 9.3. This flaw poses a serious risk to Linux...

/ October 2, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Microsoft Entra ID vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical Microsoft Entra ID vulnerability

A critical token validation vulnerability, tracked as CVE-2025-55241 with a CVSS of 10, in Microsoft Entra ID has been discovered. This flaw could have allowed attackers to impersonate any user, including global admins, across any tenant. Continue reading this Cybersecurity...

/ September 23, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability

Attackers are actively exploiting CVE-2025-40599, a critical vulnerability in SonicWall’s Secure Mobile Access (SMA) devices, to upload arbitrary files and gain unauthorized access. This flaw enables them to execute malicious code and compromise affected systems. The Akira ransomware group is...

/ August 8, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability

CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...

/ July 23, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical CrushFTP vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical CrushFTP vulnerability

A critical CrushFTP, CVE-2025-2825, with a CVSS score of 9.8, flaw has been discovered. It enables attackers to bypass authentication on CrushFTP servers, posing a high-severity risk to corporate environments. Continue reading this Cybersecurity Threat Advisory for details on how...

/ April 10, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exploited Cisco backdoor flaw
FeaturedSecurity

Cybersecurity Threat Advisory: Exploited Cisco backdoor flaw

CVE-2024-20439 is a critical authentication bypass vulnerability in Cisco’s Smart Licensing Utility (CSLU). Attackers exploit this backdoor to gain unauthorized administrative access to vulnerable systems. The vulnerability affects specific versions of the standalone CSLU software, which is used to manage...

/ April 5, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Next.js vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical Next.js vulnerability

A critical security flaw, CVE-2025-29927, with a CVSS score of 9.1, has been found affecting the Next.js React framework. This vulnerability lets attackers bypass middleware authorization checks and access parts of a web application that should remain restricted. To protect...

/ March 25, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical AMI BMC vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical AMI BMC vulnerability

AMI has disclosed a critical vulnerability, CVE-2024-54085, with a CVSS score of 10.0. This vulnerability allows attackers to gain remote access and execute malicious commands. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is...

/ March 19, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL
FeaturedSecurity

Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL

Security experts identified a critical PostgreSQL vulnerability, CVE-2025-1094, with a CVSS of 8.1. The vulnerability poses a significant risk to database integrity in enterprise and production environments. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks. What...

/ February 28, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Juniper vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Critical Juniper vulnerability

A critical vulnerability, CVE-2025-21589, is found in Juniper Networks’ Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. This flaw enables threat actors to bypass authentication mechanisms and gain administrative control over affected devices. Continue reading this Cybersecurity...

/ February 19, 2025
1 2 3 6