Tag: critical vulnerability

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability

Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability

Attackers are actively exploiting CVE-2025-40599, a critical vulnerability in SonicWall’s Secure Mobile Access (SMA) devices, to upload arbitrary files and gain unauthorized access. This flaw enables them to execute malicious code and compromise affected systems. The Akira ransomware group is...

/ August 8, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability

Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability

CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...

/ July 23, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical CrushFTP vulnerability

Cybersecurity Threat Advisory: Critical CrushFTP vulnerability

A critical CrushFTP, CVE-2025-2825, with a CVSS score of 9.8, flaw has been discovered. It enables attackers to bypass authentication on CrushFTP servers, posing a high-severity risk to corporate environments. Continue reading this Cybersecurity Threat Advisory for details on how...

/ April 10, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exploited Cisco backdoor flaw

Cybersecurity Threat Advisory: Exploited Cisco backdoor flaw

CVE-2024-20439 is a critical authentication bypass vulnerability in Cisco’s Smart Licensing Utility (CSLU). Attackers exploit this backdoor to gain unauthorized administrative access to vulnerable systems. The vulnerability affects specific versions of the standalone CSLU software, which is used to manage...

/ April 5, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Next.js vulnerability

Cybersecurity Threat Advisory: Critical Next.js vulnerability

A critical security flaw, CVE-2025-29927, with a CVSS score of 9.1, has been found affecting the Next.js React framework. This vulnerability lets attackers bypass middleware authorization checks and access parts of a web application that should remain restricted. To protect...

/ March 25, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical AMI BMC vulnerability

Cybersecurity Threat Advisory: Critical AMI BMC vulnerability

AMI has disclosed a critical vulnerability, CVE-2024-54085, with a CVSS score of 10.0. This vulnerability allows attackers to gain remote access and execute malicious commands. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk. What is...

/ March 19, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL

Cybersecurity Threat Advisory: Critical vulnerability in PostgreSQL

Security experts identified a critical PostgreSQL vulnerability, CVE-2025-1094, with a CVSS of 8.1. The vulnerability poses a significant risk to database integrity in enterprise and production environments. Review this Cybersecurity Threat Advisory to learn how to mitigate your risks. What...

/ February 28, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Juniper vulnerability

Cybersecurity Threat Advisory: Critical Juniper vulnerability

A critical vulnerability, CVE-2025-21589, is found in Juniper Networks’ Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. This flaw enables threat actors to bypass authentication mechanisms and gain administrative control over affected devices. Continue reading this Cybersecurity...

/ February 19, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft SharePoint connector vulnerability

Cybersecurity Threat Advisory: Microsoft SharePoint connector vulnerability

A critical security vulnerability was identified in Microsoft Power Platform’s SharePoint connector. The flaw allows attackers to harvest user credentials and perform unauthorized actions within the platform upon a successful exploitation. Continue reading this Cybersecurity Threat Advisory to learn how...

/ February 4, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Aviatrix Controller vulnerability

Cybersecurity Threat Advisory: Aviatrix Controller vulnerability

A critical security vulnerability in the Aviatrix Controller cloud networking platform has been discovered and is actively exploited by threat actors to deploy backdoors and cryptocurrency miners. Multiple cloud deployments have reported that they have been compromised following this disclosure....

/ January 15, 2025