Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability
CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...
Cybersecurity Threat Advisory: Microsoft SharePoint zero-day vulnerability
Attackers are actively exploiting CVE-2025-53770, a critical zero-day vulnerability in Microsoft SharePoint, to execute remote code without authentication. This flaw allows attackers to deploy persistent malware and potentially exfiltrate sensitive data from unpatched on-premises environments. Review the full details in...
Cybersecurity Threat Advisory: FileFix attack weaponizes Windows File Explorer
Security researchers have uncovered a new attack method known as “FileFix,” which exploits Windows File Explorer to execute stealthy PowerShell commands. By abusing legitimate Windows functionality, attackers can run malicious code while evading traditional security controls. Read this Cybersecurity Threat...
Cybersecurity Threat Advisory: Microsoft SQL server zero-day vulnerability
A critical information disclosure vulnerability has been identified in Microsoft SQL Server, designated as CVE-2025-49719 with a CVSS score of 7.5. This vulnerability allows unauthorized attackers to access sensitive data over a network, posing a serious risk to organizations that...
Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability
A high-severity SQL injection vulnerability, CVE-2025-25257, in Fortinet FortiWeb enables pre-authenticated remote code execution (RCE). It has a a CVSS score of 9.8. Review the details in this Cybersecurity Threat Advisory to keep your environment safe. What is the threat?...
Cybersecurity Threat Advisory: Fortinet FortiOS buffer overflow vulnerability
Fortinet disclosed a FortiOS operating system vulnerability, CVE-2025-24477, which has a CVSS score of 4.0. This vulnerability enables an authorized attacker to execute arbitrary code or commands to escalate privileges. Review the details of this Cybersecurity Threat Advisory to protect...
Cybersecurity Threat Advisory: Cisco Unified CM backdoor account removal
Cisco removed a backdoor account from its Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME), tracked as CVE-2025-20309. This critical vulnerability, with a CVSS score of 10, enabled unauthorized remote access to unpatched...
Cybersecurity Threat Advisory: Zero-day Chrome vulnerability
Google has patched a high-severity zero-day vulnerability, tracked as CVE-2025-6554 with a CVSS score of 8.1, in Chrome’s V8 engine that allows attackers to execute arbitrary code via a crafted HTML page. Review the details of this Cybersecurity Threat Advisory...
Cybersecurity Threat Advisory: Severe WebDAV vulnerability
Microsoft has disclosed a serious zero-day vulnerability in the Web Distributed Authoring and Versioning (WebDAV) protocol, identified as CVE-2025-33053, with a CVSS score of 8.8. Actively exploited by the Stealth Falcon APT group, this vulnerability enables remote code execution (RCE)...
Cybersecurity Threat Advisory: Citrix Gateway vulnerability
Citrix has issued emergency patches for a critical memory overflow flaw that impacts NetScaler ADC and Gateway. Exploitation can lead to denial-of-service (DoS) and system control issues. Review this Cybersecurity Threat Advisory for guidance on protecting your systems against this...
