Tag: Cybersecurity Threat Advisory

Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: SonicWall SMA arbitrary file upload vulnerability

Attackers are actively exploiting CVE-2025-40599, a critical vulnerability in SonicWall’s Secure Mobile Access (SMA) devices, to upload arbitrary files and gain unauthorized access. This flaw enables them to execute malicious code and compromise affected systems. The Akira ransomware group is...

/ August 8, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: SonicWall SSL VPN targeted by Akira ransomware – updated
Security

Cybersecurity Threat Advisory: SonicWall SSL VPN targeted by Akira ransomware – updated

Update: This post was updated on August 7, 2025, to reflect corrected information regarding this threat.  An Akira ransomware campaign is specifically targeting SonicWall SSL VPN devices. Attackers are actively exploiting these vulnerabilities to gain unauthorized access to corporate networks....

/ August 7, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw
FeaturedSecurity

Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review...

/ July 31, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Active Microsoft 365 ‘Direct Send’ exploitation
FeaturedSecurity

Cybersecurity Threat Advisory: Active Microsoft 365 ‘Direct Send’ exploitation

Security researchers have identified an active phishing campaign that exploits Microsoft 365’s “Direct Send” feature to bypass email security controls. This tactic allows attackers to deliver malicious emails that appear to originate from internal users. Continue reading this Cybersecurity Threat...

/ July 30, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Vulnerability in Google’s Gemini for Workspace
FeaturedSecurity

Cybersecurity Threat Advisory: Vulnerability in Google’s Gemini for Workspace

A newly discovered vulnerability in Google’s Gemini for Workspace allows attackers to manipulate artificial intelligence (AI)-generated email summaries. Threat actors embed concealed instructions in seemingly benign emails to bypass traditional email security. Review the details within this Cybersecurity Threat Advisory...

/ July 24, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: CrushFTP zero-day vulnerability

CrushFTP has disclosed a new critical vulnerability, CVE-2025-54309, which is currently being exploited in the wild. One indicator of compromise is a “last_logins” value set for internal default accounts. Review the details in this Cybersecurity Threat Advisory to help minimize...

/ July 23, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft SharePoint zero-day vulnerability
Security

Cybersecurity Threat Advisory: Microsoft SharePoint zero-day vulnerability

Attackers are actively exploiting CVE-2025-53770, a critical zero-day vulnerability in Microsoft SharePoint, to execute remote code without authentication. This flaw allows attackers to deploy persistent malware and potentially exfiltrate sensitive data from unpatched on-premises environments. Review the full details in...

/ July 22, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: FileFix attack weaponizes Windows File Explorer
FeaturedSecurity

Cybersecurity Threat Advisory: FileFix attack weaponizes Windows File Explorer

Security researchers have uncovered a new attack method known as “FileFix,” which exploits Windows File Explorer to execute stealthy PowerShell commands. By abusing legitimate Windows functionality, attackers can run malicious code while evading traditional security controls. Read this Cybersecurity Threat...

/ July 19, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Microsoft SQL server zero-day vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: Microsoft SQL server zero-day vulnerability

A critical information disclosure vulnerability has been identified in Microsoft SQL Server, designated as CVE-2025-49719 with a CVSS score of 7.5. This vulnerability allows unauthorized attackers to access sensitive data over a network, posing a serious risk to organizations that...

/ July 18, 2025
Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability
FeaturedSecurity

Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability

A high-severity SQL injection vulnerability, CVE-2025-25257, in Fortinet FortiWeb enables pre-authenticated remote code execution (RCE). It has a  a CVSS score of 9.8. Review the details in this Cybersecurity Threat Advisory to keep your environment safe. What is the threat?...

/ July 17, 2025
1 12 13 14 15 16 73