Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Critical Cisco ISE vulnerability
The Cisco Identity Services Engine (ISE) has a critical vulnerability, CVE-2025-20286, with a CVSS score of 9.9 out of 10. If successfully exploited, threat actors can gain privileged access without authentication and perform unauthorized operations on vulnerable systems. Read this...
Cybersecurity Threat Advisory: Google Chrome zero-day vulnerability
Google has issued a security update for Chrome desktop to address CVE-2025-5419, which has a CVSS score of 8.8. It is a critical zero-day flaw in the V8 JavaScript engine that is actively exploited by attackers. Continue to read this...
Cybersecurity Threat Advisory: Fortinet authentication bypass vulnerability
A critical vulnerability was identified in Fortinet’s FortiProxy, FortiSwitchManager, and FortiOS products. This vulnerability, CVE-2025-22252, enables an attacker who possess knowledge of an existing administrative account to bypass authentication and gain unauthorized access to the device as a valid administrator....
Cybersecurity Threat Advisory: ViciousTrap exploiting Cisco vulnerability
Researchers have identified a new threat actor, “ViciousTrap”, actively exploiting a well-known vulnerability (CVE-2023-20118) to compromise over 5,300 Cisco Edge devices. The attackers are exploiting this flaw to establish a global honeypot network, posing a significant risk to the affected...
Cybersecurity Threat Advisory: AWS default IAM roles risks
Cybersecurity researchers have uncovered critical vulnerabilities arising from default Identity and Access Management (IAM) roles in Amazon Web Services (AWS). Service setups often create these roles automatically or recommend them, granting excessive permissions that expose environments to privilege escalation and...
Cybersecurity Threat Advisory: Ivanti EPMM vulnerability
Ivanti has released updates for Endpoint Manager Mobile (EPMM) that address one medium and one high-severity vulnerability. When chained together, these vulnerabilities can enable unauthenticated remote code execution (RCE). Review the details in this Cybersecurity Threat Advisory for information on...
Cybersecurity Threat Advisory: SAP critical vulnerabilities
SAP has released patches to address a second vulnerability, CVE-2025-42999, affecting its SAP NetWeaver tool. The vulnerability involves a privilege escalation issue that, when chained with SAP’s CVE-2025-31324 vulnerability (unauthenticated file upload flaw in SAP NetWeaver Visual Composer), can enable...
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Fortinet
A critical zero-day vulnerability affecting several Fortinet products, most notably FortiVoice enterprise phone systems, has recently been patched. Attackers are actively exploiting CVE-2025-32756 in the wild. Read the details of this Cybersecurity Threat Advisory to learn how to keep your...
Cybersecurity Threat Advisory: ClickFix attack spreading malware
The official website of iClicker, a platform used for student engagement and classroom polling, was recently compromised in a ClickFix-style social engineering attack. Continue reading this Cybersecurity Threat Advisory to learn how to keep your systems safe. What is the...
Cybersecurity Threat Advisory: Critical ASUS vulnerabilities
Researchers have discovered two vulnerabilities within the ASUS DriverHub driver management tool that can allow malicious sites to execute commands on targeted devices. They have found no evidence that threat actors have exploited these vulnerabilities in real-world scenarios. Review the...
