Tag: RCE
Cybersecurity Threat Advisory: Citrix patches NetScaler flaws
Citrix has issued patches for three zero-day vulnerabilities affecting NetScaler ADC and Gateway, including one that attackers have already begun exploiting. Review the details in this Cybersecurity Threat Advisory to reduce your risk from these threats. What is the threat?...
Cybersecurity Threat Advisory: Critical SAP NetWeaver vulnerabilities
Researchers have uncovered a chained vulnerability in SAP NetWeaver Visual Composer involving authentication bypass and insecure deserialization. These critical flaws—tracked as CVE-2025-31324 and CVE-2025-42999—are currently being exploited in an active threat campaign targeting exposed Visual Composer servers. Review the details...
Cybersecurity Threat Advisory: Critical PaperCut NG/MF CSRF flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-2533, a critical PaperCut NG/MF print management software vulnerability, to its Known Exploited Vulnerabilities (KEV) catalog. Attackers are actively exploiting this cross-site request forgery (CSRF) flaw in the wild. Review...
Cybersecurity Threat Advisory: Microsoft SharePoint zero-day vulnerability
Attackers are actively exploiting CVE-2025-53770, a critical zero-day vulnerability in Microsoft SharePoint, to execute remote code without authentication. This flaw allows attackers to deploy persistent malware and potentially exfiltrate sensitive data from unpatched on-premises environments. Review the full details in...
Cybersecurity Threat Advisory: FortiWeb critical SQL injection vulnerability
A high-severity SQL injection vulnerability, CVE-2025-25257, in Fortinet FortiWeb enables pre-authenticated remote code execution (RCE). It has a a CVSS score of 9.8. Review the details in this Cybersecurity Threat Advisory to keep your environment safe. What is the threat?...
Cybersecurity Threat Advisory: Severe WebDAV vulnerability
Microsoft has disclosed a serious zero-day vulnerability in the Web Distributed Authoring and Versioning (WebDAV) protocol, identified as CVE-2025-33053, with a CVSS score of 8.8. Actively exploited by the Stealth Falcon APT group, this vulnerability enables remote code execution (RCE)...
Cybersecurity Threat Advisory: Ivanti EPMM vulnerability
Ivanti has released updates for Endpoint Manager Mobile (EPMM) that address one medium and one high-severity vulnerability. When chained together, these vulnerabilities can enable unauthenticated remote code execution (RCE). Review the details in this Cybersecurity Threat Advisory for information on...
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Fortinet
A critical zero-day vulnerability affecting several Fortinet products, most notably FortiVoice enterprise phone systems, has recently been patched. Attackers are actively exploiting CVE-2025-32756 in the wild. Read the details of this Cybersecurity Threat Advisory to learn how to keep your...
Cybersecurity Threat Advisory: Critical Commvault Command Center vulnerability
Commvault Command Center has been impacted by a critical security vulnerability, CVE-2025-34028, with a CVSS score of 10. This vulnerability enables remote code execution (RCE). Review the details of this Cybersecurity Threat Advisory to minimize the risk from this threat....
Cybersecurity Threat Advisory: Craft CMS exploited
Threat actors have been actively exploiting two Craft CMS vulnerabilities, CVE-2025-32432 and CVE-2024-58136, to breach web servers and gain unauthorized access. Review the details in this Cybersecurity Threat Advisory to safeguard your devices. What is the threat? Threat actors are...
