Tag: zero-day
Cybersecurity Threat Advisory: Critical zero-day vulnerability in Fortinet
A critical zero-day vulnerability affecting several Fortinet products, most notably FortiVoice enterprise phone systems, has recently been patched. Attackers are actively exploiting CVE-2025-32756 in the wild. Read the details of this Cybersecurity Threat Advisory to learn how to keep your...
Cybersecurity Threat Advisory: Craft CMS exploited
Threat actors have been actively exploiting two Craft CMS vulnerabilities, CVE-2025-32432 and CVE-2024-58136, to breach web servers and gain unauthorized access. Review the details in this Cybersecurity Threat Advisory to safeguard your devices. What is the threat? Threat actors are...
Cybersecurity Threat Advisory: Windows zero-day vulnerability actively exploited
A newly discovered Windows zero-day vulnerability, CVE-2025-29824, is actively exploited by a targeted ransomware campaign involving the PipeMagic trojan. Continue reading this Cybersecurity Threat Advisory to limit the impact of this vulnerability. What is the threat? CVE-2025-29824 is critical flaw...
Cybersecurity Threat Advisory: Apple iOS zero-day vulnerability
Apple has released critical security updates to address an actively exploited zero-day vulnerability, tracked as CVE-2025-24085. Continue reading this Cybersecurity Threat Advisory in full to learn what devices are affected and how you can mitigate your risk regarding this vulnerability....
Cybersecurity Threat Advisory: Fortinet authentication vulnerability
A critical Fortinet authentication bypass vulnerability, CVE-2024-55591, is actively exploited in the wild. This vulnerability impacts FortiOS and FortiProxy, with a CVSS score of 9.6. Continue reading this Cybersecurity Threat Advisory to learn the necessary steps to protect your environment....
Cybersecurity Threat Advisory: SonicWall SMA1000 vulnerability
A pre-authentication deserialization vulnerability has been discovered in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) and is already being used in zero-day attacks. Review the details within this Cybersecurity Threat Advisory to protect your organization. What...
Cybersecurity Threat Advisory: Active exploitation of Ivanti’s Connect Secure VPN
A critical Ivanti Connect Secure VPN vulnerability, identified as CVE-2025-0282, was disclosed. Threat actors are actively exploiting it in the wild, primarily targeting organizations relying on Ivanti’s Zero Trust Access (ZTA) solutions. Review this Cybersecurity Threat Advisory to see how...
Cybersecurity Threat Advisory: RomCom exploits vulnerabilities
Recent reports have uncovered that a threat actor known as RomCom has been exploiting two zero-day vulnerabilities, one in Mozilla Firefox and another in Microsoft Windows, to deploy their proprietary backdoor malware. These vulnerabilities, CVE-2024-9680 and CVE-2024-49039, have been actively...
Cybersecurity Threat Advisory: Chrome zero-day vulnerability
A critical zero-day vulnerability in Chrome has been identified, allowing unauthorized access and potential remote code execution on affected systems. Continue reading this Cybersecurity Threat Advisory for more information and to safeguard your systems now. What is the threat? The...
Cybersecurity Threat Advisory: Exploited Microsoft zero-day flaw
The hacker group Lazarus recently exploited a patched, zero-day flaw in Microsoft Windows. The vulnerability, tracked as CVE-2024-38193 with a CVSS score of 7.8, is a Bring Your Own Vulnerable Driver (BYOVD) vulnerability for Winsock. Continue reading this Cybersecurity Threat...
