Advisories
Critical Auth Bypass Vulnerabilities in Fortinet Products Under Active Exploitation (CVE-2026-24858)
On January 27th, Fortinet published an advisory alerting users to an authentication bypass actively being used in the wild against FortiCloud SSO. This vulnerability being separate to but closely affiliated to (CVE-2025-59718 and CVE-2025-59719) from December 2025 warrant immediate action.
Jan 27, 2026 - 4 Min Read
Critical Vulnerability in Zimbra under active exploitation (CVE-2025-68645)
On January 23, CISA updated their Known Exploited Vulnerability (KEV) catalog with a critical Local File Inclusion (LFI) vulnerability in Zimbra Collaboration (ZCS). This vulnerability, tracked as CVE-2025-68645 and originally reported on December 22nd, allows unauthenticated remote attackers to include arbitrary files from the WebRoot directory by crafting malicious requests to an endpoint in the RestFilter servlet. This can potentially leak enough information to breach the targeted server and provide threat actors initial access into an organizations network.
Jan 23, 2026 - 2 Min Read
Critical Vulnerability in n8n (CVE-2026-21858)
On January 6th, 2026, CVE-2026-21858 was published by n8n, followed shortly by articles by Dor Attias and Cyera documenting critical flaws in n8n's request parsing. The vulnerability allows an unauthenticated attacker to exfiltrate sensitive data, which can lead to full compromise of the n8n system. If a vulnerable n8n system is directly connected to the internet, this could provide threat actors with initial access to an organizations internal network.
Jan 8, 2026 - 2 Min Read
Critical Vulnerability in SmarterMail (CVE-2025-52691)
On December 28, 2025, NIST published a critical file upload vulnerability affecting SmarterTools SmarterMail server. The flaw, documented as CVE-2025-52691, carries a maximum CVSS score of 10 and allows remote unauthenticated attackers the ability to upload malicious files to the mail server, potentially leading to remote code execution.
Dec 29, 2025 - 3 Min Read
Critical Information Disclosure Vulnerability in MongoDB (CVE-2025-14847)
On December 19th, software company MongoDB published an advisory regarding a critical vulnerability (tracked as CVE-2025-14847) in their popular database engine of the same name. The vulnerability is an information disclosure issue that allows a successful unauthenticated attacker to leak portions of host memory on a victim machine, potentially disclosing sensitive data such as authentication material. The vulnerability impacts all modern versions of MongoDB released in the last 5 years. On December 24th, security firm Ox Security published enough technical details to create a weaponized exploit, and on December 25th, a technical lead from Elastic published proof-of-concept exploit code to github.
Dec 27, 2025 - 2 Min Read
Critical Auth Bypass Vulnerabilities in Fortinet Products Under Active Exploitation (CVE-2025-59718 & CVE-2025-59719)
Multiple Fortinet pieces of software are vulnerable to an SSO bypass are now being targeted in the wild by attackers abusing CVE-2025-59718 & CVE-2025-59719
Dec 16, 2025 - 6 Min Read
Critical Vulnerabilities in React and Next.js (React2Shell)
UPDATED - Original patches mitigating React2Shell properly address Remote Code Execution (RCE) but are still vulnerable to information leakage and DoS issues - To address recently disclosed vulnerabilities, React have released patches which should be applied ASAP. If your organization previously updated to React 19.0.2, 19.1.3, and 19.2.2, these are incomplete and organizations will need to update again. On December 3rd, open-source web software library React disclosed a critical vulnerability in the React Server Components (RSC) “Flight” protocol impacting the React 19 ecosystem and frameworks that implement it React and Next.js are widely used across the internet and therefore this vulnerability requires immediate action.
Dec 3, 2025 - 8 Min Read
Critical Vulnerability in Oracle OIM Under Active Exploitation (CVE-2025-61757)
On October 2025, Oracle released a patch advisory for several critical vulnerabilities, including disclosure of a flaw within its Identity Manager product tracked as CVE-2025-61757. On November 20, 2025, Searchlight Cyber published a proof of concept (PoC) write up and shortly after, the U.S Cybersecurity & Infrastructure Security Agency (CISA) confirmed active exploitation of this vulnerability in the wild.
Nov 24, 2025 - 4 Min Read
Critical Vulnerability Reported in Citrix NetScaler ADC and Gateway (CVE-2025-12101)
On November 11th, Citrix published an advisory detailing a critical vulnerability in their NetScaler ADC and NetScaler Gateway lines of products. This bug (tracking as CVE-2025-12101) is a cross-site scripting (XSS) vulnerability on NetScaler ADC or NetScaler Gateway devices when the appliance is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. These devices are typically deployed as internet facing by design, so this vulnerability can be used by threat actors to gain initial access to an organization’s internal network.
Nov 11, 2025 - 2 Min Read
CentOS Web Panel Vulnerability Under Active Exploitation (CVE-2025-48703)
On November 4th, the Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability within CentOS Web Panel (CWP) to its known exploited vulnerabilities (KEV) database, meaning it is being actively exploited in the wild.
Nov 6, 2025 - 5 Min Read