Advisories
Critical Microsoft WSUS Vulnerability Being Exploited In-The-Wild (CVE-2025-59287)
On October 23rd, Microsoft issued an out-of-band security update to address a previously reported vulnerability identified as CVE-2025-59287. This vulnerability affects the Windows Server Update Service (WSUS) component and may allow unauthorized attackers to execute remote code on WSUS servers. If exploited, threat actors could use this vulnerability to distribute malicious software to Windows systems that are configured to receive updates from the compromised WSUS server. The out-of-band update was likely in response to proof-of-concept (PoC) exploit code published by cyber security company HawkTrace, followed by reports of exploit attempts from threat actor groups in-the-wild observed by cyber security company Huntress.
Oct 24, 2025 - 4 Min Read
Critical Vulnerability in Squid Web Proxy (CVE-2025-62168)
On October 17th, open-source web proxy project Squid published an advisory concerning an information disclosure vulnerability in their popular Squid proxy software. The vulnerability can be leveraged to reveal confidential, internal authentication material to unauthorized parties. The vulnerability was also assigned the highest possible CVSS risk score of 10.0. Squid proxies are commonly deployed internet facing by design, and compromised authentication material could grant threat actors initial access into an organization’s network.
Oct 20, 2025 - 2 Min Read
F5 Source Code, Engineering Documentation and undisclosed vulnerabilities stolen by Nation State Threat Actors
On October 15th, vendor F5 publicly disclosed a security breach impacting their internal environment and resulting in a threat actor exfiltrating sensitive data about their BIG-IP product line including source code, engineering documentation, and undisclosed vulnerability data. We examine the impact of the breach and review the vulnerabilities that F5 has now addressed in their response to the breach.
Oct 15, 2025 - 10 Min Read
Critical Vulnerabilities in Ivanti Endpoint Management
On October 7, 2025, the Zero Day Initiative (ZDI) by Trend Micro publicly disclosed 13 unpatched vulnerabilities in Ivanti Endpoint Management, including twelve remote code execution (RCE) flaws and one local privilege escalation bug. These issues were privately reported to Ivanti between November 2024 and June 2025 but were still unresolved when they were publicly disclosed. ZDI did not provide technical details or public proof-of-concept (PoC) exploit code but did list the vulnerable endpoints.
Oct 9, 2025 - 2 Min Read
MySonicWall Cloud Backup Data Breach
On October 8th, SonicWall confirmed that threat actors gained access to firewall configuration backup files for all customers who used the MySonicWall cloud backup service.
Oct 9, 2025 - 4 Min Read
RediShell: Critical RCE Vulnerability in Redis (CVE-2025-49844)
A critical security vulnerability "RediShell" has been discovered in Redis, a widely used database and caching system. CVE-2025-49844, dubbed “RediShell,” is a use-after-free (UAF) vulnerability inside Redis’s Lua scripting engine, is present in all major versions of Redis, and has been assigned a CVSS score of 9.9. Threat actors can attack this vulnerability if they have authenticated access to a target Redis server, or if they discover a Redis server that is configured by default without authentication.
Oct 7, 2025 - 5 Min Read
Critical Vulnerability in Oracle E-Business Suite (EBS) Under Active Exploitation (CVE-2025-61882 & CVE-2025-61884)
On October 4th, Oracle reported a critical zero-day vulnerability in Oracle E-Business Suite (EBS) that is under active exploitation by Cl0p ransomware operators. The vulnerability (tracked as CVE-2025-61882 & CVE-2025-61884) is a critical unauthenticated remote code execution software vulnerability affecting Oracle EBS versions 12.2.3 through 12.2.14, with a CVSS score of 9.8.
Oct 6, 2025 - 5 Min Read
High Severity SNMP Vulnerability in Cisco IOS & IOS XE Under Active Exploitation (CVE-2025-20352)
On September 24th, Cisco published an advisory detailing a high severity vulnerability within the Simple Network Management Protocol (SNMP) subsystem in Cisco IOS and Cisco IOS XE devices. The bug, tracked as CVE-2025-20352, is caused by a stack overflow flaw within the SNMP subsystem of the underlying Cisco operating systems and could allow an authenticated attacker with valid “credentials” to cause a denial-of-service (DoS) attack with a valid SNMP read-write string or execute remote code. Cisco’s Product Security Incident Response Team (PSIRT) has confirmed successful exploitation of this vulnerability in the wild.
Sep 26, 2025 - 5 Min Read
Current Attack Campaign Leveraging Critical Vulnerabilities Against Cisco ASA & FTD VPN appliances (CVE-2025-20333, CVE-2025-20363)
On September 25, Cisco published several advisories concerning critical vulnerabilities in their Cisco Adaptive Security Appliance (ASA) and FirePower Threat Defense (FTD) product lines. These vulnerabilities have been actively exploited in the wild since earlier this year by a sophisticated adversary. The malicious activity has been attributed to the 2024 "ArcaneDoor" campaign, with current evidence indicating that the same threat actors involved in previous incidents are responsible for the ongoing attacks.
Sep 25, 2025 - 15 Min Read
Critical Vulnerability in Fortra GoAnywhere (CVE-2025-10035)
On September 18th, software company Fortra published an advisory detailing a critical vulnerability in their popular managed file transfer application GoAnywhere MFT. The issue is present in the Forta MFT administration interface and affects organizations whose admin interface is accessible from the internet. The vulnerability is related to deserialization and may permit an unauthorized attacker to execute command injection, allowing threat actors to run arbitrary commands on the appliance.
Sep 19, 2025 - 2 Min Read