Security Intelligence

Maximum-severity XXE vulnerability in Apache Tika

Apache Tika hit by a critical XXE vulnerability enabling data leaks and possible RCE through crafted PDFs. Update to...

Security Intelligence

Active exploitation of Array Networks AG Gateway vulnerability

Active exploits target unpatched Array Networks AG gateways, enabling command injection and network compromise. Learn...

Security Intelligence

BRICKSTORM campaign uses MSP credentials to compromise virtual infrastructures

State-sponsored actors use BRICKSTORM malware to exploit MSP credentials and infiltrate VMware environments. Learn key...

Security Intelligence

React Server Components RCE: Impact on Next.js and ecosystem dependencies

Critical React and Next.js RSC flaw enables unauthenticated remote code execution. Learn impacts, affected versions,...

Security Intelligence

CISA Warns of Zenitel TCIV-3+ Maximum Severity Flaws

On November 25, 2025, CISA published an advisory detailing five vulnerabilities in Zenitel TCIV-3+ intercom versions...

Security Intelligence

Weekly Threat Round-Up: ASUS Router Flaws, Shai-Hulud 2.0, & Critical Grafana Bug

December 2, 2025 threat round-up shines a spotlight on critical router vulnerabilities, credential-theft campaigns, and...

Security Intelligence

Recent ASUS advisories address critical and exploited router flaws

ASUS has issued multiple critical security advisories affecting AiCloud-enabled routers, DSL router families, MyASUS,...

Security Intelligence

“Recent Links” feature used by online formatters exposes private data

Online code beautifiers’ “Recent Links” feature exposes sensitive credentials and private data, revealing major risks...

Security Intelligence

New Shai-Hulud variant uses preinstall script for credential theft

A new Shai-Hulud variant is abusing the npm registry with trojanized packages and malicious preinstall scripts enabling...

Security Intelligence

Weekly Threat Round-up: RCE in D-Link Routers, Chrome V8 Engine Exploited, & More

November 24th, 2025, Threat Round-up: This week’s threat intelligence newsletter updates include new PoCs published for...

Security Intelligence

Maximum-severity Grafana Enterprise vulnerability exposes identity provisioning

Critical privilege-escalation flaw in Grafana Enterprise (CVE-2025-41115) affects versions 12.0.0–12.2.1 when SCIM is...

Security Intelligence

POCs published for unpatched RCE vulnerabilities in D-Link routers

Critical, unauthenticated RCE flaws in D-Link’s DIR-878 060 router series now have public PoC exploits available. No...