Security Intelligence

APT44 shifts tactics, exploits edge devices across critical infrastructure

Russian state-sponsored APT44 has shifted tactics to exploit misconfigured edge devices, enabling credential...

Security Intelligence

Seven-year-old vulnerability in Sierra Wireless routers exploited

Learn about an actively exploited flaw affecting Sierra Wireless routers, why it matters, and the steps organizations...

Security Intelligence

CISA adds critical GeoServer vulnerability to KEV

CISA warns of active exploitation of a critical GeoServer XXE vulnerability (CVE-2025-58360). Patch immediately to...

Security Intelligence

Active exploitation of Gladinet CentreStack and Triofox vulnerability

Active exploitation targets Gladinet CentreStack and Triofox using a new flaw with CVE-2025-11371, enabling forged...

Security Intelligence

Fortinet products affected by SSO login authentication bypass

Fortinet patches two critical SSO authentication-bypass flaws that allow unauthorized admin access via crafted SAML...

Security Intelligence

December 2025 Patch Tuesday updates from Microsoft

Microsoft’s December Patch Tuesday patches 57 flaws—including an actively exploited Windows privilege-escalation bug....

Security Intelligence

Weekly Threat Round-Up: BRICKSTORM, React Server Components flaw & more

December 9, 2025 threat round-up shines a spotlight on the React Server Components RCE vulnerability, BRICKSTORM...

Security Intelligence

Maximum-severity XXE vulnerability in Apache Tika

Apache Tika hit by a critical XXE vulnerability enabling data leaks and possible RCE through crafted PDFs. Update to...

Security Intelligence

Active exploitation of Array Networks AG Gateway vulnerability

Active exploits target unpatched Array Networks AG gateways, enabling command injection and network compromise. Learn...

Security Intelligence

BRICKSTORM campaign uses MSP credentials to compromise virtual infrastructures

State-sponsored actors use BRICKSTORM malware to exploit MSP credentials and infiltrate VMware environments. Learn key...

Security Intelligence

React Server Components RCE: Impact on Next.js and ecosystem dependencies

Critical React and Next.js RSC flaw enables unauthenticated remote code execution. Learn impacts, affected versions,...

Security Intelligence

CISA Warns of Zenitel TCIV-3+ Maximum Severity Flaws

On November 25, 2025, CISA published an advisory detailing five vulnerabilities in Zenitel TCIV-3+ intercom versions...