Threat Round-up

Stay ahead of emerging cyber threats with expert insights from Field Effect’s cybersecurity analysts.
The Threat Round-up is a weekly intelligence report that summarizes the most important threats, vulnerabilities, and active attack campaigns observed over the past seven days.

Each brief links to a detailed analysis, offering actionable guidance to help security teams mitigate risk, detect malicious activity, and strengthen defenses.

This week’s curated collection highlights the key threat intelligence updates our team publishes daily, including a remote code execution risk in Rust archive libraries, newly released TP-Link patches, CISA adding five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, and more. 

TARmageddon: Remote Code Execution Risk in Rust Archive Libraries

A critical vulnerability in certain Rust libraries allows attackers to overwrite files during TAR extraction, potentially leading to remote code execution without authentication. The flaw, rated 8.1, affects systems handling untrusted .tar or .tgz files, including Rust-based tools, CI/CD pipelines, and cloud platforms. Several targeted patches are available, but unmaintained forks like tokio-tar remain vulnerable.

Keep reading

TP-Link Patches Critical Omada Gateway Vulnerabilities

The most critical issue is CVE-2025-6542 (CVSS 9.3), which lets unauthenticated attackers remotely execute commands via malicious HTTP requests. Another, CVE-2025-7850 (CVSS 9.3), allows admin users to run malicious commands through poor input sanitization. CVE-2025-6541 (CVSS 8.6) enables privilege escalation by low-privilege users, while CVE-2025-7851 (CVSS 8.7) could give unauthorized users root access due to weak access controls.

Keep reading

CISA Adds Five Actively Exploited Vulnerabilities to KEV Catalog

CISA added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, including CVE-2025-61884 (Oracle E-Business Suite) and CVE-2025-33073 (Windows SMB client), with mitigations available in related advisories. Also listed are CVE-2022-48503, a WebKit flaw (CVSS 8.8) enabling code execution via malicious web content, and CVE-2025-2746/2747, critical Kentico Xperience CMS flaws (CVSS 9.8) allowing unauthenticated remote takeover.

Keep reading

Update on-prem ConnectWise Automate to Secure Agent Traffic & File Validation

Two critical flaws in ConnectWise Automate (CVE-2025-11492, CVE-2025-11493) could let attackers intercept and alter agent traffic, leading to remote code execution on managed endpoints. The issues stem from insecure HTTP configurations and unverified updates in on-premises setups. Version 2025.9 fixes these by enforcing HTTPS and improving encryption; cloud instances are already patched.

Keep reading

Gladinet Patches Critical Vulnerability Exploited in the Wild

CVE-2025-11371 is a critical local file inclusion flaw (CVSS 9.1) that lets unauthenticated attackers access the Web.config file and retrieve the machine key. In order to achieve remote code execution, threat actors are chaining this flaw with CVE-2025-30406, a ViewState deserialization vulnerability that was patched earlier this year. Exploitation activity was first observed on September 27, with mitigation guidance released on October 10 and a patch issued on October 14. 

Keep reading

Subscribe to the Field Effect Threat Round-up Newsletter

Join thousands of cybersecurity professionals and MSPs who trust Field Effect’s Threat Round-up Newsletter for the latest cyber threat intelligence. Delivered every Monday morning, it brings you the week’s most important new flaws, patches, and security news right to your inbox.

Signing up to the newsletter makes you the first to know about:

• Comprehensive threat intelligence: Updates on the latest threat actors, vulnerabilities, and campaigns, including observed tactics, techniques, and procedures (TTPs).
• Expert analysis and context: Field Effect’s analysts break down the impact of critical flaws and emerging campaigns, helping you understand evolving threat behaviors.
• Actionable defense guidance: Receive practical security steps, patching tips, and indicators of compromise (IOCs) to strengthen your defenses and stay one step ahead.
• Exclusive research: Explore in-depth investigations from Field Effect's analysts, uncovering new threat campaigns, indicators of compromise, and attacker behaviors as they emerge.

Sign up today and stay one step ahead: