A critical memory overflow bug in NetScaler ADC/Gateway is being exploited in the wild. It can lead to remote code execution (RCE) or denial of service. Since there are no workarounds, it is highly recommended to patch immediately. CISA added CVE-2025-7775 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Citrix shipped … Continue reading “Citrix Warns of Active Exploitation: CVE-2025-7775 in NetScaler ADC/Gateway”
Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)
Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS. CVE-2025-43300 is an out-of-bounds write flaw in the ImageIO framework used by Apple. An attacker may exploit the vulnerability by processing a malicious image file that … Continue reading “Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)”
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability (CVE-2025-20265)
Cisco addressed a critical severity vulnerability impacting its Secure Firewall Management Center Software. Tracked as CVE-2025-20265, the vulnerability has a critical severity rating with a CVSS score of 10. Successful exploitation of the vulnerability could allow an unauthenticated, remote attacker to inject arbitrary shell commands executed by the device.
Microsoft Patch Tuesday, August 2025 Security Update Review
It’s the second Tuesday of August, and Microsoft has rolled out its latest security updates. Microsoft’s August 2025 Patch Tuesday has arrived, bringing a fresh wave of security fixes to help organizations stay ahead of evolving threats. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, the August 2025 … Continue reading “Microsoft Patch Tuesday, August 2025 Security Update Review”
WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)
WinRAR released a security patch to address a vulnerability allowing attackers to hijack user extraction processes and plant malicious files in unintended system locations. Tracked as CVE-2025-8088, the vulnerability has a high severity rating with a CVSS score of 8.4. Anton Cherepanov, Peter Kosinar, and Peter Strycek from ESET discovered and reported the vulnerability to … Continue reading “WinRAR Path Traversal Vulnerability Exploited in the Wild (CVE-2025-8088)”
Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)
Threat actors are exploiting two vulnerabilities impacting Trend Micro Apex One (on-prem) devices. Tracked as CVE-2025-54948 & CVE-2025-54987, the vulnerabilities may allow attackers to achieve remote code execution upon successful exploitation. Both vulnerabilities have a critical severity rating with a CVSS score of 9.4. Trend Micro mentioned in the advisory that they had observed at least … Continue reading “Trend Micro Apex One (On-Prem) Zero-day Vulnerabilities Exploited in the Wild (CVE-2025-54948 & CVE-2025-54987)”
Adobe Experience Manager Forms on JEE Zero-day Vulnerabilities (CVE-2025-54253 & CVE-2025-54254)
Adobe released an emergency update to address two zero-day vulnerabilities (CVE-2025-54253 & CVE-2025-54254) impacting Adobe Experience Manager (AEM) Forms on JEE. Successful exploitation of the vulnerabilities may allow a remote unauthenticated attacker to read sensitive files and execute arbitrary code, leading to critical data loss and complete system compromise. The security researchers at Searchlight Cyber … Continue reading “Adobe Experience Manager Forms on JEE Zero-day Vulnerabilities (CVE-2025-54253 & CVE-2025-54254)”
PaperCut NG/MF Vulnerability added to CISA KEV and Active Exploitation (CVE-2023-2533)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a high-severity vulnerability to its Known Exploitable Vulnerabilities Catalog, urging users to patch it before August 18, 2025. Tracked as CVE-2023-2533, the vulnerability in PaperCut NG/MF may allow an attacker to alter security settings or execute arbitrary code.
CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309)
CrushFTP warned its users about active exploitation of a zero-day vulnerability tracked as CVE-2025-54309. Successful exploitation of this vulnerability may allow remote attackers to obtain admin access via HTTPS on vulnerable servers. The vendor mentioned in the advisory that they observed many exploits on the morning of July 18th; the actual exploits may have occurred … Continue reading “CrushFTP Authentication Bypass Vulnerability Exploited in the Wild (CVE-2025-54309)”
Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)
Microsoft released patches for an actively exploited vulnerability impacting SharePoint Server. Tracked as CVE-2025-53770, the vulnerability was part of an “active, large-scale” exploitation campaign. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to critical data loss and possible system compromise. Viettel Cyber Security with Trend Zero Day … Continue reading “Microsoft SharePoint Server Zero-day Vulnerability Exploited in the Wild (CVE-2025-53770)”