Julien Ahrens from RCE Security discovered a critical security vulnerability impacting WingFTP. Tracked as CVE-2025-47812, the vulnerability has a CVSS score of 10. Successful exploitation of the vulnerability may allow a remote unauthenticated attacker to execute arbitrary code, leading to complete system compromise.
Category: ThreatPROTECT
Google Addresses Zero-day Vulnerability impacting Chrome Browser (CVE-2025-6554)
Chrome browser is vulnerable to a security vulnerability being exploited in the wild. Tracked as CVE-205-6554, this is a type confusion vulnerability in V8. Clément Lecigne of Google’s Threat Analysis Group discovered and reported the vulnerability to Google.
Cisco Identity Services Engine Unauthenticated Remote Code Execution Vulnerabilities (CVE-2025-20281 & CVE-2025-20282)
Cisco addresses two critical severity vulnerabilities impacting Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20281 & CVE-2025-20282, both vulnerabilities have a CVSS score of 10. Successful exploitation of the vulnerabilities may allow an unauthenticated, remote attacker to issue commands on the underlying operating system as the root user.
Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)
Citrix released a security update to address the vulnerability impacting NetScaler appliances. Tracked as CVE-2025-6543, successfully exploiting the memory overflow vulnerability may lead to unintended control flow and Denial of Service. Citrix mentioned in the advisory that they have reports suggesting exploitation of this vulnerability on unmitigated appliances. CISA acknowledged the vulnerability’s active exploitation by … Continue reading “Citrix NetScaler ADC and NetScaler Gateway Vulnerability Exploited in Denial-of-Service Attacks (CVE-2025-6543)”
PoC Released for Notepad++ Privilege Escalation Vulnerability (CVE-2025-49144)
Notepad++ is vulnerable to a privilege escalation vulnerability that may allow unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. Tracked as CVE-2025-49144, the vulnerability exposes millions of users worldwide to complete system compromise. There is proof-of-concept now publicly available.
Veeam Backup and Replication Multiple Vulnerabilities (CVE-2025-23121, CVE-2025-24286, & CVE-2025-24287)
Veeam released a security advisory to address three vulnerabilities impacting its domain-joined Backup and replication systems. Tracked as CVE-2025-23121, CVE-2025-24286, and CVE-2025-24287, the vulnerabilities may lead to code execution upon successful exploitation.
Microsoft Patch Tuesday, June 2025 Security Update Review
Microsoft’s June 2025 Patch Tuesday has landed, addressing a new batch of critical and important vulnerabilities across Windows and enterprise products. Here’s a quick breakdown of what you need to know. In this month’s Patch Tuesday, June 2025 edition, Microsoft addressed 69 vulnerabilities. The updates include 10 critical and 57 important severity vulnerabilities. In this … Continue reading “Microsoft Patch Tuesday, June 2025 Security Update Review”
ConnectWise ScreenConnect Command Injection Vulnerability Added to CISA KEV (CVE-2025-3935)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned users about a high-severity vulnerability impacting ConnectWise ScreenConnect, tracked as CVE-2025-3935. Successful exploitation of the vulnerabilities could allow an attacker to execute arbitrary code remotely or directly impact confidential data, leading to complete system compromise.
Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)
Clement Lecigne and Benoît Sevens of Google Threat Analysis Group discovered a high-severity vulnerability impacting the Chrome browser. Tracked as CVE-2025-5419, this is an out-of-bounds read and write vulnerability in V8. Google mentioned in the advisory that they are aware of the active exploitation of vulnerability in the wild. Google addressed the vulnerability with a … Continue reading “Google Fixes Third Zero-day Vulnerability of 2025 in Chrome (CVE-2025-5419)”
Invision Community Remote Code Execution Vulnerability (CVE-2025-47916)
A critical remote code execution vulnerability (CVE-2025-47916) in the Invision Community has come to light. The vulnerability may allow attackers to execute arbitrary code on the target system. The vulnerability puts countless forums and online communities at serious risk because of the popularity of the Invision Community.