CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Exploit code is reportedly available for a critical command injection vulnerability affecting Fortinet FortiSIEM devices.BackgroundOn August 12, Fortinet published a security advisory (FG-IR-25-152) for CVE-2025-25256, a critical command injection vulnerability affecting Fortinet FortiSIEM.CVEDescri...
Microsoft’s August 2025 Patch Tuesday Addresses 107 CVEs (CVE-2025-53779)
Microsoft addresses 107 CVEs, including one zero-day vulnerability that was publicly disclosed....
CVE-2025-53786: Frequently Asked Questions About Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability
Frequently asked questions about CVE-2025-53786, an elevation of privilege vulnerability affecting Microsoft Exchange Server Hybrid Deployments....
CVE-2025-54987, CVE-2025-54948: Trend Micro Apex One Command Injection Zero-Days Exploited In The Wild
Trend Micro releases a temporary mitigation tool to reduce exposure to two unpatched zero-day command injection vulnerabilities which have been exploited....
CVE-2025-54135, CVE-2025-54136: Frequently Asked Questions About Vulnerabilities in Cursor IDE (CurXecute and MCPoison)
Researchers have disclosed two vulnerabilities in Cursor, the popular AI-assisted code editor, that impact its handling of model context protocol (MCP) servers, which could be used to gain code execution on vulnerable systems....
Frequently Asked Questions About SonicWall Gen 7 Firewall Ransomware Activity
An increase in ransomware activity tied to SonicWall Gen 7 Firewalls has been observed, possibly linked to the exploitation of a zero-day vulnerability in its SSL VPN....
CVE-2025-53770: Frequently Asked Questions About Zero-Day SharePoint Vulnerability Exploitation
Successful exploitation of CVE-2025-53770 could expose MachineKey configuration details from a vulnerable SharePoint Server, ultimately enabling unauthenticated remote code execution....
CVE-2025-54309: CrushFTP Zero-Day Vulnerability Exploited In The Wild
A critical zero-day flaw in CrushFTP that can grant attackers administrator access was discovered on July 18 and is under active exploitation....
Oracle July 2025 Critical Patch Update Addresses 165 CVEs
Oracle addresses 165 CVEs in its third quarterly update of 2025 with 309 patches, including nine critical updates....
Microsoft 2025 年 7 月公告的 Patch Tuesday 解決了 128 個 CVE (CVE-2025-49719)
Microsoft addresses 128 CVEs, including one zero-day vulnerability that was publicly disclosed....
CVE-2025-5777、CVE-2025-6543:有關 CitrixBleed 2 和 Citrix NetScaler Exploitation 的常見問答集
Frequently asked questions about recent Citrix NetScaler ADC and Gateway vulnerabilities that have reportedly been exploited in the wild, including CVE-2025-5777 known as CitrixBleed 2....
有關 Iranian Cyber Operations 的常見問答集
Tenable’s Research Special Operations team focuses on some frequently asked questions about Iranian cyber operations, including the tactics, techniques and procedures employed by Iran-based threat actors....