Security Research

CVE Research

ProxyCommand Panic: CVE-2025-61984 Lets Attackers Hijack SSH Clients

A newly discovered vulnerability in OpenSSH’s ProxyCommand feature, identified as CVE-2025-61984, allows remote attackers to execute arbitrary code on client systems. This critical flaw stems from the insufficient filtering of control characters within usernames when the ProxyCommand string is expan...

CVE Research

ToolShell Unlocked: Chinese-Aligned Hackers Weaponize SharePoint Zero-Day for Global Espionage

A critical vulnerability in Microsoft-SharePoint-Server (tracked as CVE-2025-53770 and part of the “ToolShell” chain) has been actively exploited by multiple China-aligned threat actors including Linen-Typhoon, Violet-Typhoon, and Storm-2603. The flaw enables unauthenticated remote code execution an...

CVE Research

Act Fast! SMB Vulnerability Lets Attackers Gain SYSTEM-Level Access

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a high-severity privilege escalation vulnerability in Windows Server Message Block (SMB) that is now being actively exploited in the wild. This vulnerability, tracked as CVE-2025-33073, could allow attackers t...

CVE Research

Adobe AEM’s Debug Doorway: Critical RCE Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw affecting Adobe Experience Manager (AEM) to its Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation. The vulnerability, CVE-2025-54253, has a CVSS score of 10.0, representing maxi...

CVE Research

Operation Zero Disco: Exploitation of Cisco SNMP Vulnerability for Rootkit Deployment

CVE Research

Double Zero-Day Trouble: Microsoft Races to Contain Active Windows Exploits

In the ever-evolving landscape of cybersecurity, staying ahead of emerging threats is paramount. This October, Microsoft’s Patch Tuesday addressed a staggering 183 security flaws, a clear indication of the persistent challenges faced by software vendors in safeguarding their products. Among these fi...

CVE Research

RondoDox Rampage: A Multivendor “Exploit-Shotgun” Botnet (Updated)

RondoDox is an emerging, multivector botnet that has been observed weaponizing 56 distinct vulnerabilities across 30+ device and vendor types (routers, DVRs/NVRs, CCTV, SOHO appliances, web servers, and more) to build large-scale DDoS-capable botnets and deploy secondary payloads (Mirai/Morte varian...

CVE Research

Microsoft Tackles 6 Zero-Days and 172 Fixes in October 2025 Patch Tuesday

The second Tuesday of the month has arrived, and so has another major round of Microsoft security updates. For October 2025, Microsoft has released fixes for a total of 172 vulnerabilities, including 6 actively exploited zero-day flaws and 8 rated as Critical in severity.

CVE Research

CVE-2025-61884: Unauthenticated Data Exposure in Oracle E-Business Suite

Oracle has released an urgent Security Alert Advisory addressing a critical vulnerability in Oracle E-Business Suite, identified as CVE-2025-61884. This flaw enables remote attackers to access sensitive data or resources without requiring authentication.