Security Research

CVE Research

Top 10 Cloud Misconfigurations to Avoid

Cloud misconfigurations remain one of the most exploited weaknesses in enterprise infrastructure. According to the IBM X-Force Threat Intelligence Index 2024, misconfigured cloud services were involved in nearly 25% of cloud security incidents, second only to stolen credentials. These are not advanc...

CVE Research

Sudo LPE Vulnerabilities Resolved: What You Need to Know About CVE-2025-32462 and CVE-2025-32463

The Sudo utility has been identified as having two local privilege escalation vulnerabilities, CVE-2025-32462 and CVE-2025-32463. To mitigate these risks, it is recommended that Sudo be updated on Linux and macOS systems.

CVE Research

Predicted CVEs Likely to be Exploited – July 02, 2025

Welcome to your daily forecast of potential cyber threats. As part of our continuous effort to equip defenders with foresight, we present a list of Common Vulnerability Enumerations (CVEs) that our threat prediction models indicate are likely to be exploited in the near future.

CVE Research

Google Issues Emergency Fix for Actively Exploited Chrome Zero-Day – CVE-2025-6554

CVE Research

Resource Categorization is Not Just Labelling

Managing cloud environments can become overwhelming with 1000+ resource types and around 200+ AWS services. To control costs, mitigate risks, and reduce operational complexity, it becomes essential to organize resources into meaningful categories. Cloud Security Asset Exposure categories provide a s...

CVE Research

CitrixBleed2: Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has urgently released security updates to address a critical memory overflow vulnerability, CVE-2025-6543, affecting NetScaler ADC and NetScaler Gateway. With a CVSS score of 9.2, this flaw is actively exploited in the wild, making immediate patching essential to prevent potential denial-of-s...

CVE Research

Generative AI and the New Cybersecurity Crossroads

The past year has redefined how AI in cybersecurity influences scale and speed. Generative models now bring a level of automation and linguistic precision that both attackers and defenders are rapidly absorbing into their workflows. Language models now analyze vulnerabilities, rewrite exploits, and ...

CVE Research

Apache Traffic Server Vulnerability: DoS Attacks via Memory Exhaustion

A newly identified vulnerability in Apache Traffic Server (ATS) allows attackers to initiate denial-of-service (DoS) attacks by exhausting server memory. The vulnerability, CVE-2025-49763, affects the Edge Side Includes (ESI) plugin and could lead to significant disruptions for enterprise users and ...

CVE Research

Veeam Patches CVE-2025-23121: Critical RCE Bug in Backup & Replication

Veeam, a prominent data backup and disaster recovery solution provider, has recently addressed a critical security vulnerability in its Backup and Replication software. The flaw, CVE-2025-23121, poses a significant risk as it could allow remote code execution (RCE) on affected systems. With a near-m...