top of page
ALL POSTS
Multiple Security Flaws Resolved Across Framework and Core Application Components
Key Findings Java ecosystem receives critical security patches addressing multiple high-severity vulnerabilities across Spring Security, Spring Web Services, and Spring GraphQL frameworks Cross-site scripting flaw (CVE-2026-41003) in authentication filters allows remote code execution within user sessions Server-side request forgery vulnerability (CVE-2026-40999) enables attackers to access internal hosts and cloud metadata endpoints Unsafe deserialization defect (CVE-2026-41
Jun 123 min read
Critical CVE-2026-42897: Microsoft Exchange Server Zero-Day Under Active Exploitation
Key Findings Microsoft Exchange Server vulnerability CVE-2026-42897 is actively being exploited in the wild Cross-site scripting flaw with CVSS score of 8.1 enables spoofing and arbitrary JavaScript execution Vulnerability affects on-premises Exchange Server 2016, 2019, and Subscription Edition at any update level Exchange Online is not impacted Temporary mitigation available through Exchange Emergency Mitigation Service; permanent patch in development Attackers deliver explo
May 152 min read
Curated CVE Watch - CISA Known Exploited Vulnerabilities
Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are: CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution. CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability. These vulnerabilities have been actively exploited b
Feb 212 min read
Researchers Spy on Threat Actor Operations Due to Security Bug in StealC Malware Panel
Key Findings Cybersecurity researchers discovered a cross-site scripting (XSS) vulnerability in the web-based control panel used by operators of the StealC information stealer malware. By exploiting the flaw, researchers were able to collect system fingerprints, monitor active sessions, and steal cookies from the infrastructure designed for cookie theft. StealC is a malware-as-a-service (MaaS) offering that emerged in January 2023, leveraging YouTube as a primary distribution
Jan 193 min read
Critical Apache OFBiz Flaw (CVE-2025-59118) Enables Remote Command Execution through Unrestricted File Upload
Key Findings Newly disclosed vulnerabilities in Apache OFBiz, an open-source ERP platform CVE-2025-59118: Unrestricted File Upload vulnerability allowing remote command execution (RCE) CVE-2025-61623: Reflected cross-site scripting (XSS) vulnerability Background Apache OFBiz is an open-source enterprise resource planning (ERP) software used for managing critical business workflows, including accounting, e-commerce, and inventory management. As a widely adopted ERP platform, v
Nov 12, 20251 min read
bottom of page
