ALL POSTS

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47

Key Findings HPE has disclosed a critical vulnerability (CVE-2025-37164) in its OneView infrastructure management software with a CVSS score of 10.0 The flaw allows unauthenticated remote code execution, enabling attackers to take full control of affected systems It impacts all versions of OneView prior to version 11.00 HPE has released an urgent patch to address the vulnerability and is advising customers to update as soon as possible For older OneView versions (5.20 to 10.2

Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th

Key Findings Google has released an emergency security update for Chrome Stable Channel, addressing a high-severity vulnerability in the V8 JavaScript engine (CVE-2025-13042) The vulnerability, described as an "inappropriate implementation in V8", could potentially lead to type confusion, memory corruption, or arbitrary code execution While no active exploitation is reported, V8 flaws have historically been targeted by threat actors for zero-day exploits in spear-phishing and