top of page
ALL POSTS
CISA and BSI Alert Organizations to Critical PTC Windchill and FlexPLM Vulnerability
Key Findings CISA and BSI issued critical warning for CVE-2026-4681 affecting PTC Windchill and FlexPLM with CVSS score of 10.0 No patches available at time of advisory; exploitation could be imminent according to German media reports Remote Code Execution vulnerability exploitable through deserialization of untrusted data German police conducted unprecedented physical visits to companies to warn administrators, some at 3:30 AM PTC released indicators of compromise despite st
Mar 282 min read
CISA Warns of Critical SharePoint and Zimbra Vulnerability Exploits
Key Findings CISA added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog Vulnerabilities affect Microsoft SharePoint and Zimbra Collaboration Suite Federal agencies required to patch these vulnerabilities by specific deadlines One vulnerability allows remote code execution, the other enables cross-site scripting Background The U.S. Cybersecurity and Infrastructure Security Agency (CISA) continues its proactive approach to identifying and addressing
Mar 191 min read
Unauthenticated Root RCE Vulnerability in Critical Telnetd Flaw (CVE-2026-32746)
Key Findings * Critical unauthenticated remote code execution vulnerability in GNU InetUtils telnetd * CVE-2026-32746 with CVSS score of 9.8 * Affects all versions through 2.7 * Exploitable by sending crafted message during initial connection handshake * No authentication required to trigger vulnerability * Potential for complete system compromise Background The vulnerability was discovered by Israeli cybersecurity company Dream on March 11, 2026. It impacts the GNU InetUtils
Mar 182 min read
CISA Warns of Actively Exploited n8n Remote Code Execution Vulnerability Affecting 24,700 Instances
Key Findings * Critical remote code execution vulnerability in n8n workflow platform * CVE-2025-68613 added to CISA's Known Exploited Vulnerabilities (KEV) catalog * 24,700 unpatched instances exposed online * Vulnerability allows authenticated attackers to execute arbitrary code * FCEB agencies ordered to patch by March 25, 2026 Background n8n is an open-source workflow automation platform that allows users to connect different applications and services. The vulnerability ex
Mar 121 min read
SolarWinds Addresses Critical Vulnerabilities in Web Help Desk
Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8
Jan 291 min read
Fortinet Fixes Critical FortiSIEM Vulnerabilities
Key Findings Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances. The vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system. The flaw allows for OS command injection via crafted TCP requests to the phMonitor service running on port 7900. Fortinet has also patched a critical vulnerability in FortiFone (CVE-2025-47
Jan 142 min read
HPE OneView CVSS 10.0 Flaw Allows Unauthenticated Remote Code Execution
Key Findings HPE has disclosed a critical vulnerability (CVE-2025-37164) in its OneView infrastructure management software with a CVSS score of 10.0 The flaw allows unauthenticated remote code execution, enabling attackers to take full control of affected systems It impacts all versions of OneView prior to version 11.00 HPE has released an urgent patch to address the vulnerability and is advising customers to update as soon as possible For older OneView versions (5.20 to 10.2
Dec 18, 20252 min read
Microsoft Addresses 56 Security Flaws, Including Active Exploit and Two Zero-Days
Key Findings Microsoft released patches for 56 security vulnerabilities in various products across the Windows platform, including one vulnerability that has been actively exploited in the wild. Of the 56 flaws, three are rated Critical, and 53 are rated Important in severity. Two of the patched vulnerabilities are listed as publicly known at the time of the release. The vulnerabilities include 29 privilege escalation, 18 remote code execution, four information disclosure, th
Dec 10, 20252 min read
Chrome Emergency Fix: High-Severity V8 Flaw (CVE-2025-13042) Risks Remote Code Execution Update
Key Findings Google has released an emergency security update for Chrome Stable Channel, addressing a high-severity vulnerability in the V8 JavaScript engine (CVE-2025-13042) The vulnerability, described as an "inappropriate implementation in V8", could potentially lead to type confusion, memory corruption, or arbitrary code execution While no active exploitation is reported, V8 flaws have historically been targeted by threat actors for zero-day exploits in spear-phishing and
Nov 12, 20252 min read
bottom of page
