top of page
ALL POSTS
Critical CrowdStrike LogScale Vulnerability Exposes Files to Unauthorized Access
Key Findings CrowdStrike disclosed CVE-2026-40050, a critical unauthenticated path traversal vulnerability in LogScale self-hosted The flaw allows remote attackers to read arbitrary files from server filesystems without authentication Next-Gen SIEM and LogScale SaaS customers are not affected due to network-layer mitigations applied April 7, 2026 Self-hosted LogScale customers must urgently upgrade to patched versions No known active exploitation has occurred to date The vuln
Apr 272 min read
Critical Triofox Zero-Day (CVE-2025-12480): Unauthenticated Admin Takeover Through Host Header Bypass
Key Findings Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed a critical unauthenticated access vulnerability in Gladinet's Triofox file-sharing platform (CVE-2025-12480). The vulnerability allowed attackers to bypass authentication, create administrative accounts, and achieve SYSTEM-level code execution through a chained attack path. The exploitation campaign was first detected on August 24, 2025, when Google Threat Intelligence
Nov 11, 20252 min read
bottom of page
