Identifying Sharepoint boxes vulnerable to ToolShell, at scale
Along with everyone else in the cybers, last weekend we watched a wave of realization hit Sharepoint admins around the world as they were…
Massive Exploitation of Microsoft SharePoint Server Following the Disclosure of CVE-2025-53770
2025-07-23: UPDATE: we now have a reliable detection method. Nearly 500 unique IP addresses are vulnerable, accounting for…
CVE-2025-53770 & CVE-2025-53771
CVE-2025-53770, nicknamed “ToolShell”, is a critical zero-day vulnerability in Microsoft SharePoint Server that allows unauthenticated remote code execution…
CVE-2025-32432 – 0day Craft CMS discovered by Orange Cyberdefense
Orange Cyberdefense (OCD) has discovered a critical vulnerability (CVE-2025-32432) in the Craft CMS software. OCD has approached us…
Symlink backdoor on Fortinet SSL-VPN devices
ShadowServer has discovered more than 17,000 Fortinet SSL VPNs compromised by what’s known as the symlink backdoor. We…
New critical vulnerabilities in GLPI : CVE-2025-24799 and CVE-2025-24801
Two vulnerabilities in the IT asset management tool GLPI have been published under the heading “Pre-authentication SQL injection…
CVE-2025-24799 & CVE-2025-24801
The vulnerabilities identified as CVE-2025-24799 and CVE-2025-24801 affect GLPI, an open-source IT asset management tool. These vulnerabilities allow…
LeMagIT – GLPI: 680 instances in France affected by two serious vulnerabilities
[..] The ONYPHE attack surface management platform has just added support for detecting GLPI vulnerabilities CVE-2025-24799 and CVE-2025-24801….
March 2025 – Network Vulnerabilities Situation Report
Over the past three years, the number of critical vulnerabilities affecting network equipment has increased significantly. Firewalls, routers,…
