2025-07-23: UPDATE: we now have a reliable detection method. Nearly 500 unique IP addresses are vulnerable, accounting for numerous government […]
CVE-2025-53770, nicknamed “ToolShell”, is a critical zero-day vulnerability in Microsoft SharePoint Server that allows unauthenticated remote code execution (RCE). It’s
CVE-2025-53770 & CVE-2025-53771 Read More »
Orange Cyberdefense (OCD) has discovered a critical vulnerability (CVE-2025-32432) in the Craft CMS software. OCD has approached us to work
CVE-2025-32432 – 0day Craft CMS discovered by Orange Cyberdefense Read More »
ShadowServer has discovered more than 17,000 Fortinet SSL VPNs compromised by what’s known as the symlink backdoor. We obtained the
Symlink backdoor on Fortinet SSL-VPN devices Read More »
The vulnerabilities identified as CVE-2025-24799 and CVE-2025-24801 affect GLPI, an open-source IT asset management tool. These vulnerabilities allow an unauthenticated
CVE-2025-24799 & CVE-2025-24801 Read More »
[..] The ONYPHE attack surface management platform has just added support for detecting GLPI vulnerabilities CVE-2025-24799 and CVE-2025-24801. Building on
LeMagIT – GLPI: 680 instances in France affected by two serious vulnerabilities Read More »
Over the past three years, the number of critical vulnerabilities affecting network equipment has increased significantly. Firewalls, routers, and other
March 2025 – Network Vulnerabilities Situation Report Read More »
CVE-2024-55591 is a critical privilege escalation vulnerability affecting FortiOS versions 7.0.0 through 7.0.16 and FortiProxy versions 7.0.0 through 7.0.19 and
Written on 2025/01/31 First of all, we wish you and your loved ones a wonderful year in 2025. May it
Retrospective 2024 and Roadmap 2025 Read More »
As you have probably seen by now @evilsocket published an amazing blog on vulnerabilities in CUPS. If you’ve been staying
Detecting cups vulnerabilities while staying ethical Read More »
The CVE-2024-3400 vulnerability is a critical flaw discovered in the GlobalProtect functionality of Palo Alto Networks’ PAN-OS operating system. It
[..] ONYPHE Founder & CTO Patrice Auffret told BleepingComputer that he believes the threat actors behind the attacks are deploying
BleepingComputer – Hackers update Cisco IOS XE backdoor to hide infected devices Read More »
