NIST’s NVD program aimed to analyze all CVEs to add details — such as severity scores and product lists that mostly assisted cybersecurity professionals prioritize and mitigate vulnerabilities.
Continue Reading
CVE-2026-34197, an Apache ActiveMQ flaw
Continue Reading
CISA emphasized the urgency of addressing these vulnerabilities
Continue Reading
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-25108 to its Known Exploited Vulnerabilities (KEV) catalog, that is being exploited in the wild.
Findings from CISA also confirmed about the flaw, that it affects Soliton Systems K.K. FileZen, a file transfer product. It has been included in KEV, sensing urgency for organizations still running vulnerable versions of the product.
“Soliton Systems K.K FileZen contains an OS command injection vulnerability when a user logs-in to the affected product and sends a specially crafted HTTP request,” CISA said.
Key Findings from FileZen CVE-2026-25108 vulnerability added in CISA’s KEV list
The primary reason after evaluation by threat researcher’s were –
FileZen CVE-2026-25108 is an OS command injection vulnerability. According to NVD, when the FileZen Antivirus Check Option is enabled, a logged-in user can send a specially crafted HTTP request and execute arbitrary operating system commands. In such scenario an attacker with valid access could potentially run commands on the underlying server, creating serious risk to confidentiality, integrity, and availability.
Why CISA added FileZen CVE-2026-25108 to its KEV
JVN states that if a user logs in to the affected product and sends a specially crafted HTTP request, an arbitrary OS command may be executed.
Soliton similarly says there is a possibility that a remote third party could execute arbitrary OS commands within FileZen.
The practical impact of that can be severe. Depending on server configuration and user privileges, successful exploitation could allow an attacker to:
Technical Analysis of CVE-2026-25108
OS command injection occurs when an application transmits unsafe data-such as cookies, form fields, or HTTP headers-to an operating system shell. In the case of FileZen, the vulnerability manifests during the file processing phase when the Antivirus Check Option is active. The system’s internal logic processes HTTP requests in a manner that allows an attacker to append shell commands to legitimate parameters.
Remediation & understanding why it is essential to integrate with threat intelligence monitoring platform
Organizations utilizing these versions must prioritize the transition to version 5.0.11 or later. When vendor platform Soliton indicated that simply disabling the Antivirus Check Option may reduce the immediate attack surface but does not replace the requirement for a full firmware update.
As per vendor’s suggestion a resetting of password for all users if an organization suspects a compromise. Integration with cyber threat intelligence platform will provide early warning indicators of exploitation as cyber threat intelligence platforms collect data from various sources to provide early warning indicators of exploitation.
CISA has set a deadline of March 17, 2026, for Federal Civilian Executive Branch (FCEB) agencies to remediate CVE-2026-25108. This mandate specifically applies to federal agencies, it serves as a stark reminder for private sector organizations. The inclusion in the KEV catalog implies that the vulnerability is being used in the wild, likely by state-sponsored actors or organized cybercriminal groups.
Sources; CVE-2026-25108 CISA Confirms Active Exploitation of FileZen
VMware ESXi VMware vulnerabilities
Continue Reading
Critical Solar Winds Vulnerabilities being Exploited by Threat Actors
Continue Reading
Ivanti has disclosed two critical code injection vulnerabilities in its Endpoint Manager Mobile (EPMM) product that enable unauthenticated remote code execution and have been exploited in zero-day attacks.
Continue Reading
CISA, the cyber security agency from US has added a serious vulnerability in Oracle E-Business Suite.As per CISA the flaw tracked in an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog.
Vulnerability CVE-2025-61884
Oracle published CVE-2025-61884, a server-side request forgery (SSRF) vulnerability in the Oracle Configurator runtime component, on October 11.
The bug received a CVSS score of 7.5 and does not require authentication to exploit. According to the company, attackers can use this vulnerability to gain “unauthorized access to critical data or full access to all Oracle Configurator data.”
Government organizations in the US must install patches before November 10. However, Oracle itself has not yet confirmed the exploitation.
In early October, Mandiant revealed that the Clop ransomware gang had begun sending extortion emails to companies, claiming that they had stolen data from Oracle E-Business Suite instances using zero-day flaws.
Oracle responded to this news by stating that the threat actors had exploited previously patched flaws disclosed in July.
As per Bleeping computers CVE-2025-61884 addresses the flaw by validating an attacker-supplied “return_url” using a regular expression. If the validation fails, the request is blocked.
To this day, it remains unclear why Oracle listed the ShinyHunters exploit as an IOC for CVE-2025-61882, when it is actually intended for CVE-2025-61884.
Oracle EBS under attack
Orcale E-Business Suit is under targeted atatck by threat actors and investigations by various research teams from Mandiant and Crowdstrike revealed that Oracle EBS had been targeted in two different campaigns.
/configurator/UiServlet” endpoint, which is now confirmed as CVE-2025-61884./OA_HTML/SyncServlet” endpoint, and was fixed under CVE-2025-61882 through mod_security rules to block the endpoint and by stubbing out the SYNCSERVLET class. This flaw is attributed to Clop.Oracle disclosed CVE-2025-61884 on October 11 but did not confirm whether it had been exploited, despite having fixed the exploit used in the July attacks. Earlier when the vulnerability CVE-2025-61884 was discovered concerns an information disclosure flaw in the Runtime UI component.
Last week Oracle released an emergency patch this weekend for a critical vulnerability in E-Business Suite. This software flaw can be exploited by attackers without authentication to steal sensitive data.Oracle has assigned the vulnerability a CVSS score of 7.5, which underscores the severity of the problem.
CISA also confirmed that five new vulnerabilities are actually being used to attack systems in the real world. These 5 new CVE’s hit everything from business apps to CMS platforms to core Windows components.
These are
Threat Mitigation by Oracle E Business Suit when hunting for Threat indicators
• Look for weird patterns in Oracle EBS requests – could be a SSRF issue
• See if there are any spikes in SMB share privileges & check Kentico logs for anything fishy
• Browser logs are the place to look for JavaScriptCore crashes or just weird execution
Oracle released critical patch for a wide range of products and this include
The Critical Patch Update provides security updates for a wide range of product families: Oracle Database Server, Oracle Application Express, Oracle Blockchain Platform, Oracle GoldenGate, Oracle NoSQL Database, Oracle REST Data Services, Oracle Commerce, Oracle Communications Applications, Oracle Communications, Oracle Construction and Engineering, Oracle E-Business Suite, Oracle Enterprise Manager, Oracle Financial Services Applications, Oracle Fusion Middleware, Oracle Analytics, Oracle Health Sciences Applications, Oracle HealthCare Applications, Oracle Hospitality Applications, Oracle Hyperion, Oracle Insurance Applications, Oracle Java SE, Oracle JD Edwards, Oracle MySQL, Oracle PeopleSoft, Oracle Retail Applications, Oracle Siebel CRM, Oracle Supply Chain, Oracle Systems, Oracle Utilities Applications, and Oracle Virtualization.
Sources: CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
4 Actively exploited Zero-days affecting millions of devices,. This include 3 targeted by Nation-state actor “ArcaneDoor”.
Security Advisory: Cisco has released critical security updates to address two zero-day vulnerabilities referring to CVE-2025-20333 and CVE-2025-20362 in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software.
CISA has also added in their KEV catalog and including additional actions tailored to each agency’s status in Emergency Directive ED 25-03 document.
CISA said ‘”The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution [RCE] on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade,”.
CISA has reported that an advanced threat actor ArcaneDoor, threat actor has demonstrated a capability to successfully modify ASA ROM at least as early as 2024. These zero-day vulnerabilities in the Cisco ASA platform are also present in specific versions of Cisco Firepower appliances’ Secure Boot would detect the identified manipulation of the ROM.
| Severity | Critical |
| CVSS Score | 9.9 |
| CVEs | CVE-2025-20333, CVE-2025-20362 |
| POC Available | No |
| Actively Exploited | Yes |
| Exploited in Wild | Yes |
| Advisory Version | 1.1 |
Overview
The flaws discovered are actively exploited in the wild which allow attackers to execute arbitrary code or access restricted endpoints without authentication. Admins are urged to immediately apply Cisco’s fixed releases to mitigate these actively exploited zero-day vulnerabilities
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| Buffer Overflow Vulnerability | CVE-2025-20333 | Cisco Secure Firewall Adaptive Security Appliance (ASA), Cisco Secure Firewall Threat Defense (FTD) | Critical | Update to the latest version |
| Missing Authorization Vulnerability | CVE-2025-20362 | Cisco Secure Firewall Adaptive Security Appliance (ASA), Cisco Secure Firewall Threat Defense (FTD) | Medium | Update to the latest version |
Technical Summary
Cisco has released security updates to address multiple vulnerabilities in the VPN web server of Secure Firewall ASA and FTD Software.
The most severe issue is a critical remote code execution vulnerability that could allow an authenticated attacker with valid VPN credentials to send specially crafted HTTP(S) requests and execute arbitrary code with root-level privileges, potentially resulting in full compromise of the affected device and control of its operations.
In addition, a medium-severity vulnerability was identified that could enable unauthenticated attackers to bypass access controls and access restricted web resources without authentication, potentially exposing sensitive information or limited administrative functions.
Both vulnerabilities are caused by improper validation of user-supplied HTTP(S) input, making them exploitable over the network.
Cisco has confirmed that there are no workarounds available, and administrators are strongly advised to upgrade to the fixed software versions immediately to ensure the security and integrity of their environments.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-20333 | Cisco Secure Firewall ASA Software, Cisco Secure FTD Software | Improper input validation in the VPN web server enables authenticated remote users to send crafted HTTP requests that allow arbitrary code execution with root privileges. | Remote Code Execution |
| CVE-2025-20362 | Cisco Secure Firewall ASA Software, Cisco Secure FTD Software | The VPN web server does not properly validate HTTP(S) user-supplied input. Attackers can exploit this by sending specially crafted requests to bypass authentication and access restricted URL endpoints. | Unauthorized access |
Recommendations:
Conclusion:
These vulnerabilities present a significant risk as they are actively being exploited in the wild and can lead to complete system compromise or unauthorized access to sensitive resources.
Since no workarounds are available, applying the latest Cisco security updates is the only effective remediation. Administrators should prioritize immediate patching across all affected devices to protect their environment from ongoing exploitation attempts and ensure continued resilience of critical firewall infrastructure.
References:
Summary
| OEM | |
| Severity | Medium |
| CVSS Score | 5.4 |
| CVEs | CVE-2025-55177 |
| POC Available | No |
| Actively Exploited | No |
| Exploited in Wild | No |
| Advisory Version | 1.0 |
Overview
A security vulnerability recently discovered in WhatsApp’s linked device feature that allows users to access WhatsApp across multiple devices, such as phones and computers.
CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) Catalog, highlighting its significance. The flaw allows attackers to send crafted messages that forced WhatsApp to load malicious content from a rogue website without any user interaction. WhatsApp and Apple already patched the issue and users are urged to update their apps immediately to stay protected.
| Vulnerability Name | CVE ID | Product Affected | Severity | Fixed Version |
| WhatsApp Incorrect Authorization Vulnerability | CVE-2025-55177 | Medium | 2.25.21.73 and later. WB iOS 2.25.21.78 and later. WhatsApp Desktop for Mac 2.25.21.78 and later. |
Technical Summary
The vulnerability was due to incomplete authorization of synchronization messages in WhatsApp’s linked device feature. This flaw allowed an attacker to send crafted sync messages that could trick WhatsApp into processing content from an arbitrary URL, even if the message came from an untrusted source.
This could result in WhatsApp loading and executing malicious content on the target device without any user interaction. The impact of the attack was significantly increased when combined with a separate Apple OS vulnerability (CVE-2025-43300), making it suitable for sophisticated, targeted exploitation.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-55177 | WhatsApp for iOS (v2.22.25.2 to v2.25.21.72) WhatsApp Business for iOS (v2.22.25.2 to v2.25.21.77) WhatsApp Desktop for Mac (v2.22.25.2 to v2.25.21.77 | Incomplete authorization in the linked device sync feature allowed attackers to send crafted sync messages that caused WhatsApp to load content from an arbitrary URL without user interaction. This could be used to execute malicious code on the device. | Remote code execution, |
Remediation:
Update the WhatsApp in iOS and mac devices to the latest version
Conclusion:
The WhatsApp vulnerability highlights the growing risks of zero-click attacks, where devices can be compromised without any user interaction. This flaw has been exploited in targeted attacks and poses a serious threat to user security and privacy. It is important for all users to keep their apps and operating systems up to date and follow trusted security recommendations
References:
Recent Comments