Topic: mitigation recommendations
-
SonicWall warns admins: Disable SSLVPN now to stop attacks
SonicWall has issued an urgent alert to disable SSLVPN services due to potential zero-day exploits targeting Gen 7 firewalls, with ransomware attacks bypassing multi-factor authentication. Security researchers suspect an unpatched flaw in SonicWall’s SSL VPN technology, advising immediate mitigat...
Read More » -
Critical Security Flaw in Commvault Backup Suite Allows Remote Code Execution
A critical security vulnerability in on-premises Commvault deployments allows unauthenticated attackers to execute remote code by chaining four distinct flaws (CVE-2025-57788, CVE-2025-57789, CVE-2025-57790, and CVE-2025-57791). These vulnerabilities impact essential components like the Web Serve...
Read More » -
Fortinet FortiWeb Hacks Tied to Public RCE Exploits
Security teams are responding to active exploitation of a critical Fortinet FortiWeb vulnerability (CVE-2025-25257), allowing unauthenticated remote code execution via SQL injection, with attackers deploying web shells using public exploits. Over 160 FortiWeb instances were compromised within two...
Read More » -
Cisco Warns of Critical RCE Vulnerability in Firewall Software
Cisco has issued an urgent alert for a critical vulnerability (CVE-2025-20265) in its Secure Firewall Management Center Software, allowing attackers to take full control of affected systems with a severity rating of 10.0. The flaw stems from improper input validation in RADIUS authentication, ena...
Read More » -
Critical RCE Flaw in Wing FTP Server Actively Exploited by Hackers
A critical remote code execution vulnerability (CVE-2025-47812) in Wing FTP Server is being actively exploited, allowing attackers to execute arbitrary code with system privileges without authentication. The flaw stems from improper string handling and input sanitization, enabling attackers to in...
Read More » -
Mirai Botnet Targets TBK DVRs with Command Injection Exploit
A new Mirai botnet campaign exploits CVE-2024-3721, a critical flaw in TBK DVR devices, to recruit them for large-scale cyberattacks like DDoS. Over 50,000 vulnerable DVRs remain exposed globally, with infections concentrated in China, India, and Egypt, though patch availability is unclear due to...
Read More »
