Introduction: what’s the problem? A critical misconfiguration vulnerability in Adobe Experience Manager (AEM) Forms on JEE, tracked as CVE-2025-54253 and rated CVSS 10.0, is being actively exploited in the wild. The flaw enables pre-authentication compromise of AEM Forms servers and…
Introduction — the problem in a nutshell Cisco IOS/IOS XE devices are under active attack via CVE-2025-20352, a stack overflow in the SNMP subsystem. Once exploited (with the required credentials), attackers can execute code as root and implant a stealthy…
Introduction: what happened Dairy Farmers of America (DFA)—a farmer-owned U.S. dairy cooperative—confirmed that a June 2025 cyberattack led to the exposure of personal data for 4,546 individuals, including employees and co-op members. Stolen data may include names, SSNs, driver’s license/ID…
Introduction: what’s vulnerable and why it matters Multiple file-parsing vulnerabilities in Fuji Electric V-SFT—the configuration/development software used to program MONITOUCH HMIs—can be triggered when an engineer opens a malicious V-SFT project file. Successful exploitation can lead to arbitrary code execution…
Introduction: A new spin on bulletproof hosting Google’s Threat Intelligence Group (GTIG) reports that a DPRK-linked cluster (UNC5342) is now using EtherHiding—a technique that stores second-stage malware inside public blockchain smart contracts on chains like BNB Smart Chain and Ethereum.…
Introduction: what happened Sotheby’s has disclosed a data breach following a July 24, 2025 intrusion in which an unknown actor removed files from the company’s environment. Subsequent review confirmed exposure of highly sensitive personal data—including full names, Social Security numbers…
Introduction: a zero-day chain from LFI to RCE Gladinet has released security updates for its CentreStack (and hosted equivalents) after researchers observed in-the-wild exploitation of a new bug tracked as CVE-2025-11371. The flaw is an unauthenticated Local File Inclusion (LFI)…
Introduction: what happened and why it matters Microsoft says it disrupted an ongoing ransomware operation by revoking more than 200 fraudulently used code-signing certificates tied to Vanilla Tempest (aka Vice Spider / Vice Society). The actor signed fake Microsoft Teams…
Introduction: what is CVE-2025-20352? CVE-2025-20352 is a stack overflow in the SNMP subsystem of Cisco IOS and IOS XE. Under specific conditions, it lets an attacker crash devices (DoS) or—if they already have higher privileges—execute code as root on affected…
Introduction: what happened and why it matters F5 disclosed that a nation-state actor maintained long-term persistence in parts of its network and exfiltrated files, including portions of BIG-IP source code and non-public vulnerability information. In response, multiple governments issued urgent…