MUST READ

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

 | 

Prosper disclosed a data breach impacting 17.6 million accounts

 | 

Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

 | 

PowerSchool hacker got four years in prison

 | 

Auction house Sotheby’s disclosed a July data breach

 | 

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

 | 

U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

 | 

Spanish fashion retailer MANGO disclosed a data breach

 | 

Qilin Ransomware announced new victims

 | 

200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass

 | 

SAP fixed maximum-severity bug in NetWeaver

 | 

Unencrypted satellites expose global communications

 | 

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

 | 

Researchers warn of widespread RDP attacks by 100K-node botnet

 | 

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

 | 

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

 | 

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

 | 

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

 | 

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

 | 

Gladinet

Pierluigi Paganini October 11, 2025
CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a zero-day in Gladinet CentreStack and Triofox. A local user can exploit the issue to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud […]

Pierluigi Paganini April 15, 2025
Gladinet flaw CVE-2025-30406 actively exploited in the wild

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software. The vulnerability CVE-2025-30406 (CVSS score 9.0) is a deserialization issue due to the CentreStack portal’s hardcoded machineKey use. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

Security / October 17, 2025

Prosper disclosed a data breach impacting 17.6 million accounts

Data Breach / October 17, 2025

Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Cyber Crime / October 17, 2025

PowerSchool hacker got four years in prison

Security / October 17, 2025

Auction house Sotheby’s disclosed a July data breach

Data Breach / October 17, 2025