🔒CYBERSECURITY
Network Security & Vulnerability Management
Cisco Secure Email Gateway Critical Zero-Day (CVE-2025-20393) - Critical zero-day vulnerability in Cisco Secure Email Gateway and Cisco Secure Email and Web Manager allows remote code execution. CISA added to KEV catalog. Source: Netizen Vulnerability Review
WatchGuard Firebox RCE Vulnerability (CVE-2025-14733) - Critical out-of-bounds write vulnerability in WatchGuard Fireware OS enables unauthenticated remote code execution. Active exploitation confirmed. Source: Dark Reading
Fortinet FortiGate Critical Flaw (CVE-2025-59718) - CISA added this critical Fortinet FortiGate vulnerability to the KEV catalog shortly after discovery. Source: Dark Reading
Data Security & Privacy
MongoDB MongoBleed Vulnerability (CVE-2025-14847) - High-severity CVE-2025-14847 allows unauthenticated attackers to read uninitialized heap memory in MongoDB due to zlib compression flaw. Affects multiple systems. Source: Aikido Security Blog
Trust Wallet Chrome Extension Breach - $7 Million Stolen - Trust Wallet confirmed a targeted security breach in Chrome extension v2.68 on December 25, 2025, resulting in theft of approximately $7 million in cryptocurrency. Source: Forbes
Software Security & Vulnerabilities
n8n Remote Code Execution (CVE-2025-68613) - CVE-2025-68613 affects multiple n8n release branches due to improper sandboxing in the expression evaluation engine. Source: Resecurity Blog
Operation PCPcat: 59,000 Servers Hacked in 48 Hours - Attackers exploited CVE-2025-29927 and CVE-2025-66478 (both RCE vulnerabilities) to breach 59,000+ servers running React/Next.js. Source: eSecurityPlanet
Endpoint Security & Threat Intelligence
Digiever NVR Vulnerability (CVE-2025-52163) - High-severity missing authorization bug in Digiever DS-2105 Pro network video recorders added to CISA KEV catalog. Ongoing active attacks confirmed. Source: SC World
HP OneView RCE Vulnerability (CVE-2025-37164) - Maximum-severity RCE vulnerability in HPE OneView can be exploited by unauthenticated attackers. Source: Acronis Security Blog
TP-Link Zero-Day Router Threats (CVE-2023-50224 & CVE-2025-9377) - CISA added unpatched TP-Link zero-days to KEV catalog, threatening millions of routers. Urgent remediation mandated for federal agencies. Source: SecureBlink
No comments:
Post a Comment