LinkPro eBPF Rootkit Exploitation via Jenkins (CVE-2024-23897)
Published on: November 7, 2025
OverviewLinkPro is a newly identified GNU/Linux rootkit discovered by Synacktiv following the compromise of an AWS environment. The intrusion originated from an exposed Jenkins server vulnerable to CVE-2024-23897, which was exploited...
CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware
Published on: November 6, 2025
Overview: CISA has issued an urgent alert regarding CVE-2024-1086, a use-after-free vulnerability in the Linux kernel’s netfilter: nf_tables component. The flaw allows local attackers to escalate privileges to root, enabling ransomware...
October Top Security Vulnerabilities (CVE Report)
Published on: November 2, 2025
Top CVE's report for month of October2025October Top Vulnerabilities OverviewIn October, multiple critical and high severity vulnerabilities were disclosed, including remote code execution flaws in widely used services, authentication bypass weaknesses, privilege...
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process (CVE-2025-49201)
Published on: October 30, 2025
OverviewCVE-2025-49201 is a critical authentication vulnerability affecting the Web Administration Daemon/Graphical User Interface (WAD/GUI) components of FortiPAM and FortiSwitch Manager. First disclosed in mid-October 2025, this flaw allows unauthenticated attackers to...
Malicious NPM packages fetch infostealer for Windows, Linux, macOS
Published on: October 30, 2025
OverviewSecurity researchers have identified malicious NPM packages that deliver an infostealer payload targeting Windows, Linux, and macOS environments. These packages are designed to execute upon installation or runtime, harvesting sensitive user data,...
Out-of-Band Security Update to Mitigate Windows Server Update Service Vulnerability - CVE-2025-59287
Published on: October 29, 2025
Overview:A critical remote code execution (RCE) vulnerability has been identified in the Windows Server Update Services (WSUS) component of certain Microsoft Windows Server versions, tracked as CVE?2025?59287. The vulnerability stems from...
Qilin Ransomware that Target VMware and Windows Networks using Linux RATs.
Published on: October 28, 2025
OverviewThe Agenda (Qilin) ransomware group has evolved its attack methodology by deploying Linux ransomware variants directly on Windows systems, challenging traditional endpoint detection controls.According to Trend™ Research, the group abused legitimate...
FortiOS CLI Command Bypass Vulnerability
Published on: October 16, 2025
Overview:Fortinet has disclosed a high-severity vulnerability in FortiOS, the operating system powering FortiGate firewalls and VPN devices. Identified as CVE-2025-58325, this flaw allows an authenticated attacker with CLI access to bypass...
September Top Security Vulnerabilities (CVE Report)
Published on: October 10, 2025
Top CVE's report for month of September2025September Top Vulnerabilities OverviewIn September, multiple critical and high?severity vulnerabilities were disclosed, including remote code execution flaws in widely used services, authentication bypass weaknesses, privilege escalation...
Disabling Inline SVG Image Display in Outlook for Web and Windows
Published on: October 7, 2025
OverviewMicrosoft has announced a significant security enhancement for Outlook users. As part of this update, inline SVG (Scalable Vector Graphics) image support will be retired across both Outlook for Web (OWA) and...