zero-day
Exploited: Critical Unauthenticated Access Vulnerability in CrushFTP (CVE-2025-2825)
In the ever-evolving landscape of web application vulnerabilities, a new critical flaw has emerged. CVE-2025-2825 is a high-severity vulnerability that allows attackers to bypass authentication on CrushFTP servers. This popular enterprise file ...
Exploited! Kentico Xperience Staging Service Authentication Bypass Vulnerabilities (CVE-2025-2746 & CVE-2025-2747)
Recently, two critical security flaws were discovered in Kentico Xperience 13, a popular digital experience platform (CMS). Tracked as CVE-2025-2746 and CVE-2025-2747, these vulnerabilities allow unauthenticated attackers to bypass the Staging Sync ...
Microsoft Won’t Fix This Bad Zero Day (Despite Wide Abuse)
Satya says NO: Redmond blames Windows users, rather than solve 30-year-old bug—exploited since 2017 ...
Application Detection and Response Analysis: Why ADR? How ADR Works, and ADR Benefits
Two highly respected technology analysts from different cybersecurity disciplines are coming together to recommend that companies consider Application Detection and Response. Organizations face a constant barrage of cyber threats, including zero-day vulnerabilities ...
Exploited! Apache Tomcat Path Equivalence Vulnerability (CVE-2025-24813)
Apache Tomcat recently disclosed a critical security vulnerability, CVE-2025-24813, affecting several versions of its widely used servlet container. This vulnerability arises from improper handling of path equivalence checks involving filenames with internal ...
Can Autonomous LLM Agents Exploit One Day Vulnerabilities?
Introduction – Explaining Arxiv 2404.08144 research on the topic of LLM agents and one day exploits When generative AI first emerged, the cybersecurity community primarily focused on two promising benefits: However, a ...
Exploited: XWiki Remote Code Execution Vulnerability (CVE-2025-24893)
Overview A newly discovered critical vulnerability in the XWiki Platform, tracked as CVE-2025-24893, allows unauthenticated remote code execution (RCE) through the SolrSearch macro. This vulnerability was assigned a CVSS score of 9.8 ...
Exploited! PAN‑OS Authentication Bypass Vulnerability (CVE‑2025‑0108)
What is CVE‑2025‑0108 PAN‑OS Authentication Bypass Vulnerability? Recently, Palo Alto Networks disclosed CVE‑2025‑0108—a high-severity authentication bypass in the PAN‑OS management web interface. Although the flaw does not enable remote code execution, it ...
Why Zero-Day Attacks Bypass Traditional Firewall Security: Defending Against Zero-Day’s like Palo Alto Networks CVE-2024-0012
Recently, Palo Alto Networks identified and patched a critical zero-day vulnerability in their next-generation firewalls (NGFWs). This vulnerability, tracked as CVE-2024-0012, allowed attackers to execute code on vulnerable devices remotely. This vulnerability ...
Zero-Day Exploits Surge in 2023, Cisco, Fortinet Vulnerabilities Targeted
A report from the Five Eyes cybersecurity alliance, released by the CISA, highlights the majority of the most exploited vulnerabilities last year were initially zero-day flaws, a significant increase compared to 2022 ...
