Skip to content

Attack Surface Management (ASM)

Weekly Report: New Hacking Techniques and Critical CVEs: June 24-30, 2025

The final week of June 2025 witnessed an unprecedented escalation in sophisticated cyber warfare, with critical infrastructure bearing the brunt of state-sponsored espionage campaigns and financially motivated ransomware operations. This period was marked by the convergence of traditional cybercrime tactics with cutting-edge AI-powered attack vectors, presenting a complex threat landscape that challenges conventional security paradigms.… Read More »Weekly Report: New Hacking Techniques and Critical CVEs: June 24-30, 2025

Weekly Cybersecurity Breach Report June 24-30, 2025

The final week of June 2025 marked one of the most devastating periods in cybersecurity history, with unprecedented credential theft affecting 16 billion login credentials and a surge in sophisticated nation-state attacks targeting critical infrastructure and major corporations. This period witnessed the emergence of advanced AI-powered attack techniques, including deepfake Zoom meetings by North Korean… Read More »Weekly Cybersecurity Breach Report June 24-30, 2025

Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Zero-day vulnerabilities are a serious threat to organizations all over the world in the consistently elevating field of cybersecurity. Recently, a critical vulnerability known as CVE-2025-48827 surfaced, leaving systems vulnerable to privilege escalation alongside remote code execution (RCE) attacks. This blog post provides an in-depth analysis of the vulnerability, a step-by-step exploitation guide, and actionable… Read More »Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827

Weekly Cybersecurity Breach Report: June 19–25, 2025

This week’s landscape was dominated by sophisticated espionage and ransomware campaigns spanning telecommunications, insurance, finance, supply chain, critical infrastructure, and software supply chains. State-sponsored and criminal threat actors alike leveraged zero-day exploits, social engineering, code-signing abuse, and destructive malware to breach high-value targets. Key incidents include the Salt Typhoon compromise of Cisco infrastructure, Scattered Spider’s… Read More »Weekly Cybersecurity Breach Report: June 19–25, 2025

Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability

In April 2025, a critical pre-auth Remote Code Execution vulnerability, CVE-2025-34028, was discovered in Commvault Command Center. This vulnerability allows attackers to achieve remote code execution without authentication by exploiting an Server-Side Request forgery (SSRF) and a path traversal issue that enables uploading and executing malicious ZIP files. With a CVSS score of 10.0, this… Read More »Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability