Security Research

CVE Research

Cisco Warns of Hardcoded Root SSH Credentials in Unified CM

A critical security vulnerability has been discovered in Cisco Unified Communications Manager (Unified CM), presenting a serious threat to organizations running impacted versions. Tracked as CVE-2025-20309 and carrying a maximum CVSS score of 10.0, the issue arises from hardcoded root credentials. T...

CVE Research

Vulnerability Management vs. Exposure Management: What’s the Difference

In the world of cybersecurity, there’s always a new buzzword, but some trends are more than just hype. Over the last couple of years, “exposure management” has been quietly gaining traction. While most organizations still rely on traditional vulnerability management to keep threats at bay, the reali...

CVE Research

What Might Be a Phishing Message?

Phishing remains one of the most common and dangerous cybersecurity threats facing individuals and organizations today. It’s often the entry point for more serious attacks, including ransomware, data theft, and business email compromise.

CVE Research

Top 10 Cloud Misconfigurations to Avoid

Cloud misconfigurations remain one of the most exploited weaknesses in enterprise infrastructure. According to the IBM X-Force Threat Intelligence Index 2024, misconfigured cloud services were involved in nearly 25% of cloud security incidents, second only to stolen credentials. These are not advanc...

CVE Research

Sudo LPE Vulnerabilities Resolved: What You Need to Know About CVE-2025-32462 and CVE-2025-32463

The Sudo utility has been identified as having two local privilege escalation vulnerabilities, CVE-2025-32462 and CVE-2025-32463. To mitigate these risks, it is recommended that Sudo be updated on Linux and macOS systems.

CVE Research

Predicted CVEs Likely to be Exploited – July 02, 2025

Welcome to your daily forecast of potential cyber threats. As part of our continuous effort to equip defenders with foresight, we present a list of Common Vulnerability Enumerations (CVEs) that our threat prediction models indicate are likely to be exploited in the near future.

CVE Research

Google Issues Emergency Fix for Actively Exploited Chrome Zero-Day – CVE-2025-6554

CVE Research

Resource Categorization is Not Just Labelling

Managing cloud environments can become overwhelming with 1000+ resource types and around 200+ AWS services. To control costs, mitigate risks, and reduce operational complexity, it becomes essential to organize resources into meaningful categories. Cloud Security Asset Exposure categories provide a s...

CVE Research

CitrixBleed2: Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543

Citrix has urgently released security updates to address a critical memory overflow vulnerability, CVE-2025-6543, affecting NetScaler ADC and NetScaler Gateway. With a CVSS score of 9.2, this flaw is actively exploited in the wild, making immediate patching essential to prevent potential denial-of-s...