Blog - OP INNOVATE

Filip Dimitrov • June 19, 2025

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a…

Filip Dimitrov • June 16, 2025

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red…

Filip Dimitrov • June 16, 2025

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

Over 46,000 internet-facing Grafana servers (≈36 % of those online) are still running versions susceptible to CVE-2025-4123, a high-severity open-redirect…

Filip Dimitrov • June 11, 2025

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)

Published: June 11, 2025 Threat Level: High Affected Product: Microsoft Outlook (Microsoft 365 Apps for Enterprise, Office LTSC 2024) CVSS…

Filip Dimitrov • June 11, 2025

How MSSPs Are Turning Penetration Testing Into Recurring Revenue with WASP

When OP Innovate first launched WASP in 2022, we weren’t chasing unicorn status or massive VC rounds. We were focused…

Filip Dimitrov • June 9, 2025

CVE-2025-49113: Actively Exploited Critical Vulnerability in Roundcube Webmail

Severity: Critical (CVSS 9.9) Status: Active Exploitation Confirmed On June 1, 2025, Roundcube developers issued critical security updates to patch…

Filip Dimitrov • June 6, 2025

CVE-2025-20286: Cloud Credential Reuse Exposes Cisco ISE to Remote Exploitation

Cisco Identity Services Engine Cloud Static Credential Vulnerability Date: June 6, 2025Severity: Critical (CVSS 9.9)Threat Level: HIGHExploitation Status: Proof-of-Concept (PoC)…

Filip Dimitrov • June 5, 2025

CVE-2025-5419: Google Patches Actively Exploited Chrome Zero-Day

Google has released an emergency security update to address a high-severity zero-day vulnerability in Chrome (CVE-2025-5419), which is already being…

Filip Dimitrov • June 3, 2025

Critical Cisco IOS XE Flaw (CVE-2025-20188): Exploit Details Now Public

A critical vulnerability in Cisco IOS XE Wireless LAN Controllers (WLCs), tracked as CVE-2025-20188, is now drawing heightened concern after…

WASP Platform

Solution

Incident Response

Application Security

Organization Security

Resources

Reports

Security & Compliance

Company

Latest Posts From OP Innovate

Recent Blog Posts

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise Zero to Hero: How Our...

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123) One-Third of All Grafana Instances...

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)

All Blog Posts

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)

How MSSPs Are Turning Penetration Testing Into Recurring Revenue with WASP

CVE-2025-49113: Actively Exploited Critical Vulnerability in Roundcube Webmail

CVE-2025-20286: Cloud Credential Reuse Exposes Cisco ISE to Remote Exploitation

CVE-2025-5419: Google Patches Actively Exploited Chrome Zero-Day

Critical Cisco IOS XE Flaw (CVE-2025-20188): Exploit Details Now Public