Blog - OP INNOVATE

Filip Dimitrov • July 3, 2025

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in WordPress, allows unauthenticated attackers to…

Filip Dimitrov • July 2, 2025

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

On June 30, 2025, Google issued an emergency patch for a critical zero-day vulnerability in its Chrome browser, tracked as…

Filip Dimitrov • June 27, 2025

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its…

Filip Dimitrov • June 26, 2025

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC)…

Filip Dimitrov • June 24, 2025

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a…

Filip Dimitrov • June 24, 2025

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary…

Filip Dimitrov • June 23, 2025

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance…

Filip Dimitrov • June 19, 2025

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a…

Filip Dimitrov • June 16, 2025

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red…

WASP Platform

Solution

Incident Response

Application Security

Organization Security

Resources

Reports

Security & Compliance

Company

Latest Posts From OP Innovate

Recent Blog Posts

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

All Blog Posts

High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)

CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise