Blog - OP INNOVATE

Filip Dimitrov • June 27, 2025

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

On June 25, 2025, Cisco disclosed and patched two critical remote code execution (RCE) vulnerabilities: CVE-2025-20281 and CVE-2025-20282, affecting its…

Filip Dimitrov • June 26, 2025

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

On June 25, 2025, CISA added CVE‑2024‑54085, a critical authentication bypass vulnerability in the MegaRAC SPx Baseboard Management Controller (BMC)…

Filip Dimitrov • June 24, 2025

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls The UK’s National Cyber Security Centre (NCSC) has issued an alert regarding a…

Filip Dimitrov • June 24, 2025

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

A critical local privilege escalation vulnerability in the Notepad++ v8.8.1 installer allows attackers to escalate to NT AUTHORITY\SYSTEM using binary…

Filip Dimitrov • June 23, 2025

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

When it comes to red team operations, the tools you choose can make or break the engagement. From initial reconnaissance…

Filip Dimitrov • June 19, 2025

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Security researchers have uncovered a critical privilege escalation chain in major Linux distributions that allows any local user with a…

Filip Dimitrov • June 16, 2025

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

“The weakest link in your security chain might be sitting right on your desk.” At OP Innovate, our CREST-certified red…

Filip Dimitrov • June 16, 2025

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

Over 46,000 internet-facing Grafana servers (≈36 % of those online) are still running versions susceptible to CVE-2025-4123, a high-severity open-redirect…

Filip Dimitrov • June 11, 2025

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)

Published: June 11, 2025 Threat Level: High Affected Product: Microsoft Outlook (Microsoft 365 Apps for Enterprise, Office LTSC 2024) CVSS…

WASP Platform

Solution

Incident Response

Application Security

Organization Security

Resources

Reports

Security & Compliance

Company

Latest Posts From OP Innovate

Recent Blog Posts

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

All Blog Posts

Critical Cisco ISE Vulnerabilities Lead to Unauthenticated RCE (CVE-2025-20281 & CVE-2025-20282)

Critical Vulnerability in MegaRAC BMC Added to CISA’s KEV: CVE-2024-54085

‘UMBRELLA STAND’ Malware Targets Fortinet FortiGate Firewalls

CVE-2025-49144: Privilege Escalation in Notepad++ Installer Enables Full SYSTEM Access

Our Red Team’s Favorite Penetration Testing Tools in 2025 (And How We Use Them)

New Linux Vulnerabilities (CVE-2025-6018 & CVE-2025-6019) Enable Full Root Access in Seconds

Zero to Hero: How Our Red Team Turned a Sticky Note Into Full Cloud Compromise

One-Third of All Grafana Instances Vulnerable to XSS (CVE-2025-4123)

New Microsoft Outlook Vulnerability Enables Local Code Execution (CVE-2025-47176)