CYBER Threat Intelligence Reports
LATEST CTIs
CISA: Attackers Exploiting SysAid Vulnerabilities (CVE-2025-2775, CVE-2025-2776)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two SysAid On-Prem vulnerabilities, CVE-2025-2775 and CVE-2025-2776, to its Known Exploited Vulnerabilities (KEV) catalog, confirming…
Read more >
Critical Zero-Day in CrushFTP Exploited in the Wild (CVE-2025-54309)
A critical zero-day vulnerability in CrushFTP, CVE-2025-54309, is being actively exploited by threat actors to gain unauthenticated administrative access to vulnerable servers via HTTPS. The…
Read more >
Over 600 Laravel Applications Vulnerable to Remote Code Execution via Leaked APP_KEYs (CVE-2018-15133, CVE-2024-55556)
Security researchers have uncovered a major RCE threat affecting over 600 Laravel applications, triggered by leaked APP_KEYs found on public GitHub repositories. Laravel's APP_KEY, typically…
Read more >
CVE-2025-3648: “Count(er) Strike” Vulnerability in ServiceNow
CVE-2025-3648, dubbed “Count(er) Strike”, is a high-severity vulnerability (CVSS 8.2) in ServiceNow's Now Platform, discovered by Varonis Threat Labs. The flaw allows both authenticated and…
Read more >
CVE-2016-10033: Actively Exploited Remote Code Execution (RCE) Vulnerability in PHPMailer
CVE-2016-10033 is a critical remote code execution vulnerability in PHPMailer, a widely used PHP library for sending emails. The flaw lies in the mailSend function…
Read more >
High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)
A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in Wordpress, allows unauthenticated attackers to delete arbitrary files on the…
Read more >
