CYBER Threat Intelligence Reports
LATEST CTIs
Critical RCE in CentOS Web Panel (CVE-2025-48703)
CVE-2025-48703 is a critical unauthenticated remote-code-execution (OS command injection) vulnerability in Control Web Panel (CWP / CentOS Web Panel) that allows attackers to inject shell…
Read more >
Actively Exploited Critical Vulnerability in Post SMTP Plugin for WordPress: CVE-2025-11833
A critical vulnerability (CVE-2025-11833) in the widely used Post SMTP WordPress plugin is being actively exploited to hijack administrator accounts and gain full control of…
Read more >
Malicious npm Packages Target Developers with Multi-OS Info-Stealer Payloads
A new software supply-chain attack has been uncovered involving ten malicious npm packages designed to steal developer credentials across Windows, macOS, and Linux systems. These…
Read more >
CVE-2025-59287: WSUS Remote Code Execution
CVE-2025-59287 is a critical remote code execution (RCE) vulnerability in the Windows Server Update Services (WSUS) role. An attacker who can reach a WSUS server…
Read more >
CVE-2025-33073: Windows SMB Client Improper Access Control Added to CISA’s KEV
CVE-2025-33073 is a high-severity vulnerability in the Windows SMB client that enables an authenticated remote attacker to escalate privileges to NT AUTHORITY\SYSTEM by abusing a…
Read more >
F5 Breach: Source Code & Vulnerabilities Stolen by Nation-State Actor
In August 2025, U.S. cybersecurity vendor F5 Networks uncovered a long-term intrusion by a nation-state-linked threat actor that compromised its BIG-IP product development and engineering…
Read more >
