CYBER Threat Intelligence Reports
LATEST CTIs
Critical Zero-Day in CrushFTP Exploited in the Wild (CVE-2025-54309)
A critical zero-day vulnerability in CrushFTP, CVE-2025-54309, is being actively exploited by threat actors to gain unauthenticated administrative access to vulnerable servers via HTTPS. The…
Read more >
Over 600 Laravel Applications Vulnerable to Remote Code Execution via Leaked APP_KEYs (CVE-2018-15133, CVE-2024-55556)
Security researchers have uncovered a major RCE threat affecting over 600 Laravel applications, triggered by leaked APP_KEYs found on public GitHub repositories. Laravel's APP_KEY, typically…
Read more >
CVE-2025-3648: “Count(er) Strike” Vulnerability in ServiceNow
CVE-2025-3648, dubbed “Count(er) Strike”, is a high-severity vulnerability (CVSS 8.2) in ServiceNow's Now Platform, discovered by Varonis Threat Labs. The flaw allows both authenticated and…
Read more >
CVE-2016-10033: Actively Exploited Remote Code Execution (RCE) Vulnerability in PHPMailer
CVE-2016-10033 is a critical remote code execution vulnerability in PHPMailer, a widely used PHP library for sending emails. The flaw lies in the mailSend function…
Read more >
High-Severity WordPress Vulnerability in Forminator Plugin (CVE-2025-6463)
A critical vulnerability in the Forminator plugin, one of the most popular form-building plugins in Wordpress, allows unauthenticated attackers to delete arbitrary files on the…
Read more >
CVE-2025-6554: Chrome V8 Zero-Day Exploited in the Wild
On June 30, 2025, Google issued an emergency patch for a critical zero-day vulnerability in its Chrome browser, tracked as CVE-2025-6554. The flaw resides in…
Read more >
