CYBER Threat Intelligence Reports
LATEST CTIs
CISA: Recently Patched Chrome Bug is Being Actively Exploited (CVE-2025-4664)
CVE-2025-4664 is a high-severity vulnerability in the Loader component of Google Chrome, caused by insufficient policy enforcement. Successful exploitation allows a remote attacker to leak…
Read more >
CVE-2024-38475: Actively Exploited Apache HTTP Server Vulnerability
A critical vulnerability in Apache’s mod_rewrite module allows attackers to exploit unsafe rewrite rules by crafting URLs that access unintended filesystem paths. This flaw, tracked…
Read more >
CVE-2025-31324 — SAP NetWeaver Visual Composer Metadata Uploader – Deserialization
Unauthenticated deserialization flaw in SAP NetWeaver (CVE-2025-31324) enables full remote code execution—OP Innovate’s dedicated WASP scanner is actively detecting exposures across enterprise environments.
Read more >
CVE-2025-31161: Critical Authentication Bypass in CrushFTP Exploited in the Wild
A critical authentication bypass vulnerability in CrushFTP, tracked as CVE-2025-31161, is being actively exploited in the wild. The flaw allows remote, unauthenticated attackers to impersonate…
Read more >
CVE-2025-34028: Unauthenticated Path Traversal in Commvault Command Center
On April 22, 2025, a critical path traversal vulnerability (CVE-2025-34028) was disclosed in Commvault Command Center Innovation Release 11.38. An unauthenticated attacker can upload a…
Read more >
Critical Vulnerability in ASUS Routers Using AiCloud (CVE-2025-2492)
A critical security flaw (CVE-2025-2492) has been discovered in ASUS routers running AiCloud, a feature that allows remote access to files and media via the…
Read more >
