CYBER Threat Intelligence Reports
LATEST CTIs
CISA: SonicWall VPN Vulnerability Actively Exploited in Attacks (CVE-2021-20035)
On April 16, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-20035 to its Known Exploited Vulnerabilities (KEV) catalog following confirmed reports of…
Read more >
Maximum Severity Vulnerability Discovered in Apache Parquet (CVE-2025-30065)
A maximum severity vulnerability (CVSS 10.0) has been discovered in Apache Parquet, a columnar storage format used extensively in big data platforms like Spark, Hadoop,…
Read more >
High-Risk Authentication Bypass Vulnerability in VMWare Tools (CVE-2025-22230)
A new high-severity vulnerability (CVE-2025-22230) has been disclosed in VMware Tools for Windows. The flaw allows a local user with non-administrative privileges to bypass authentication…
Read more >
WordPress Sites Targeted in “DollyWay” Malware Campaign
GoDaddy security researchers are warning against a sophisticated and long-running malware operation known as "DollyWay," which has compromised over 20,000 WordPress sites worldwide, redirecting unsuspecting…
Read more >
Untracked Windows Vulnerability Exploited by Nation-State Actors (ZDI-CAN-25373)
A newly discovered Windows zero-day vulnerability, ZDI-CAN-25373, has been actively exploited by nation-state actors from North Korea, Iran, Russia, and China for at least eight…
Read more >
Critical PHP RCE Vulnerability Exploited in the Wild (CVE-2024-4577)
A critical remote code execution (RCE) vulnerability, CVE-2024-4577, impacting Windows-based PHP installations configured to use PHP-CGI, is actively being exploited. This PHP-CGI argument injection flaw…
Read more >
