A recent Palo Alto Networks data breach has exposed customer records and support cases after attackers exploited compromised OAuth tokens from the Salesloft Drift supply chain attack. How the Breach Happened The attackers used stolen authentication tokens to access the company’s Salesforce CRM environment, exfiltrating data such as business contacts, account information, and case records. …

Palo Alto Networks Data Breach Linked to Stolen OAuth Tokens Read More »

The China-linked APT group Salt Typhoon has carried out widespread cyber espionage campaigns, exploiting flaws in edge network devices to infiltrate more than 600 organizations across 80 countries. Global Targets of Salt Typhoon According to a joint cybersecurity advisory backed by 13 nations, Salt Typhoon has been active since at least 2019, compromising telecommunications, government, …

Salt Typhoon Edge Device Attacks Breach 600 Global Organizations Read More »

Cisco has issued urgent security patches for a critical Cisco FMC RADIUS vulnerability that received the maximum CVSS score of 10.0. The flaw, tracked as CVE-2025-20265, affects the RADIUS subsystem in Secure Firewall Management Center (FMC) Software and could let unauthenticated attackers execute arbitrary code remotely. Details of the Cisco FMC RADIUS Vulnerability The vulnerability …

Cisco FMC RADIUS Vulnerability Exposes Systems to Remote Code Execution Read More »

A critical privilege escalation issue, known as the BadSuccessor vulnerability in Windows Server 2025, poses a significant threat to Active Directory (AD) environments. This flaw exploits the newly introduced delegated Managed Service Accounts (dMSAs) feature, enabling attackers to impersonate any AD user, including domain administrators, without altering existing accounts or group memberships. Understanding the BadSuccessor …

BadSuccessor Vulnerability in Windows Server 2025 Allows AD User Impersonation Read More »

A critical vulnerability in VMware vCenter Server has been disclosed by VMware. Tracked as CVE-2025-41225, the flaw allows authenticated users to execute arbitrary system commands by leveraging the alarm script feature. The issue is classified as high severity and affects multiple VMware platforms. Vulnerability Summary: The VMware vCenter Server command execution vulnerability is caused by …

Authenticated Command Execution Flaw in VMware vCenter Server (CVE-2025-41225) Read More »

FortiOS authentication bypass vulnerabilities can expose critical infrastructure to administrative compromise. A newly disclosed flaw, CVE-2025-22252, affects multiple Fortinet products configured to use TACACS+ with ASCII authentication. The issue allows attackers to bypass login mechanisms and gain privileged access, putting entire network environments at risk. Vulnerability Summary Affected Products and Versions Fortinet confirms the following …

Authentication Bypass in FortiOS Affects TACACS+ Configurations Read More »

Microsoft’s May 2025 Patch Tuesday addressed two critical Windows RDP Buffer Overflow vulnerabilities, identified as CVE-2025-29966 and CVE-2025-29967. Both enable remote code execution over the network through heap memory corruption. Both flaws are classified under CWE-122: Heap-based Buffer Overflow. Affected Components The vulnerabilities exist across multiple Windows OS versions that support RDP, including client and …

Windows RDP Buffer Overflow Enables Remote Code Execution Read More »

F5 has disclosed a high-severity F5 BIG-IP command injection vulnerability identified as CVE-2025-31644, affecting BIG-IP systems operating in Appliance mode. The flaw allows authenticated administrators to execute arbitrary system commands with root privileges. Vulnerability Summary The vulnerability stems from improper input handling in an undisclosed iControl REST API endpoint and the “save” command in TMOS …

F5 BIG-IP Command Injection Exploit Targets iControl REST and tmsh Read More »

CVE-2025-22247 is a moderate-severity vulnerability in VMware Tools affecting versions 11.x.x and 12.x.x on Windows and Linux. It enables low-privileged users within a guest virtual machine to tamper with local files, triggering insecure file operations. macOS is not affected. Vulnerability Summary The flaw resides in the way VMware Tools handles file operations initiated from within …

VMware Tools File Tampering Vulnerability Affects Guest VMs Read More »