NorDef SLA Feature for Vulnerability Tracking

Introducing the NorDef SLA Feature for Pentest Vulnerability Tracking

When managing Pentest vulnerabilities, time is always of the essence. Effective vulnerability management is more than just identifying risks; it’s about timely remediation to protect your organization from potential threats. To achieve this, teams require clear deadlines, transparency, and accountability—something traditional penetration testing methods often lack. In response to these challenges, we are excited to …

Introducing the NorDef SLA Feature for Pentest Vulnerability Tracking Read More »

Active Directory privilege escalation vulnerability

Microsoft Patches Active Directory Privilege Escalation Vulnerability

Microsoft has patched a privilege escalation vulnerability in Active Directory Domain Services, identified as CVE-2025-29810, during the April 2025 Patch Tuesday release. Technical Overview The vulnerability is caused by improper access control in Windows Active Directory Domain Services and falls under CWE-284: Improper Access Control. An authenticated attacker with low-level privileges on a domain-joined system …

Microsoft Patches Active Directory Privilege Escalation Vulnerability Read More »

CVE-2025-23120 Veeam Backup Vulnerability

CVE-2025-23120 Veeam Backup Vulnerability Allows Remote Code Execution

A critical security vulnerability, identified as CVE-2025-23120, affects Veeam Backup & Replication versions up to 12.3.0.310. This flaw allows authenticated domain users to execute arbitrary code remotely on domain-joined backup servers. Technical Details: Affected Versions: Impacted Systems: Mitigation: The vulnerability is patched in Veeam Backup & Replication 12.3.1 (build 12.3.1.1139). Users are advised to upgrade …

CVE-2025-23120 Veeam Backup Vulnerability Allows Remote Code Execution Read More »

Ingress NGINX Controller vulnerabilities

Critical Ingress NGINX Controller vulnerabilities disclosed in Kubernetes

On March 24, 2025, four critical Ingress NGINX Controller vulnerabilities were publicly disclosed. These flaws enable unauthenticated remote code execution (RCE), unrestricted access to secrets across all namespaces, and the possibility of full Kubernetes cluster takeover. Each vulnerability resides in the controller’s admission component, a service commonly exposed to the internet without authentication controls. Ingress …

Critical Ingress NGINX Controller vulnerabilities disclosed in Kubernetes Read More »

Next.js Middleware Auth Bypass Vulnerability Fixed (CVE-2025-29927)

Critical Next.js Middleware Auth Bypass Vulnerability (CVE-2025-29927)

A critical vulnerability in Next.js allows attackers to bypass middleware-based authorization checks in self-hosted applications using next start with output: standalone. Tracked as CVE-2025-29927, the flaw has a CVSS v3.1 score of 9.1 and impacts Next.js versions from 11.1.4 up to 13.5.6, 14.x before 14.2.25, and 15.x before 15.2.3. Affected Configurations Vulnerability Details The vulnerability …

Critical Next.js Middleware Auth Bypass Vulnerability (CVE-2025-29927) Read More »

On-Demand Pentest poster

On-Demand Pentest: Start Your Pentesting Any Time, Pause When You Need It

In today’s fast-paced digital landscape, cyber threats evolve rapidly, demanding immediate attention. Delays in identifying vulnerabilities can leave your systems exposed to significant risks. That’s why Nordic Defender’s NorDef platform offers unparalleled flexibility through its Crowd-Sourced on-demand pentest service. Whether you need to start immediately to minimize exposure or prefer to schedule your test at …

On-Demand Pentest: Start Your Pentesting Any Time, Pause When You Need It Read More »

VMware critical vulnerabilities patched

VMware Critical Vulnerabilities in ESXi, Workstation, and Fusion: Patches Released

VMware has released security updates to address multiple vulnerabilities affecting ESXi, Workstation, and Fusion. These flaws, tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, enable attackers to execute arbitrary code, escape the virtual machine sandbox, and leak sensitive memory data. Exploitation of these vulnerabilities has been observed in the wild. Affected Products: Vulnerability Details: Confirmed Exploitation VMware …

VMware Critical Vulnerabilities in ESXi, Workstation, and Fusion: Patches Released Read More »

NorDefs Fully Managed Pentesting as a Service

8 Ways NorDef’s Fully Managed Pentesting as a Service Solves What Others Overlook

In the ever-evolving landscape of cybersecurity, companies are constantly searching for efficient, cost-effective solutions to safeguard their digital assets. NorDef, Nordic Defender’s crowd-sourced platform, offers next-gen, fully managed penetration testing.  What truly sets NorDef apart from other Next-Gen Penetration Testing services, is its dedicated team of expert security engineers—known as moderators—who manage the entire pentesting …

8 Ways NorDef’s Fully Managed Pentesting as a Service Solves What Others Overlook Read More »

OpenSSH vulnerabilities - MITM & DoS CVE-2025

OpenSSH Vulnerabilities Expose Clients to MITM and DoS Attacks

Two security vulnerabilities have been identified in OpenSSH affecting both the client and server. These flaws, tracked as CVE-2025-26465 and CVE-2025-26466, enable attackers to impersonate servers and cause denial-of-service conditions. Both vulnerabilities have been present for extended periods, with mitigations available. CVE-2025-26465: MITM Attack on OpenSSH Client CVE-2025-26465 affects the OpenSSH client and enables a …

OpenSSH Vulnerabilities Expose Clients to MITM and DoS Attacks Read More »

PAN-OS authentication bypass vulnerability

Palo Alto PAN-OS Zero-Day Vulnerability Enables Authentication Bypass

Palo Alto Networks has disclosed a zero-day PAN-OS authentication bypass vulnerability, tracked as CVE-2025-010. The flaw allows attackers to access certain PHP scripts on the management web interface without authentication. It has been assigned a CVSS score of 8.8 and affects multiple PAN-OS versions. Vulnerability Overview The issue stems from missing authentication controls in the …

Palo Alto PAN-OS Zero-Day Vulnerability Enables Authentication Bypass Read More »