On December 3rd 2025, a new maximum CVSS software flaw affecting React (aka ReactJS), exploded onto the cybersecurity landscape. Dubbed React2Shell, CVE-2025-55182 is already actively exploited. Users are urged to verify their exposure and patch immediately if affected. React is the most popular JavaScript library for building modern web-application user interfaces (UIs) implying that the […]
Was November 2025 a quiet month for cyber security? No, of course not. Fallout from the Oracle EBS ransomware campaigns, which began in October, was widespread; over 29 organizations have been claimed by the Cl0p syndicate alone, with over 100 victims in total. This included Envoy Air (an American Airlines subsidiary), Cox Enterprises, Logitech, Harvard […]
Just over 4,100 new CVEs emerged in October 2025, representing new attack surfaces and placing pressure on defenders to identify and patch. For operational resilience, organizations need to scan their IT infrastructure often and prioritize mitigation efforts. A free trial of Greenbone’s OPENVAS BASIC lets defenders scan their enterprise IT estate and stay on top […]
Discussion of a new security issue affecting Fortinet’s FortiWeb began circulating online in early October 2025, when cyber deception firm Defused reported capturing a working exploit via honeypot. FortiWeb is Fortinet’s web application firewall (WAF) platform, designed to shield web applications from malicious activity. For over one month, Defused’s revelation mostly lurked in the shadows; […]
In total, just over 4,500 CVEs were published in September, exposing defenders to new risk. For operational resilience, organizations need to scan their IT infrastructure to identify where hidden risk could impact their operations. A free trial of Greenbone’s OPENVAS BASIC allows defenders to scan their enterprise IT infrastructure to stay on top of emerging […]
On September 25, 2025, three new CVEs affecting Cisco networking products exploded onto the global cyber security landscape. Two of these were actively exploited as zero-days prior to their disclosure. Greenbone now includes detection tests for all three new high-risk CVEs in the OPENVAS ENTERPRISE FEED. CVE-2025-20333 (CVSS 9.9) and CVE-2025-20362 (CVSS 6.5) affect the […]
CVE-2025-10035 (CVSS 10.0) is a new critical severity vulnerability in Fortra GoAnywhere MFT (Managed File Transfer). This maximum-risk CVE could provide attackers with unauthenticated remote command execution (RCE). Greenbone can detect vulnerable systems and all users should patch with urgency. GoAnywhere MFT is a centralized Managed File Transfer (MFT) platform enabling file exchanges between business […]
CVE-2025-54236 (CVSS 9.1) is an account-takeover flaw that may result in unauthenticated remote code execution (RCE) under certain conditions. Dubbed “SessionReaper”, CVE-2025-54236 affects Adobe Commerce, Adobe Commerce B2B, and Magento Open Source web applications. The root cause is Improper Input Validation [CWE-20] in the REST API. Adobe’s official advisory describes the issue as a security […]
The August 2025 Threat Report underscores how quickly high-risk vulnerabilities can shift from disclosure to active exploitation. Citrix, Fortinet, N-able, and Trend Micro flaws were weaponized within days. Other critical flaws in highly targeted software, such as Microsoft Exchange, emerged. Mainstream enterprise applications, such as Docker Desktop, Git, and Zoom, were also exposed to new […]
The July 2025 Threat Report takes a broad approach, covering some of the top cyber threats from the past month. The Microsoft SharePoint flaw titles “ToolShell” dominated the headlines; see our alert on ToolShell for a detailed analysis. Over 4,000 CVEs were published last month; almost 500 of them were rated Critical, with CVSS over […]
