Cyber threats are evolving at breakneck speed, but the fundamental weaknesses attackers exploit remain strikingly unchanged. So far in 2025, many analysts have published landscape reviews of 2024 and outlooks for 2025. The cost of cyber breaches is ticking upwards, but overall, cyber breach root-causes have not changed. Phishing [T1566] and exploiting known software vulnerabilities […]
Every product has a due date, but customers often have little warning and no recourse when a vendor decides to sunset a product. Once a vendor designates a product as end-of-life (EOL) or end-of-service (EOS), managing associated risks becomes more complex. Risk is magnified when cyber criminals find and exploit vulnerabilities that will never be […]
Trimble Cityworks, an enterprise asset management (EAM) and public works management software is actively under attack. The campaign began as an unknown (zero-day) vulnerability, but is now tracked as CVE-2025-0994 with a CVSS of 8.6. The vulnerability is a deserialization flaw [CWE-502] that could allow an authenticated attacker to execute arbitrary code remotely (Remote Code […]
February 2025 Threat Report: Tectonic Technology
BlogCyber threats are evolving at breakneck speed, but the fundamental weaknesses attackers exploit remain strikingly unchanged. So far in 2025, many analysts have published landscape reviews of 2024 and outlooks for 2025. The cost of cyber breaches is ticking upwards, but overall, cyber breach root-causes have not changed. Phishing [T1566] and exploiting known software vulnerabilities […]
The “Perfect Storm” for Zyxel: EOL Routers and Ransomware Attacks
BlogEvery product has a due date, but customers often have little warning and no recourse when a vendor decides to sunset a product. Once a vendor designates a product as end-of-life (EOL) or end-of-service (EOS), managing associated risks becomes more complex. Risk is magnified when cyber criminals find and exploit vulnerabilities that will never be […]
Greenbone Detects CVE-2025-0994: Actively Exploited Flaw in Trimble Cityworks
BlogTrimble Cityworks, an enterprise asset management (EAM) and public works management software is actively under attack. The campaign began as an unknown (zero-day) vulnerability, but is now tracked as CVE-2025-0994 with a CVSS of 8.6. The vulnerability is a deserialization flaw [CWE-502] that could allow an authenticated attacker to execute arbitrary code remotely (Remote Code […]