On July 7, 2025, a critical vulnerability in Wing FTP Server was actively exploited in the wild. Identified as CVE-2025-47812 and carrying a maximum CVSS score of 10.0, the flaw allows unauthenticated attackers to execute arbitrary system commands through the product’s web interface. Security researcher Julien Ahrens discovered the issue, which originates from improper null… Read More »Wing FTP Server Vulnerability (CVE-2025-47812)
Zero-day vulnerabilities are a serious threat to organizations all over the world in the consistently elevating field of cybersecurity. Recently, a critical vulnerability known as CVE-2025-48827 surfaced, leaving systems vulnerable to privilege escalation alongside remote code execution (RCE) attacks. This blog post provides an in-depth analysis of the vulnerability, a step-by-step exploitation guide, and actionable… Read More »Zero Auth, Full Control: Inside the Critical vBulletin CVE-2025-48827
This week’s intelligence reveals an escalation in targeted exploitation of emerging software flaws, novel stealthy attack techniques leveraging legitimate infrastructure, and politically driven data leaks orchestrated via dark web channels. Three high-severity vulnerabilities—affecting Langflow AI servers, Citrix NetScaler appliances, and default Linux configurations—have been weaponized in the wild. Attackers are also innovating with JavaScript-based credential… Read More »Weekly Report: New Hacking Techniques and Critical CVEs June 18–June 25, 2025
In April 2025, a critical pre-auth Remote Code Execution vulnerability, CVE-2025-34028, was discovered in Commvault Command Center. This vulnerability allows attackers to achieve remote code execution without authentication by exploiting an Server-Side Request forgery (SSRF) and a path traversal issue that enables uploading and executing malicious ZIP files. With a CVSS score of 10.0, this… Read More »Understanding CVE-2025-34028, Commvault’s Critical Pre-Auth RCE Vulnerability
Critical CVEs And Active Threats: Apache Kafka-Ui, Ivanti Multiple Product, J-Web of Juniper Networks Junos OS and More This week from January 29th to February 02nd, FireCompass research team identified a huge number of CVEs that are high in severity and ransomware, botnets, and threat actors creating havoc. Some of the CVEs identified are popular… Read More »Critical CVEs And Active Threats: Apache Kafka-Ui, Ivanti Multiple Product, J-Web of Juniper Networks Junos OS and More