Sign in Subscribe

ThreatGrid Team

Atlassian Confluence Data Exposure (CVE-2025-21984): Sensitive Wiki Content at Risk

Atlassian Confluence Data Exposure (CVE-2025-21984): Sensitive Wiki Content at Risk

Atlassian has patched a Confluence flaw that could let attackers read private wiki pages without proper permissions. CVE-2025-21984 poses serious data leakage risks for organizations that store sensitive information in Confluence.

Fortinet FortiOS Buffer Overflow (CVE-2025-14982): Critical RCE Risk for Firewalls

Fortinet FortiOS Buffer Overflow (CVE-2025-14982): Critical RCE Risk for Firewalls

Fortinet has patched a critical SSL VPN buffer overflow in FortiOS that could let attackers take over firewalls without authentication. CVE-2025-14982 is internet-exploitable, making quick mitigation essential.

Cisco Secure Client Privilege Escalation (CVE-2025-31125): What You Need to Know

Cisco Secure Client Privilege Escalation (CVE-2025-31125): What You Need to Know

Cisco has patched a high-severity flaw in Secure Client for Windows that could let attackers gain SYSTEM privileges. CVE-2025-31125 is already being targeted in the wild, making rapid patching critical.

Critical Erlang OTP SSH Daemon Zero-Day Exploited in OT Networks (CVE-2025-32433)

Critical Erlang OTP SSH Daemon Zero-Day Exploited in OT Networks (CVE-2025-32433)

A severe remote code execution zero-day—CVE-2025-32433—has been actively exploited in critical infrastructure environments via Erlang’s OTP SSH daemon. Operators must patch immediately and monitor OT environments for signs of post-exploit activity.

Inside Ransomware-as-a-Service: How Affiliates and Developers Collaborate in the Shadows

Inside Ransomware-as-a-Service: How Affiliates and Developers Collaborate in the Shadows

Ransomware-as-a-Service has industrialized cybercrime, enabling affiliates to launch attacks with ease. Discover how this underground economy operates and what organizations can do to defend themselves.

Zero Trust in 2025: Building Resilient Architectures for Hybrid Cloud Environments

Zero Trust in 2025: Building Resilient Architectures for Hybrid Cloud Environments

Zero Trust is essential for securing today’s hybrid cloud environments. This article explores the core principles, challenges, and future trends driving Zero Trust adoption in 2025 and beyond.

The Rise of AI-Driven Phishing: How to Detect and Defend Against Deepfake Social Engineering

The Rise of AI-Driven Phishing: How to Detect and Defend Against Deepfake Social Engineering

AI-powered deepfake phishing attacks are becoming increasingly sophisticated, making it harder for individuals and organizations to detect fraud. Learn how to identify and defend against these next-generation social engineering threats.