Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cybersecurity firm Trellix uncovered a sophisticated spear-phishing operation in late May 2025 that exploited NetBird, a legitimate open-source remote access platform, to infiltrate organizations worldwide.

CVE-2025-32756 is a critical remote code execution (RCE) vulnerability affecting multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. The flaw arises from a stack-based buffer overflow in the handling of the AuthHash cookie’s enc parameter within the /remote/hostcheck_validate HTTP endpoint.

Their domains typically follow repeatable patterns, such as dictionary words plus numeric suffixes (e.g., private-jets-99557bond). Additional variants use short alphanumeric suffixes or double dashes, complicating rule-based detection (Infoblox Blog, 2024). These syntactic variations often evade traditional string-matching techniques, requiring DNS-layer telemetry and clustering for full visibility (Infoblox Research Report, 2024).

CVE-2025-27007 is a critical unauthenticated privilege escalation vulnerability affecting the OttoKit WordPress plugin (formerly SureTriggers), which is used by over 100,000 websites for workflow automation and third-party integration. The vulnerability exists in the plugin’s create_wp_connection() function, which fails to properly verify user authentication when application passwords are not configured.

Magecart is a long-running digital skimming threat attributed to multiple financially motivated cybercriminal groups specializing in the theft of payment card data from e-commerce websites. First identified in 2015, Magecart attacks have continuously evolved, leveraging compromised third-party services, supply chain vulnerabilities, and increasingly sophisticated obfuscation tactics to inject malicious JavaScript skimmers into checkout pages.

Let’s be honest, keeping your business safe online feels like a never-ending race these days, especially for Small and Medium Enterprises (SMEs). At Intuity Technologies, we see it every day: the bad guys are getting smarter, faster, and ultimately relentless. With IT budgets often stretched thin, and the digital world constantly developing – it’s tougher than ever for SMEs to stay secure.

CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups.

On April 16, 2025, a critical moment unfolded in the cybersecurity world when the U.S. Department of Homeland Security’s funding for the Common Vulnerabilities and Exposures (CVE) Program, operated by MITRE, was set to expire. The CVE system is a globally relied-upon database for cataloging known cyber vulnerabilities and has been a cornerstone of vulnerability management for over 25 years since its public launch in 1999.

ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software updates, or fraudulent security prompts.

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.