TT-CSIRT – 449.22.08.25 – Microsoft 365 ADFS Exploit

TT-CSIRT – 449.22.08.25 – Microsoft 365 ADFS Exploit

Please be advised, a sophisticated phishing campaign have been uncovered, that exploits Microsoft’s Active Directory Federation Services (ADFS) to create legitimate-looking login URLs that redirect users to malicious credential-harvesting sites, effectively turning Microsoft’s own infrastructure into an unwitting accomplice in credential theft operations. Exploit Malicious Google ads clicked on by users who are then redirected […]

TT-CSIRT – 448.16.08.25 – Windows Out-of-Box-Experience (OOBE) Exploit

Be advised, a new security vulnerability has been identified to exploit Windows Out-of-Box-Experience (OOBE) that bypasses existing protections, granting administrative command line access to Windows machines. The vulnerability allows low-privileged domain users to effectively gain local administrative access. This technique works even when Microsoft’s recommended security measure, the DisableCMDRequest.tag file, is implemented to block the well-known […]

TT-CSIRT – 447.14.08.25 – Microsoft Office Vulnerabilities

Be advised, Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems.  The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect Microsoft Office versions 2016 – 2024, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 […]

TT-CSIRT – 446.07.08.25 – Privilege Escalation Vulnerability in Microsoft Exchange Hybrid Deployments

Please be advised of a high-severity vulnerability, CVE-2025-53786, affecting Microsoft Exchange hybrid deployments. This vulnerability allows a threat actor with administrative access to an on-premise Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. No active exploitation observed, but CISA urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance […]

TT-CSIRT – 445.06.08.25 – Critical RCE Vulnerabilities in Trend Micro Apex One (On-Premise) Management Console

Please be advised that Trend Micro has identified and issued mitigations for two critical command injection vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting the Apex One (On-Premise) Management Console. Both vulnerabilities may allow unauthenticated remote attackers to execute arbitrary commands on affected systems. Importantly, Trend Micro has observed active exploitation attempts in the wild (ITW) for at least […]

TT-CSIRT – 444.05.08.25 – Increased Threat Activity Targeting SSLVPN on Gen 7 SonicWall Firewalls

Please be advised that SonicWall has detected a substantial rise in cyber incidents within the past 4 days concerning Gen 7 SonicWall Firewalls that have SSL VPN activated. An ongoing investigation is being conducted to ascertain if the threat activity is associated with a previously disclosed vulnerability or a newly identified one. Impact Remote attackers […]

TT-CSIRT – 443.30.07.25 – Vulnerabilities found in some Dahua products

Please be advised that Dahua has released a security update to address two critical buffer overflow vulnerabilities CVE-2025-31700 and CVE-2025-31701 reported by the Bitdefender IoT Research Team. Impact Affected Products         CVE ID Affected Models Affected Version CVE-2025-31700 CVE-2025-31701 IPC-1XXX SeriesIPC-2XXX Series IPC-WX Series IPC-ECXX Series SD3A Series SD2A Series SD3D Series SDT2A Series SD2C Series […]

TT-CSIRT – 442.20.07.25 – SharePoint Vulnerability

Microsoft has advised of active attacks targeting on-premises SharePoint Server customers, SharePoint Online M365 is not impacted. The attacks are exploiting a variant of CVE-2025-49706 and being assigned CVE-2025-53770 with a patch currently not available. Currently the Microsoft team is actively working to release a security update and will provide additional details as they are […]

TT-CSIRT – 441.10.07.25 – Fortinet Security Advisories – SQL injection in GUI

Please be advised of the critical vulnerability CVE-2025-25257, which affects FortiWeb. This issue stems from improper handling of special characters in SQL commands, leading to a SQL Injection vulnerability (CWE-89). This vulnerability enables an attacker to execute unauthorized SQL code by sending specially crafted HTTP or HTTPS requests. Affected Versions and solutions: Version Affected Solution […]

TT-CSIRT – 439.09.04.25. Security Update – FortiSwitch Vulnerability

Please be advised that Fortinet has released a security update to address a critical vulnerability (CVE-2024-48887) found in the FortiSwitch GUI. This vulnerability could enable a remote unauthenticated attacker to alter admin passwords through a specifically designed request. Impact Affected Versions Version Affected Solution FortiSwitch 7.6 7.6.0 Upgrade to 7.6.1 or above FortiSwitch 7.4 7.4.0 […]