Be advised, Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems. The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect Microsoft Office versions 2016 – 2024, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 […]
Please be advised of a high-severity vulnerability, CVE-2025-53786, affecting Microsoft Exchange hybrid deployments. This vulnerability allows a threat actor with administrative access to an on-premise Exchange server to escalate privileges by exploiting vulnerable hybrid-joined configurations. No active exploitation observed, but CISA urges organizations to implement Microsoft’s Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability guidance […]
Please be advised that Trend Micro has identified and issued mitigations for two critical command injection vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting the Apex One (On-Premise) Management Console. Both vulnerabilities may allow unauthenticated remote attackers to execute arbitrary commands on affected systems. Importantly, Trend Micro has observed active exploitation attempts in the wild (ITW) for at least […]
Please be advised that SonicWall has detected a substantial rise in cyber incidents within the past 4 days concerning Gen 7 SonicWall Firewalls that have SSL VPN activated. An ongoing investigation is being conducted to ascertain if the threat activity is associated with a previously disclosed vulnerability or a newly identified one. Impact Remote attackers […]
Please be advised that Dahua has released a security update to address two critical buffer overflow vulnerabilities CVE-2025-31700 and CVE-2025-31701 reported by the Bitdefender IoT Research Team. Impact Affected Products CVE ID Affected Models Affected Version CVE-2025-31700 CVE-2025-31701 IPC-1XXX SeriesIPC-2XXX Series IPC-WX Series IPC-ECXX Series SD3A Series SD2A Series SD3D Series SDT2A Series SD2C Series […]
Microsoft has advised of active attacks targeting on-premises SharePoint Server customers, SharePoint Online M365 is not impacted. The attacks are exploiting a variant of CVE-2025-49706 and being assigned CVE-2025-53770 with a patch currently not available. Currently the Microsoft team is actively working to release a security update and will provide additional details as they are […]
Please be advised of the critical vulnerability CVE-2025-25257, which affects FortiWeb. This issue stems from improper handling of special characters in SQL commands, leading to a SQL Injection vulnerability (CWE-89). This vulnerability enables an attacker to execute unauthorized SQL code by sending specially crafted HTTP or HTTPS requests. Affected Versions and solutions: Version Affected Solution […]
Please be advised that Fortinet has released a security update to address a critical vulnerability (CVE-2024-48887) found in the FortiSwitch GUI. This vulnerability could enable a remote unauthenticated attacker to alter admin passwords through a specifically designed request. Impact Affected Versions Version Affected Solution FortiSwitch 7.6 7.6.0 Upgrade to 7.6.1 or above FortiSwitch 7.4 7.4.0 […]
TTCSIRT has been made aware of an ongoing WhatsApp phishing campaign targeting users. Attackers are impersonating known contacts to trick victims into compromising their accounts. Methods of Attack: Deceptive Message: Victims receive messages from seemingly legitimate contacts, often requesting a favor or vote. This message may look like the following: “Blessings hope all is well […]
Please be advised of the following critical Microsoft SharePoint vulnerability, CVE-2024-38094, has been listed by our partners at the Cybersecurity & Infrastructure Security Agency (CISA) in their “Known Exploited Vulnerabilities Catalogue”. TTCSIRT encourages administrators to visit the following link for more information and take necessary actions immediately: CVE-2024-38094 – Security Update Guide – Microsoft – […]
