Research Alerts
- CVE-2025-22457: Researchers identified zero-day exploitation of this flaw by threat actor UNC5221 to deploy malware. Organizations are advised to patch immediately.
- CVE-2025-2825: Public exploit code has been released and in the wild exploitation has been observed for unpatched instances of CrushFTP
- CVE-2025-29927: Technical details are available for a critical Next.js authorization bypass flaw. Researchers are creating proof of concept exploits. Patching is strongly advised.
- CVE-2025-30065: Maximum severity flaw (CVSS 10.0) disclosed. Exploitation requires an attacker to trick a vulnerable system into reading a specially crafted file. Monitoring for PoC exploits.
- CVE-2025-31160: A CVE has been assigned for a denial of service flaw in atop that has been connected to a blog post warning from a reputable sysadmin. We are monitoring for more intel.