Research Alerts
- CVE-2025-2825: Public exploit code has been released and in the wild exploitation has been observed for unpatched instances of CrushFTP
- CVE-2025-29927: Technical details are available for a critical Next.js authorization bypass flaw. Researchers are creating proof of concept exploits. Patching is strongly advised.
- CVE-2025-23120: Researchers detail Veeam Backup & Replication flaws and note PoC for CVE-2024-40711 can be modified to exploit this flaw. Apply available patches immediately.
- CVE-2025-31160: A CVE has been assigned for a denial of service flaw in atop that has been connected to a blog post warning from a reputable sysadmin. We are monitoring for more intel.
- CVE-2025-24514: We are monitoring a series of vulnerabilities in the Ingress NGINX Controller for Kubernetes, dubbed IngressNightmare. Organizations are advised to apply available patches.