News • Insights • Analysis
In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to Read More …
In March 2025, SysAid released updates addressing XML (extensible markup language) external entity vulnerabilities and an OS command injection vulnerability in its on-premise platform. SysAid is an IT service management platform. Cyber Security firm watchTowr Labs has released proof-of-concept exploit Read More …
Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. Read More …
The US Cybersecurity and Infrastructure Security Agency (CISA) released an Industrial Control Systems (ICS) Medical Advisory for a vulnerability found in MicroDicom DICOM Viewer. DICOM Viewer is an application for primary processing and preservation of medical images in DICOM format. Read More …
Hundreds of ecommerce websites, including at least one major player, behemoth, have been compromised after poisoned Magento extensions woke up from a six-year slumber. Cybersecurity researchers Sansec discovered the supply chain attack after one of its clients was targeted, ultimately Read More …
A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, Read More …
The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in the Metadata Uploader component of SAP NetWeaver Visual Composer, assessed its impact, and developed mitigation measures. SAP NetWeaver serves as a robust technology platform Read More …
In April 2024, Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to escape the App Sandbox and run unrestricted on the system. An attacker could create an exploit to escape the App Sandbox without user interaction Read More …
Agentic applications are programs that leverage AI agents — software designed to autonomously collect data and take actions toward specific objectives — to drive their functionality. As AI agents are becoming more widely adopted in real-world applications, understanding their security Read More …
On Thursday, April 24, enterprise resource planning company SAP published a CVE (and a day later, an advisory behind login) for CVE-2025-31324, a zero-day vulnerability in NetWeaver Visual Composer that carries a CVSSv3 score of 10. The vulnerability arises from Read More …
