When Legitimate Cloud Services Turn Malicious: Inside the Google Cloud Email Abuse Campaign Cyber Threat Intelligence AegironDecember 30, 2025December 30, 20256 mins0 Over the past 24 hours, incident responders and threat analysts have been tracking a phishing campaign that…continue reading..
High-Risk Vulnerabilities in Nagios XI Allow Authenticated Attackers to Access Data and System Files Threat Advisories AegironDecember 30, 2025December 30, 20259 mins0 CVE-2025-67255 Product: Nagios XIAffected Version: 2026R1.0.1 (Build 1762361101)Vulnerability Type: SQL InjectionCVSS v3.1 Score: 8.1Severity: HighAttack Vector: NetworkAuthentication…continue reading..
CVE-2025-68860 — Critical Authentication Bypass in WordPress Mobile Builder Plugin Threat Advisories CyberDefenderDecember 30, 2025December 30, 20254 mins0 Name: CVE-2025-68860 Type: Authentication Bypass (using alternate path or channel) Severity: Critical — CVSS v3.1 Base Score…continue reading..
CVE-2024-27480, CVE-2024-25183, CVE-2024-25182 in givanz VvvebJs 1.7.2 Vulnerabilities CyberDefenderDecember 30, 2025December 30, 202513 mins0 All three CVE entries affect givanz VvvebJs 1.7.2 (a web editor / web UI component). The three…continue reading..
CVE-2025-68562: One Upload, Total Takeover: How a MapSVG File Upload Bug Opens the Door to Web Shell Attacks Threat Advisories AegironDecember 30, 2025December 30, 20259 mins0 Overview CVE ID: CVE-2025-68562Affected Product: MapSVG (RomanCode WordPress plugin)Affected Versions: All versions up to and including 8.7.3Severity:…continue reading..
CVE-2025-15212 — SQL injection in code-projects Refugee Food Management System 1.0 Threat Advisories CyberDefenderDecember 30, 2025December 30, 202510 mins0 CVE-2025-15212 is a SQL injection vulnerability affecting Refugee Food Management System (version 1.0) distributed on code-projects. The…continue reading..
CVE-2025-15284: When a Safety Limit Isn’t a Safety Limit — Breaking qs Array Parsing Threat Advisories AegironDecember 30, 2025December 30, 20258 mins0 CVE ID: CVE-2025-15284Severity: HIGHCVSS Score: 7.5Impact: Availability (Denial of Service) Exploitability Summary This vulnerability allows attackers to…continue reading..
CVE-2025-23458 – Reflected Cross-Site Scripting (XSS) in Rakessh Ads24 Lite plugin for WordPress Threat Advisories CyberDefenderDecember 30, 2025December 30, 20253 mins0 CVE-2025-23458 is a high-severity vulnerability involving Improper Neutralization of Input During Web Page Generation, commonly known as…continue reading..
CVE-2025-23469 – Reflected Cross-Site Scripting (XSS) in Sleekplan WordPress plugin Threat Advisories CyberDefenderDecember 30, 2025December 30, 20253 mins0 CVE-2025-23469 is a Reflected Cross-Site Scripting (XSS) security issue found in versions up to and including 0.2.0…continue reading..
CVE-2025-23550 — Reflected Cross-Site Scripting (XSS) in WordPress “Product Puller” plugin Threat Advisories CyberDefenderDecember 30, 2025December 30, 20252 mins0 CVE-2025-23550 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the WordPress “Product Puller” plugin (developed by Kemal…continue reading..
