Attackers Leverage SharePoint Zero-Day RCE to Gain Complete Server Access
By Aileen Ward As of July 18, 2025, there has been a large-scale attempted exploitation of SharePoint on-prem instances that are vulnerable to an unauthenticated remote code execution (RCE) vulnerability chain. Vulnerabilities CVE-2025-53770 (SharePoint ToolShell Auth Bypass and RCE ) and CVE-2025-53771 (SharePoint ToolShell Path Traversal) were derivative CVEs created by Microsoft, and observed to […]
Critical NetScaler Flaw Exposes Sensitive Memory Contents to Remote Attackers
By Nithin Ravi CVE-2025-5777, nicknamed CitrixBleed 2, is a critical vulnerability observed since early June in Citrix Netscaler ADC and Gateway instances. Citrix has fixed this vulnerability in their latest update and it is recommended to immediately upgrade NetScaler ADC and NetScaler Gateway appliances to the recommended patched versions. With a 9.3 score on CVSS […]