Security Bulletin September 25

September 24, 2025

By Rodrigo Luna

NPM Compromises Expose Critical Weakness in the Software Supply Chain

In September 2025, two major NPM compromises exposed the fragility of the software supply chain—from phishing-driven credential theft to the wormable Shai-Hulud attack. This bulletin details how open-source trust was exploited and the risks for defenders.

August 28, 2025

By Bruce Skillern

Microsoft Exchange Hybrid Vulnerability Exposes Path to 365 Compromise

July 25, 2025

By Nithin Ravi

Critical NetScaler Flaw Exposes Sensitive Memory Contents to Remote Attackers

July 25, 2025

By Aileen Ward

Attackers Leverage SharePoint Zero-Day RCE to Gain Complete Server Access

July 24, 2025

By Bruce Skillern

Threat Actors Abuse NetBird in Spear-Phishing Campaign Targeting Finance Executives

July 16, 2025

By Daniel Rogers

Discord Invites Are Leveraged in Malware Distribution

July 16, 2025

By Bruce Skillern

Critical Unauthenticated RCE Vulnerabilities in Cisco ISE and ISE-PIC

July 9, 2025

By Anna Balabushko, Rodrigo Luna

Critical Remote Command Injection in Zyxel Firewalls

June 26, 2025

By Matthew Sparrow

Geopolitical Events and Security Awareness

June 17, 2025

By Anna Balabushko

Proof-of-Concept Exploit Observed for Critical Zero-Day

1 2 3 4 5

Next