Security Bulletin September 25

September 24, 2025

By Rodrigo Luna

NPM Compromises Expose Critical Weakness in the Software Supply Chain

In September 2025, two major NPM compromises exposed the fragility of the software supply chain—from phishing-driven credential theft to the wormable Shai-Hulud attack. This bulletin details how open-source trust was exploited and the risks for defenders.

March 20, 2025

By Rodrigo Luna

Remote Code Execution with Partial PUT on Apache Tomcat Instances

March 20, 2025

By Daniel Rogers

QakBot’s Modular Architecture and Evasion Techniques

March 11, 2025

By Aileen Ward

Apache Camel Message Header Injection via Improper Filtering

March 7, 2025

By Matthew Sparrow

Arbitrary Command Execution in Kibana

March 6, 2025

By Anna Balabusko

Zero-Day Vulnerabilities in VMware ESXi, Workstation and Fusion

February 20, 2025

By Anna Balabushko

Authentication Bypass Vulnerability in Palo Alto PAN-OS Management Interface

February 18, 2025

By Daniel Rogers

Rha-Rha-Rhadamanthys Stealer Expands Credential Theft And Persistence

February 14, 2025

By Daniel Rogers

Lumma Stealer Distributed Through Fake Reddit Domains

January 16, 2025

By Bruce Skillern

Fortinet Zero Day Authentication Bypass Grants Super Admin Access

Previous

1 2 3 4 5

Next