Posts for category: Vulnerabilities Weekly Summaries

Exploitation of Palo Alto Networks–CVE-2025-108

Christian Mary Lagua - 2/28/2025

Executive Summary On February 12, 2025, a critical authentication bypass vulnerability, CVE-2025-0108, was discovered in Palo Alto’s PAN-OS. With a common vulnerability score of 8.8, the ...

Zero Day 7-Zip Vulnerability exploited to target Ukrainian Organizations

Christian Mary Lagua - 2/21/2025

Executive Summary On October 1, 2024, a severe vulnerability was discovered in 7-Zip. The weakness allows homoglyph attacks by circumventing the Mark-of-the-Web (MOTW) security mechanism. This zero ...

Windows NTLM v1 Elevation of Privilege Vulnerability

Christian Mary Lagua - 2/14/2025

Executive Summary On January 13, 2025, a critical elevation of privilege vulnerability, CVE-2025-21311, was discovered in the NTLMv1 authentication protocol used by Windows. This vulnerability ...

Windows OLE RCE Vulnerability

Christian Mary Lagua - 2/6/2025

Executive Summary On January 14, 2025, a critical Remote Code Execution (RCE) vulnerability, CVE-2025-21298, affected the Windows Object Linking and Embedding (OLE). This vulnerability involves ...

Subaru’s STARLINK Vulnerability

Christian Mary Lagua - 2/6/2025

Executive Summary On November 20, 2024, a vulnerability was discovered in Subaru’s STARLINK vehicle service. This gave unauthorized access to sensitive user data such as Personally Identifiable ...

CVE-2014-2120 Exploited a Decade Later

Kalani Anderson - 12/6/2024

Executive Summary On December 2, 2024 CISCO disclosed on their security advisory page that a vulnerability first discovered on March 18, 2014 was actively being exploited in the wild.  The ...

Oracle Agile PLM Vulnerability

Kalani Anderson - 11/22/2024

Executive Summary On November 18, 2024 Oracle disclosed in a security advisory that they had discovered a vulnerability in their Agile Product Lifecycle Management (PLM) Framework.  The ...

HPE Critical RCE Vulnerability

Kalani Anderson - 11/15/2024

Executive Summary On November 11, 2024, Hewlett Packard Enterprise (HPE) released a security patch to address several critical vulnerabilities impacting their Aruba Networking Access Point ...

Synology NAS Zero-Day Vulnerability

Kalani Anderson - 11/8/2024

Executive Summary On November 1, 2024, it was publicly disclosed that Synology’s NAS devices contained a critical vulnerability which was easily exploitable.  The Critical Zero-Click ...

Continued Exploit of SonicWall Vulnerability in Ransomware Attacks

Kalani Anderson - 11/1/2024

Executive Summary On August 21, 2024, SonicWall disclosed in a security advisory a vulnerability relating to its SonicOS management access and SSLVPN services, providing threat actors with ...