Google has confirmed that hackers have stolen the Salesforce-stored data of more than 200 companies in a large-scale supply chain hack.

Grafana Labs has disclosed a critical security vulnerability affecting Grafana Enterprise that could allow attackers to escalate privileges and impersonate users. The flaw, tracked as CVE-2025-41115, has received the maximum CVSS score of 10.0, making it one of the most severe vulnerabilities discovered in recent times.

Security researchers at Rapid7 have disclosed two critical authentication bypass vulnerabilities affecting Twonky Server version 8.5.2, a widely deployed DLNA/UPnP media server solution embedded in network-attached storage (NAS) devices, routers, set-top boxes, and residential gateways worldwide. These vulnerabilities enable unauthenticated remote attackers to gain complete administrative access to media server installations without requiring valid credentials or user interaction.

In today’s cybersecurity landscape, even the most routine online actions can hide devastating threats. A recent Akira ransomware attack demonstrates how a single click on what appeared to be a standard CAPTCHA verification led to a 42-day security nightmare that nearly crippled a global data storage company.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory regarding a critical vulnerability in Fortinet’s FortiWeb Web Application Firewall platform. Designated as CVE-2025-64446 with active exploitation confirmed in production environments, this security flaw presents an immediate and significant risk to organizations relying on FortiWeb for perimeter defense and application security.

A critical remote code execution vulnerability has been identified in pgAdmin4, the widely-deployed open-source administration platform for PostgreSQL database systems. Designated as CVE-2025-12762, this security flaw affects all versions through 9.9 and enables authenticated attackers to execute arbitrary commands on the underlying server infrastructure. With a CVSS score of 9.3, this vulnerability poses an immediate threat to enterprise database environments worldwide.

CISA Issues Urgent Warning as Unauthenticated Remote Code Execution Flaw Becomes Active Attack Vector for Cryptocurrency Mining and System Compromise

Executive Summary: A Perfect Storm of Vulnerability

On October 30, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) escalated its response to a critical security flaw in XWiki Platform, adding CVE-2025-24893 to its Known Exploited Vulnerabilities (KEV) catalog. This eval injection vulnerability has transformed from a theoretical threat into an active weapon in cybercriminal arsenals, with confirmed exploitation campaigns deploying cryptocurrency miners and establishing persistent backdoors across enterprise networks.