fp-5b

High-severity CVE-2025-61884 (CVSS 7.5) in Oracle E-Business Suite's Configurator allows unauthenticated HTTP attacks to access sensitive data (versions 12.2.3-12.2.14). Follows Cl0p-linked CVE-2025-61882 exploits—apply updates, segment networks, and scan for vulnerabilities now.

Unspecified flaw in Oracle E-Business Suite's BI Publisher Integration allows unauthenticated HTTP attacks to hijack Concurrent Processing, exploited in ransomware campaigns. Apply patches, follow BOD 22-01 guidance, or discontinue use to protect enterprise operations from data encryption and downtime.

DeepMind's CodeMender uses Gemini models to spot, patch, and rewrite vulnerable code, upstreaming 72 fixes to OSS projects. Google launches AI VRP for threat reports up to $30K and updates SAIF v2 to combat AI risks like prompt injections—empowering developers against cyber threats.

Cybercriminals leverage Dynamic DNS services to evade detection and build persistent command-and-control networks, abusing 70,000+ domains with minimal oversight. APT groups like Fancy Bear and Chinese hackers use obfuscation and rotations—defenders face growing challenges in mitigation.

CISA details threat actors exploiting CVE-2024-36401 in GeoServer for initial access to a U.S. federal network on July 11, 2024, using webshells, dirtycow escalation, and lateral movement—undetected until July 31. Key lessons: Immediate KEV patching, enhanced IR plans, and continuous EDR monitoring.

A deserialization of untrusted data vulnerability in Dassault Systèmes DELMIA Apriso could allow remote code execution. Learn recommended actions to protect your systems.

Discover critical vulnerabilities in Citrix Session Recording that pose risks to organizations. Learn about improper privilege management and deserialization flaws, along with recommended mitigation actions.

A critical vulnerability in GitHub Copilot (CVE-2025-53773) enables remote code execution through prompt injection attacks, compromising developers' machines. Learn how this flaw works and its implications.

Two critical zero-day vulnerabilities in Trend Micro Apex One (on-prem) devices, CVE-2025-54948 and CVE-2025-54987, are being exploited in the wild. Learn about their impact and mitigation strategies.

Learn about the critical vulnerability in D-Link DNR-322L that allows code downloads without integrity checks. Discover recommended actions to secure your device.