Cloudflare WAF Zero-Day Allowed Origin Server Bypass Credited by Freepik VTA-004553 – Cloudflare WAF Zero-Day Allowed Origin Server Bypass Security researchers uncovered a critical zero-day flaw in Cloudflare’s Web Application Firewall that allowed attackers to bypass security controls and directly … Read More
VTA
Critical Token Validation Vulnerability in Azure Windows Admin Center Enabling Tenant-Wide Remote Code Execution
Critical Token Validation Vulnerability in Azure Windows Admin Center Enabling Tenant-Wide Remote Code Execution Credited by Freepik VTA-004552 – Critical Token Validation Vulnerability in Azure Windows Admin Center Enabling Tenant-Wide Remote Code Execution CVE-2026-20965 represents a high-severity vulnerability in the … Read More
Ni8mare Flaw Exposes n8n Automation Servers to Unauthenticated Takeover
Ni8mare Flaw Exposes n8n Automation Servers to Unauthenticated Takeover Credited by Freepik VTA-004551 – Ni8mare Flaw Exposes n8n Automation Servers to Unauthenticated Takeover A critical vulnerability in n8n, a widely used open-source workflow automation platform that connects applications, APIs and internal services to streamline … Read More
Old Fortinet VPN Bug Resurfaces as Active 2FA Bypass Threat
Old Fortinet VPN Bug Resurfaces as Active 2FA Bypass Threat Credited by Freepik VTA-004550 – Old Fortinet VPN Bug Resurfaces as Active 2FA Bypass Threat An ongoing campaign exploiting a long-standing vulnerability in Fortinet’s FortiOS and FortiProxy products enables attackers to bypass two-factor … Read More
ERRTraffic Scales ClickFix Attacks Through Deceptive Web Errors
ERRTraffic Scales ClickFix Attacks Through Deceptive Web Errors Credited by Freepik VTA-004549 – ERRTraffic Scales ClickFix Attacks Through Deceptive Web Errors New service dubbed ERRTraffic is accelerating and industrializing the distribution of the already prolific ClickFix malware by leveraging deceptive browser behavior. Threat actors … Read More
PowerShell Malware Distributed Through Impersonated Microsoft Activation Sites
PowerShell Malware Distributed Through Impersonated Microsoft Activation Sites Credited by Freepik VTA-004548 – PowerShell Malware Distributed Through Impersonated Microsoft Activation Sites A typosquatted domain mimicking the popular Microsoft Activation Scripts (MAS) tool has emerged as a clever trap for Windows … Read More
Active Attacks Target Weak Cryptography in Gladinet File-Access Products
Active Attacks Target Weak Cryptography in Gladinet File-Access Products Credited by Freepik VTA-004547 – Active Attacks Target Weak Cryptography in Gladinet File-Access Products Huntress has uncovered active exploitation of a critical flaw in Gladinet’s CentreStack and Triofox file-sharing platforms, where … Read More
Shanya The Silent Engine Behind Modern Stealth Attacks
Shanya The Silent Engine Behind Modern Stealth Attacks Credited by Freepik VTA-004546 – Shanya The Silent Engine Behind Modern Stealth Attacks Shanya, a sophisticated packer-as-a-service (PaaS) advertised as VX Crypt, has quickly become a go-to tool for ransomware operators seeking to evade endpoint detection … Read More
Critical React2Shell Vulnerability (CVE-2025-66478) Enables Remote Code Execution in Next.js Applications
Critical React2Shell Vulnerability (CVE-2025-66478) Enables Remote Code Execution in Next.js Applications Credited by Freepik VTA-004545 – Critical React2Shell Vulnerability (CVE-2025-66478) Enables Remote Code Execution in Next.js Applications The React2Shell vulnerability (CVE-2025-66478) exposes a critical remote code execution flaw in Next.js … Read More