Under Attack?
Threat advisory: multiple critical remote code execution vulnerabilities affecting Microsoft windows platforms
advisory ID: ADV-2025-ALL-05
date issued: 14 May 2025
severity: Critical (CVE-2025-29966), High (CVE-2025-30397)
CVSs scores:
Posts by:
The Integrity360 Team
CVE-2025-3248 - RCE flaw in Langflow framework for building AI agents exploited by attackers
CVSS Base Score: 9.8 CRITICAL
Integrity360 expands into France with acquisition of Holiseum a leading cyber security specialist for critical and industrial Infrastructure
Holiseum will form a new Integrity360 services practice focused on OT/IoT and as a regional hub for the group in France
Top cyber security trends to watch in 2025: Insights & predictions
As the cyber threat landscape evolves, staying ahead of emerging risks is crucial. Discover the key trends shaping cyber security in 2025 and how to prepare.
LDAPNightmare: Windows LDAP vulnerability demands immediate attention
When a new security vulnerability emerges, there’s often a small window of time to respond before attackers start exploiting it in the wild. For LDAPNightmare (CVE-2024-49112), that window is quickly closing.
16 Critical Vulnerabilities Fixed: Immediate Patching Recommended
Microsoft’s latest Patch Tuesday release addressed 16 critical vulnerabilities, all classified as remote code execution flaws—a stark reminder of the importance of proactive patch management.
Threat Advisory Veeam critical RCE Bug in service provider console (VSPC)
The recently discovered vulnerabilities in Veeam Service Provider Console, tracked as CVE-2024-42448 and CVE-2024-42449, have been classified as critical and high severity. If exploited, these vulnerabilities could severely undermine system integrity and operational security, jeopardising sensitive data and backup operations.
Can your company spot an insider threat before it’s too late?
If you were to look at a stock image of a hacker, it would show a hooded figure hunched over the desk who’s lost in the sea of green text and numbers that flash across the screen.
Advisory: Crowdstrike update causing Blue Screen of Death
Issue Overview and Impact
CVE-2024-24919 Information Disclosure Vulnerability in Check Point Firewall Products
CVE-2024-24919 is a critical information disclosure vulnerability in Check Point Security Gateways which have remote access VPN or mobile access software enabled.
How Managed Detection and Response can facilitate PCI DSS Compliance
With more and more businesses embracing digital transformation, the importance of data security, particularly in online transactions, has never been greater. The Payment Card Industry Data Security Standard (PCI DSS) stands as a benchmark for securing payment card data. Compliance with PCI DSS is mandatory for all businesses handling card payments, ensuring the confidentiality, integrity, and availability of cardholder data.
How to effectively use Vulnerability Management in cyber security
With new vulnerabilities being discovered every day the issue of vulnerability management has never been more important. Cyber threats are evolving at a rapid pace, often leaving cyber security researchers struggling to keep up. To avoid the worst case scenarios businesses must understand how to identify, prioritise, and mitigate vulnerabilities before they can be exploited by adversaries. This is where vulnerability management comes in, but how can it be used effectively?
