Integrity360 Emergency Incident Response button Under Attack?

Threat Advisories

Threat Advisory: CVE-2025-33073 – Windows SMB Client Elevation of Privilege Vulnerability

CVE-2025-33073 is a critical vulnerability identified in Microsoft Windows Server Message Block (SMB) protocol implementations. This flaw stems from improper access control mechanisms, potentially allowing attackers to escalate privileges over a network to SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 8.8, indicating a high-severity risk. An update to address this issue was in Microsoft June Patch Tuesday.

Read More

Threat Advisory: CVE-2025-5063 and CVE-2025-5280

Summary 

Both high severity vulnerabilities reside in Google Chrome and are exploitable via a specially crafted HTML page. CVE-2025-5063 is a “Use after free” vulnerability that resides in the compositing subsystem of the browser whereby improper memory management when the browser renders layered page elements leads to a potential hijack of control flows during DOM manipulations. CVE-2025-5280 is an “out of bounds” exploit in the JavaScript V8 engine that could potentially allow arbitrary code to execute outside of the JavaScript sandbox, meaning it’s run natively on the target system. 

Read More
threat advisory

Threat Advisory: Critical 10.0 vulnerability in Erlang OTP SSH Implementation

A critical vulnerability in Erlang's Open Telecom Platform (OTP) SSH implementation has recently been published. OTP is a collection of middleware, libraries and tools written in the Erlang programming language and is used by a large number of global companies for communications. According to https://erlang-companies.org, companies that may be affected include Ericsson, T-Mobile, BT and Bet365 (that reportedly use it in it's live betting infrastructure) and major products that may be affected include WhatsApp, Klarna and Discord. 

Read More
threat advisory

Threat Advisory: Mitre's CVE Contract Renewed Last Minute

Foundational security organisation MITRE announced on the 15th April that the funding it received to maintain the CVE and CWE program would not be renewed. This was important, because MITRE, along with NIST and the CISA, are a huge contributor to the CVE program.

Read More
threat advisory

Threat Advisory: critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy productsC

This advisory highlights a critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products that is being actively exploited in the wild. The flaw allows unauthenticated remote code execution via the SSL VPN interface, potentially giving attackers full control over affected devices. With multiple versions impacted across FortiOS and FortiProxy, and threat actors reportedly selling related exploits on dark web forums, the risk of widespread exploitation is high. Fortinet strongly urges immediate patching and additional mitigation steps, making this advisory crucial for organisations relying on Fortinet products to secure their networks. 

Read More

Locations

Dublin, Ireland

London, United Kingdom

Stockholm, Sweden

Sofia, Bulgaria

Ludwigsburg, Germany

Madrid, Spain

Cape Town, South Africa

Johannesburg. South Africa

Kyiv, Ukraine

Naples, Italy

Vilnius, Lithuania

 

© 2025 Integrity360, All rights reserved