Threat Advisories

What is NPM? 

SalesLoft Drift is an AI-powered chat tool which interacts with Salesforce and is used by a number of large business for providing automated business support to customers. Beginning on August 08th 2025, attackers were able to compromise this tool with the objective of performing data theft.

Path transversal vulnerabilities (CVE-2025-8088) in the popular compression tool WinRAR first disclosed in July 2025 are reportedly being abused by suspected nation state threat actors in order to deploy malware.

Citrix NetScaler has had a difficult summer, with the vulnerability “CitrixBleed 2” being disclosed in July 2025 (a critical vulnerability causing memory exposure leaking sensitive information). However, this is not the end, as another critical vulnerability (CVE-2025-7775) was disclosed yesterday on the 26th of August. Because Citrix devices are normally public facing, the likelihood of exploitation in the wild increases significantly. In fact, both vulnerabilities have been actively exploited, according to Citrix. 

A newly disclosed critical security flaw (CVE-2025-20265) has been identified in multiple versions of Cisco Secure Firewall Management Centre (FMC). It could allow an unauthenticated, remote threat actor to execute arbitrary shell commands on the underlying system. The vulnerability resides when RADIUS authentication is enabled and affects FMC versions 7.0.7 and 7.7.0.  

A newly disclosed critical security flaw (CVE-2025-25256) has been identified in multiple versions of Fortinet FortiSIEM. Due to the availability of a public Proof of Concept (PoC), the risk of exploitation is significantly heightened, making immediate attention and remediation imperative. 

A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. The flaw stems from the way WinRAR processes alternate data streams (ADSes) within specially crafted archive files. 

SonicWall has warned customers to disable SSL VPN services due to ransomware gangs actively exploiting an unknown security vulnerability in SonicWall Generation 7 firewalls to breach networks over the past few weeks. 

Over the weekend, Integrity360 has been asked by multiple customers about a recent critical vulnerability (CVE-2025-53770) targeting on-premise instances of Microsoft Sharepoint using a deserialisation flaw. This zero-day has been reportedly widely exploited since mid-July, posing serious risk to any unpatched on-premise Sharepoint environment (Subscription, Server 2016 and Server 2019). Integrity360 wants to reassure customers that the vulnerability does not affect any cloud instances of SharePoint Online of which the majority of organisations are using. On-premise Sharepoint is likely to be converted to (or in the process of) Microsoft 365 across lots of organisations due to the extended end date of Microsoft support running out in the near future.

Cisco has addressed a critical vulnerability, tracked as CVE-2025-20337 ( with a CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An unauthenticated attacker could trigger the vulnerability to execute arbitrary code on the underlying operating system with root privileges.