Insights

Next.js is a popular development library for web developers. In the authentication section of the library in affected versions, there is a vulnerability which would allow an attacker to bypass authentication, potentially gaining access to sensitive data or maninpulating targeted accounts. 

A critical remote code execution (RCE) vulnerability, identified as CVE-2025-23120, has been discovered in Veeam Backup & Replication (VBR). This flaw allows authenticated domain users to execute arbitrary code on the affected system. The vulnerability has been assigned a CVSS v3.1 score of 9.9, indicating its critical severity. 

Overview: 

MITRE Caldera is an open-source cyber security platform designed for automating adversary emulation, red teaming, and threat hunting. It allows security teams to simulate real-world cyber threats, test defences, and improve incident response. 

CVE-2025-21298 is a critical vulnerability present in the windows OLE that enables a remote code execution with a CVSS severity of 9.8. Object Linking and Embedding (OLE) is a proprietary technology developed by Microsoft that allows embedding and linking to documents and objects.

UPDATED ON 12/02/2025: 

When a new security vulnerability emerges, there’s often a small window of time to respond before attackers start exploiting it in the wild. For LDAPNightmare (CVE-2024-49112), that window is quickly closing.

Microsoft’s latest Patch Tuesday release addressed 16 critical vulnerabilities, all classified as remote code execution flaws—a stark reminder of the importance of proactive patch management.

The recently discovered vulnerabilities in Veeam Service Provider Console, tracked as CVE-2024-42448 and CVE-2024-42449, have been classified as critical and high severity. If exploited, these vulnerabilities could severely undermine system integrity and operational security, jeopardising sensitive data and backup operations.

It’s that time of the year again when shoppers get ready to take advantage of the upcoming Black Friday and Cyber Monday sales. It’s also the time of the year when cyber criminals seek to take advantage of those bargain hunters.

We continue our lookback at the biggest cyber attacks of 2024… so far. Read Part one HERE

Severity: Critical
CVSSv3 Score: 9.8 
Date: Oct 23, 2024

If you were to look at a stock image of a hacker, it would show a hooded figure hunched over the desk who’s lost in the sea of green text and numbers that flash across the screen.