A highly sophisticated Russian state-sponsored cyber espionage group, known as Static Tundra, has been targeting organizations of strategic interest within critical infrastructure verticals.
H-ISAC: White Reports
On August 15, 2025, exploit code was released that chains two critical vulnerabilities in SAP NetWeaver’s Visual Composer to bypass authentication and achieve remote code execution.
On August 12, 2025, FortiGuard Labs published an advisory for a flaw in FortiWeb tracked as CVE-2025-52970.
On August 14, 2025, Cisco disclosed a critical remote code execution (RCE) vulnerability.
This week, Health-ISAC®'s Hacking Healthcare® examines the recent publication of a new version of the United Kingdom’s (U.K.) National Cyber Security Centre (NCSC) developed Cyber Assessment Framework (CAF).
On August 13, 2025, HORIZON3.ai security researchers published an Attack Blog regarding two high-severity vulnerabilities, CVE-2025-8355 and CVE-2025-8356, affecting Xerox FreeFlow Core version 8.0.4.
On August 12, 2025, FortiGuard Labs issued an advisory on a critical FortiSIEM flaw, tracked as CVE-2025-25256. According to the advisory, a practical exploit code is available in the wild.
On August 5, 2025, Cisco Talos announced a wide range of vulnerabilities, collectively known as ReVault.
On August 5, Trend Micro issued an urgent security advisory for two critical vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting on-premise versions of its Apex One Management Console.
On August 5, Trend Micro issued an urgent security advisory for two critical vulnerabilities, CVE-2025-54948 and CVE-2025-54987, affecting on-premise versions of its Apex One Management Console.