Microsoft released a security update in March 2025 that fixes a vulnerability in Windows File Explorer where NTLM authentication data could be leaked when Explorer processes files inside archive files (e.g., ZIP/RAR). The issue was initially assigned CVE-2025-24071 and was later re-identified as CVE-2025-24054. NTLM (New Technology LAN Manager) is an authentication protocol used in Read more about [2025.10 Vulnerability Report] CVE-2025-24054: NTLM Hash Exfiltration via .library-ms in Windows Explorer[…]

PluXml CMS is a widely used content management system (CMS) for personal and small website environments. The recently discovered CVE-2025-57567 vulnerability resides in the theme editor feature within the service’s admin panel, allowing an authenticated administrator to inject arbitrary PHP code, potentially leading to remote code execution (RCE). This vulnerability is extremely dangerous, as a Read more about [2025.10 Vulnerability Report] PluXml CMS — Theme Editor Authenticated Admin Remote Code Execution (CVE-2025-57567)[…]

This vulnerability is an insecure deserialization vulnerability in the Sitecore Experience Platform. An attacker could access classes that utilize deserialization under the /-/xaml/Sitecore.Shell path and execute serialized malicious code. A patch for this vulnerability was released in July 2025, and AIWAF products will address this vulnerability through the “Sitecore Experience Platform Insecure Deserialization Remote Code Read more about [2025.10 Vulnerability Report] Sitecore Experience Platform Insecure Deserialization[…]