Cybersecurity consultant and pentester sharing daily insights on high-impact Microsoft and Linux vulnerabilities, exploit availability, and defense strategies.
Nothing here yet.
What Happened, How They Work, and How to Stay Safe (two bugs, one attack chain – a spoofing/auth-bypass → RCE combo that’s being mass-exploited against on-prem SharePoint 2016 / 2019 / Subscription Edition) 1 What are CVE-2025-49704 & CVE-2025-49706...

CVE-2025-54309 — What Happened, How It Works, and How to Stay Safe 1 What is CVE-2025-54309? CVE-2025-54309 is a critical remote-code-execution flaw in CrushFTP 10 and 11.If the DMZ proxy feature is not in use, an attacker can send a single HTTPS req...

CVE-2025-53770 — What Happened, How It Works, and How to Stay Safe 1. What is CVE-2025-53770? CVE-2025-53770 is an unauthenticated remote-code-execution (RCE) flaw in Microsoft SharePoint Server 2016/2019/Subscription Edition.A single crafted HTTP PO...
