What is CVE-2025-10035? A new critical vulnerability, CVE-2025-10035, has been disclosed in Fortra’s GoAnywhere MFT, a widely used managed file transfer solution. The flaw lies in the License Servlet and allows unauthenticated attackers to achieve remote code execution (RCE) through crafted license responses. The vendor has rated this vulnerability as Critical (CVSS 10.0) due to... The post CVE-2025-10035 Critical Remote Code Execution in Fortra GoAnywhere MFT appeared first on IONIX.| IONIX
IONIX uncovers blind spots of AI risk - experimental AI projects are being deployed without governance, bypassing the usual security reviews. These assets often remain connected to critical infrastructure, meaning what starts as a “temporary” experiment can quickly escalate into a major breach risk.| IONIX
Overview The IONIX research team is tracking CVE-2025-42944, an insecure deserialization vulnerability affecting SAP NetWeaver AS Java’s RMI-P4 module—a critical issue warranting immediate attention. What’s at Risk? Context & Why It Matters Current State of Exploitation IONIX Recommendations Who Might Be Affected? Final Take CVE-2025-42944 is a textbook example of how insecure deserialization can escalate... The post CVE-2025-42944 — Insecure Deserialization in SAP NetWeaver appeared ...| IONIX
Summary A critical Server-Side Request Forgery (SSRF) vulnerability—CVE-2025-8085—has been discovered in the popular WordPress plugin “Ditty (News Ticker & Display Items)” for versions prior to 3.1.58. The issue resides in the displayItems REST API endpoint (wp-json/dittyeditor/v1/displayItems), which lacks authentication and authorization, allowing unauthenticated attackers to force the server to fetch arbitrary URLs—internal or external—via crafted... The post Unauthenticated SS...| IONIX
Validating external reachability is not just a good practice, it is the bedrock of exposure management. Without proving what is actually reachable, you cannot know your true attack surface or prioritize what needs to be fixed first.| IONIX
Overview A new critical vulnerability has been identified in FreePBX, the widely adopted open-source, web-based graphical user interface for managing Asterisk PBX systems. Tracked as CVE-2025-57819, this flaw affects FreePBX versions 15, 16, and 17 and enables unauthenticated attackers to bypass administrator login controls. Once inside, threat actors can perform SQL Injection attacks that lead... The post FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819) appeare...| IONIX
zero-day vulnerability, CVE-2025-7775, has been disclosed in Citrix NetScaler ADC and Gateway appliances. This flaw is classified as a memory overflow vulnerability| IONIX
Article Link: https://www.stpaul.gov/news/saint-paul-city-council-extends-local-state-emergency-respond-digital-security-incident| Project Hyphae
How DevOps Teams Can Use IONIX for Zero-Fuss Daily Ops| IONIX
Discover the importance of API catalogs, their differences from API portals & gateways, and how to ensure optimal API management and security.| Escape DAST - Application Security Blog
Attack Surface Management (ASM) is the process of continuously detecting, discovering, analyzing, remediating, and monitoring the cybersecurity| CIP Blog
Exposed admin panels using threat-hunting tools, and importance of monitoring with attack surface management (ASM) solutions.| CIP Blog
Explore essential CTEM metrics to evaluate your Continuous Threat Exposure Management program and strengthen your cybersecurity defenses.| Strobes Security
