Overview A new critical vulnerability has been identified in FreePBX, the widely adopted open-source, web-based graphical user interface for managing Asterisk PBX systems. Tracked as CVE-2025-57819, this flaw affects FreePBX versions 15, 16, and 17 and enables unauthenticated attackers to bypass administrator login controls. Once inside, threat actors can perform SQL Injection attacks that lead... The post FreePBX Authentication Bypass Leading to SQL Injection and RCE (CVE-2025-57819) appeare...| IONIX
zero-day vulnerability, CVE-2025-7775, has been disclosed in Citrix NetScaler ADC and Gateway appliances. This flaw is classified as a memory overflow vulnerability| IONIX
Description of CVEs 2025‑54253 and 2025‑54254 Adobe Experience Manager (AEM) Forms on Java Enterprise Edition (JEE) has suffered two critical vulnerabilities CVE‑2025‑54253 and CVE‑2025‑54254 disclosed in early August 2025. According to Adobe, both flaws carry public proof-of-concept (PoC) exploits, though there are no known in-the-wild attacks as of today. Exploit Methods CVE‑2025‑54253 – Misconfiguration leading... The post CVE‑2025‑54253 & CVE‑2025‑54254 in Adobe ...| IONIX
Our threat-hunting team just uncovered a mass-produced remote DNS-manipulation campaign that hijacked an entire nameserver (NS) delegation belonging to a Fortune 500 company. Within hours, the attacker used that foothold to create over 9,500 brand-new subdomains, all resolving to the same criminal infrastructure serving illicit gambling pages. Reverse-IP analysis shows the same host is already... The post Remote DNS Manipulation at Scale: How IONIX Uncovered 20,000 Malicious Subdomains from a...| IONIX
A critical remote code execution vulnerability, CVE-2025-54309, has been disclosed in CrushFTP, a popular managed file transfer (MFT) solution. This flaw allows unauthenticated remote attackers to gain full administrative access to vulnerable systems over HTTPS – without triggering authentication controls.| IONIX