Please welcome our newest member from the Australia, Andrew Pedroso Andrew Pedroso has committed over a decade to business technology research, advisory, data, and consulting. Now, he has returned to his passion for cybersecurity and zero trust strategy. With deep expertise across key industries including BFSI, …
CyAN is thrilled to welcome back Michael McDonald, an internationally respected Senior Solution Architect, startup CTO, and technical visionary whose career spans three decades, five continents, and some of the most complex, high-stakes environments in industry and government. Michael brings rare breadth and depth across …
Over the weekend, I read an article by Jackson Ryan in The Guardian that stopped me in my tracks. It asked a pointed question — “Does video game monetisation harm children, and what is Australia doing about it?” — and its answers were far from …
Please welcome our newest member from the United States, Caroline Humer As an international digital safety advocate, Caroline Humer is dynamic and motivated, with a track record of successfully fostering cross-industry engagement. Growing up in numerous global settings has honed her ability to lead global …
The security weakness is found in OpenCTI’s web-hook functionality. As outlined in the advisory, this feature enables users to tailor messages transmitted through web-hooks. It operates using JavaScript, which users can input into a web-hook template field.
The primary concern is that a malicious user could exploit this mechanism to execute commands within the hosting environment where OpenCTI runs. Although a protective layer has been implemented to block external modules in JavaScript code used for web-hooks, these safeguards can still be circumvented.
Furthermore, OpenCTI’s container-based deployments poses a security risk, as attackers could exploit web-hook JavaScript to access sensitive environment variables. Successful exploitation could lead to a wide range of malicious activities, including data breaches, system compromise, and lateral movement within the affected network.
The affected version of OpenCTI Platform is 6.4.8 and the patched version, which resolves this vulnerability, is 6.4.11.
Users of the OpenCTI Platform are strongly advised to upgrade OpenCTI Platform instance to version 6.4.11 or later to mitigate the risk posed by CVE-2025-24977.
Recommended Action:
Official advisory: https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-mf88-g2wq-p7qm
White Hat IT Security is a Europe-based Managed Security Services Provider (MSSP) and proud Microsoft Solution Partner. Its Microsoft-verified managed security solutions (MXDR) reflect their deep expertise and commitment to excellence in cybersecurity. The company was awarded the Partner of the Year Hungary Award by Microsoft in 2024.
With the largest incident response capacity in the CEE region, they’re trusted by organizations to deliver fast, effective, and proactive protection. Their portfolio includes penetration testing, vulnerability assessments, managed Cyber Threat Intelligence, as well as Governance, Risk and Compliance (GRC) consulting and specialized security training.
They are committed to supporting professional initiatives that aim to raise cybersecurity awareness and maturity—both for individuals and organizations. They regularly contribute to the community through knowledge sharing, education, and outreach, helping to build a safer digital future for all.
In this mentorship story of 2025, Sumandeep Kaur shares her experience as a Web Developer and Cybersecurity Intern under the guidance of her CyAN mentor, Shantanu Bhattacharya. Empowering Early-Career Web Developer & Cybersecurity Professionals: My Journey with the CyAN Mentorship Program By Sumandeep Kaur Acknowledging …
In this first mentorship story of 2025, Kuljit Kaur (Australia) shares her experience under the guidance of her CyAN mentor, Shakil Khan (UAE). My Mentoring Experience with CyAN Mentorship Program and Mr. Shakil Khan By Kuljit Kaur Starting a career journey in cybersecurity can be …
