Tag: WhiteHatSeries

26/09/2025

Week 39 – When the Postman is a Hacker: WHD’s AjaxProxy Leads to Total Compromise

22 – 28 Sept 2025 SolarWinds Web Help Desk (WHD) is a comprehensive help desk and ticketing solution designed for medium to large organizations. It supports IT support request tracking, workflow automation, asset management, and compliance monitoring in enterprise environments. Our current CVE of the 

CVE of the Week
-
by White Hat IT Security
19/09/2025

Week 38 – From Chaos to Catastrophe: CVEs Shake Chaos Mesh

15 – 21 Sept 2025 What is chaos engineering? No, with this week’s CVE of the Week post, we do not want to dominate the world. Chaos engineering is a proactive testing approach to intentionally introduce failures and errors into systems to investigate their resiliency 

CVE of the Week
-
by White Hat IT Security
15/09/2025

Week 37 – From Carts to Carnage: SessionReaper Targets Magento

8-15 Sept 2025 Patch Tuesday’s security bulletin at Adobe has been published and it includes a serious entry with the ID CVE-2025-54236, our CVE of the Week this week. The vulnerability dubbed SessionReaper affects Adobe Commerce and Magento, Adobe’s e-commerce solutions. SessionReaper resides within Magento’s 

CVE of the Week
-
by White Hat IT Security
Week 36 – WhatsApp Zero-Click Flaw Targets Apple Devices
08/09/2025

Week 36 – WhatsApp Zero-Click Flaw Targets Apple Devices

WhatsApp Zero-Click Flaw Targets Apple Devices

CVE of the Week
-
by White Hat IT Security
29/08/2025

Week 35 – Remote code execution vulnerability in Citrix NetScaler products

Remote code execution vulnerability in Citrix NetScaler products.

CVE of the Week
-
by White Hat IT Security
15/08/2025

Week 33 – Patch your FortiSIEM today!

11 Aug – 17 Aug 2025 A critical OS command injection flaw (CVE-2025-25256) has been identified in Fortinet’s FortiSIEM platform, now this our CVE of the Week. This critical flaw, has a 9.8 CVSS base score, almost reaching a straight 10/10. The vulnerability allows remote, 

CVE of the Week
-
by White Hat IT Security
10/08/2025

Week 32 – Critical AEM Forms Exploit via Apache Struts

04 – 10 Aug 2025 Vulnerabilities don’t always require complex exploits or innovative tricks to be taken advantage of. In many cases, they stem from trivial development errors, misconfigurations or simply negligence. Such is the case for this week’s star of our CVE of the 

CVE of the Week
-
by White Hat IT Security
01/08/2025

Week 31 – Critical VPN Flaw Hits SonicWall: Patch Now!

28 July – 03 Aug 2025 SonicWall has issued an urgent advisory regarding a newly discovered critical vulnerability — CVE-2025-40600, now spotlighted as this week’s CVE of the Week. This flaw affects the SSL VPN interface of the SonicOS firewall operating system, and it demands 

CVE of the Week
-
by White Hat IT Security
25/07/2025

Week 30 – Update your on-prem SharePoint ASAP

21 – 27 July 2025 In recent days, the cybersecurity community has been focusing on newly discovered critical SharePoint vulnerabilities, so it was an easy choice to pick our CVE of The Week. The issue with the highest score is tracked as CVE-2025-53770 and has 

CVE of the Week
-
by White Hat IT Security
21/07/2025

Week 29 – Vulnerability in Google Chrome

14 – 20 July 2025 This week our focus moved to a vulnerability in Google’s browser, tracked as CVE-2025-6558, because it possibly has been exploited in the wild. This flaw scored 8.8 CVSS score and allow a potential remote attacker to escape the sandbox environment 

CVE of the Week
-
by White Hat IT Security