Greenbone AG

🚨 CVE-2025-64155: FortiSIEM Under Active Exploitation Fortinet has patched a critical unauthenticated RCE flaw (CVSS 9.8) in FortiSIEM, allowing remote root-level command execution via crafted TCP requests. Within hours of disclosure, in-the-wild attacks were reported. 🔍 Affected: FortiSIEM 6.7–7.4 (Super & Worker nodes only) ⚙️ Fix: Upgrade to latest versions or restrict port 7900 (phMonitor) access. Greenbone detects CVE-2025-64155 and related Fortinet CVEs through our remote banner check. https://lnkd.in/dgWwXXbA Test your network with a free 2‑week OPENVAS BASIC trial. https://lnkd.in/dcZ_Bg3A #CVE202564155 #Fortinet #FortiSIEM #RCE #OPENVAS #Greenbone #VulnerabilityManagement

December broke another record — and attackers didn’t take holidays. 🔎 December 2025 in one sentence: Vulnerability disclosure, exploitation, and emergency patching accelerated - right when many teams were least staffed. 📊 The numbers: -5,519 new CVEs in December alone - an all-time monthly high -21% more CVEs in 2025 compared to 2024 -245 CVEs added to CISA’s Known Exploited Vulnerabilities list in 2025 -Hypervisors jumped from 3% to 25% of ransomware attack paths in one year 🔥 What stood out in December -Memory leaks with internet-scale exposure (MongoBleed): credentials, keys, secrets - leaking without authentication -Unauthenticated RCEs in mail servers and GIS platforms that are often overlooked but deeply embedded -Perimeter devices under pressure: VPNs, firewalls, edge appliances repeatedly targeted and actively exploited -Social engineering meets file parsers: archive tools and document processors turning user interaction into system compromise 🧠 The pattern defenders should notice Attackers are not chasing exotic zero-days. They are exploiting widely deployed, operationally critical software - often at the edge, often forgotten, often trusted. Holiday timing wasn’t accidental either. When patch cycles slow down, exploitation speeds up. 🛡️ What actually reduces risk right now Know which vulnerabilities are exploited, not just “critical” Scan what’s exposed - especially hypervisors, VPNs, and management interfaces Treat patching as a risk decision, not a compliance checkbox Assume attackers already read the advisories - because they do Cyber risk isn’t just about lacking information. It’s about acting faster than exploitation - every single month. Visit our blog for more.

⚠️ Cisco has released an emergency advisory for CVE-2025-20393, a maximum-severity (CVSS 10.0) zero-day affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances if the Spam Quarantine feature is enabled and configured for remote access. Key facts security teams should be aware of: - Actively exploited in the wild since at least late November - Exploitation allows unauthenticated remote code execution with root privileges - Exploitation observed by Chinese-nexus APT actors in cyber-espionage campaigns - No patch available yet - Added immediately to CISA’s Known Exploited Vulnerabilities (KEV) list Post-exploitation activity reported by Cisco includes: - Persistent backdoors - Covert remote access via tunneling tools - Log and forensic artifact removal
 The high-severity threat posed by CVE-2025-20393 makes early detection and exposure analysis especially important. What you can do right now: - If possible, disable remote access to the Spam Quarantine web-interface - If this is not feasible, ensure the Spam Quarantine web interface is not exposed on the public internet - Restrict access with strict firewall and ACL rules to allow access only from known, authorized IP addresses - If compromise is suspected, a full rebuild of the appliance is presently the only effective way to remove the attacker’s persistent foothold. Rebuilding the affected appliance from a known-good image is required since malware may be persistent against configuration changes. If complete restoration of the appliance is not possible, Cisco recommends contacting TAC Vulnerability detection tests for CVE-2025-20393 have been added to the Greenbone Enterprise Feed within 24 hours of the new CVE disclosure, so defenders can quickly assess exposure and reduce risk while waiting for a patch. #CVE202520393 #zeroday #cybersecurity #cisco #threatintel #itsecurity

Threats are accelerating — and proactive vulnerability management is key for 2026. In this edition, we highlight how the OPENVAS ENTERPRISE FEED and our latest Threat Report help you stay ahead of ransomware, data-theft extortion, and rapidly evolving attack campaigns. We also take a look beyond today’s risks and show how Greenbone is preparing for the post-quantum era.

React2Shell-Update: Additional vulnerabilities identified Following the initial React2Shell disclosures, new findings have emerged. Three additional vulnerabilities in React Server Components (RSC) have been identified and require further patching. What’s new? - Two new CVEs (CVSS 7.5) allow pre-authenticated Denial of Service (DoS). One of them is considered a bypass of the original React2Shell patch - even though exploitation does not lead to remote code execution. - A third vulnerability (CVSS 5.3) can result in limited source code exposure. Why this matters: Even without RCE, these flaws pose a real risk. Attacks on availability and unintended information disclosure can have a serious impact on production web applications. Upgrade to React 19.0.3, 19.1.4, or 19.2.3. Vercel has also published specific guidance for patching affected Next.js deployments. React2Shell is not a “patch once and done” issue. It clearly shows why continuous vulnerability management is essential to minimize digital risk over time. The Greenbone ENTERPRISE FEED already includes detection for all newly published CVEs, enabling fast identification and prioritization of affected systems.

If you run Proxmox Server Solutions VE, you’ve probably chosen it for a reason: control, transparency, and high performance without vendor lock-in. OPENVAS SCAN now runs natively on Proxmox VE, making it easier to add professional vulnerability scanning to the environment you already trust - no workarounds, no platform changes. OPENVAS SCAN on Proxmox: - Officially supported virtual appliance - Seamless integration into existing virtual environments - High performance thanks to direct access to hardware - Enterprise-grade vulnerability scanning built on open technology Security shouldn’t force you into a different stack. It should fit cleanly into the one you’ve already built - and help you reduce risk without adding complexity.

Die DEUTSCHE GESELLSCHAFT FÜR WEHRTECHNIK e.V. DTW Cyber Defence Conference in Bonn hat einmal mehr gezeigt, welche Themen die Verteidigungs- und Sicherheitscommunity aktuell bewegen: Open Source war eines der zentralen Themen – insbesondere im Defense-Kontext und mit hoher Relevanz für digitale Souveränität. Umso mehr hat es uns gefreut, dass Greenbone in diesem Zusammenhang von einem anderen Unternehmen im Vortrag ausdrücklich empfohlen wurde. Auch Vulnerability Management stand im Fokus vieler Gespräche: als Grundlage für Cyberresilienz, Security by Design und den Schutz sicherheitskritischer Infrastrukturen. Für uns war die Veranstaltung ein wertvoller Austausch mit bekannten und neuen Kontakten – und zugleich das letzte Event des Jahres 2025. Wir bedanken uns für die spannenden Gespräche und freuen uns darauf, im neuen Jahr dort anzuknüpfen und das Thema Vulnerability Management auf weiteren Live-Events weiter voranzubringen. Bis bald und auf ein resilientes neues Jahr! 🚀 #Greenbone #OPENVAS #Cyberresilienz Stefan Walenda Stefan Flacke

🚨 A CVSS 10.0 flaw in React is redefining the threat landscape. The new React2Shell (CVE-2025-55182) vulnerability exposes a deeper issue: as web frameworks shift more logic server-side, deserialization flaws become single-point failures for entire application stacks. With React 19 now powering enterprise-grade UIs, this transforms an implementation bug into a global RCE attack surface. Early data from cloud providers already shows widespread, automated exploitation. Organizations running React 19 or Next.js may unknowingly expose endpoints—even without using Server Functions—because the vulnerable RSC components are enabled by default. Key insight: This flaw shows how “modernization” can weaken security if upgrades aren’t paired with proactive vulnerability management. 👉 Assess your exposure now with Greenbone’s free OPENVAS BASIC trial and get immediate visibility into vulnerable Next.js and React deployments. Read the full analysis and mitigation guide on our website: https://lnkd.in/dmr57NA5

Quantum computing won’t just change the rules — it will rewrite them.  Q-Day will mark the moment when today’s cryptographic foundations become obsolete, and the organizations that haven’t prepared will be exposed overnight. At Greenbone, we’re already engineering for a post-quantum world. From upgrading our internal infrastructure to developing PQS-ready detection for OPENVAS SECURITY INTELLIGENCE, we’re taking proactive steps so our customers can stay ahead of the threat curve. Why does this matter for you? Because attackers are already harvesting encrypted data today to decrypt later — and PQC migration timelines are measured in years, not months. Curious what Q-Day really means for TLS, SSH, VPNs, PKI, hashing, and your long-term security posture?  👉 Read the full breakdown on our blog, including what steps you should start taking now: https://lnkd.in/dU_FjRnX

We’re grateful to see OpenVAS highlighted by the security pros who trust and use it every day. Their recognition truly matters. OpenVAS being featured in the Ethical Hackers Academy list of top cybersecurity tools is a great acknowledgment of the value open-source vulnerability scanning brings to teams worldwide. With the Greenbone community, we’re proud to support reliable, transparent, and comprehensive security for everyone. Thanks to Ethical Hackers Academy ® for the spotlight and all the professionals who continue to rely on OpenVAS. #OpenVAS #Cybersecurity #Greenbone #OpenSource