Featured Story

New Veeam RCE Flaw Lets Domain Users Hack Backup Servers

Veeam has patched a critical vulnerability (CVE-2025-23121) in its Backup & Replication software that allows authenticated domain users to remotely execute arbitrary code on backup servers. This affects Veeam Backup & Replication 12 and later, and has been resolved in version 12.3.2.3617.

The flaw, rated 9.9 on the CVSS scale, can be exploited by any authenticated domain user in vulnerable environments, making it a severe risk to infrastructure integrity and business continuity.

Other Stories

Critical Grafana Vulnerability Affects 46,000+ Unpatched Instances

CVE-2025-4123, a client-side open redirect vulnerability in Grafana, allows malicious plugin execution and account takeover. Over 46,000 internet-facing instances remain unpatched, exposing organizations to hijacking and server-side request forgery (SSRF) attacks.

High-Severity Vulnerabilities Patched in Tenable Nessus Agent

Three privilege escalation flaws in Nessus Agent for Windows (CVE-2025-36631 to -36633) allow non-admin users to gain SYSTEM-level privileges. These bugs affect versions prior to 10.8.5, which has now been released with fixes.

Warning: Fake Message About Tax Returns in Circulation

Phishing emails disguised as official tax return reminders from FPS Finance are spreading, directing users to fake websites. Victims are tricked into clicking malicious links under the guise of official correspondence.