Real-time intelligence reports, CVE advisories, and case studies from our global security research team.
NullShield Labs identified a critical unauthenticated remote code execution vulnerability in a widely-deployed enterprise VPN appliance. Exploitation allows full network access bypass. Patch available — immediate action required. Over 14,000 exposed endpoints identified via Shodan.
A sophisticated spear-phishing operation targeting CFOs and CEOs at mid-market fintech firms. Campaign uses lookalike domains with valid SSL certificates and MFA bypass techniques.
Multiple vendors affected by shared networking library vulnerability. NullShield's sensor network detected active scanning targeting CVE-2025-1847. Patch window is narrow.
NullShield threat hunters identified new command-and-control infrastructure linked to APT-41. Targeting pattern suggests healthcare sector focus with ransomware pre-positioning.
17 malicious packages discovered on npm registry impersonating popular utilities. Packages exfiltrate environment variables and SSH keys on install.
| CVE ID | Description | Severity | CVSS | Status |
|---|---|---|---|---|
| CVE-2025-1847 | Edge router RCE via crafted HTTP header | CRITICAL | 9.8 | PATCH NOW |
| CVE-2024-3891 | SSL VPN authentication bypass | CRITICAL | 9.1 | PATCHED |
| CVE-2025-0234 | Privilege escalation in Windows kernel | HIGH | 7.8 | MITIGATE |
| CVE-2025-0891 | Apache Log4j-adjacent deserialization | HIGH | 7.5 | PATCH NOW |
| CVE-2024-9912 | OpenSSH timing oracle information leak | MEDIUM | 5.3 | PATCHED |