Our news

  • Vulnerability Summary for the Week of June 23, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 70mai–M300 A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the

    READ MORE

  • Proactive Strategies and Privileged Access Management for Mitigating Insider Risks

    The digital world we work in keeps changing just like our work environments. As cybersecurity analysts, we try to understand and boost our defenses against many possible threats. Insider risk presents a special challenge that needs a different approach compared to external attacks. Insider risk isn’t always about bad intentions. It can come from accidental

    READ MORE

  • CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment

    Today, CISA, in collaboration with the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Security Agency (NSA), released a Fact Sheet urging organizations to remain vigilant against potential targeted cyber operations by Iranian state-sponsored or affiliated threat actors.  Over the past several months, there has been increasing

    READ MORE

  • Potential Iranian Retaliations Following US Strike on Nuclear Facilities: Cyber Attacks and Maritime Disruptions

    Introduction On June 21st, 2025, the United States conducted precision strikes on three Iranian nuclear facilities Fordow, Natanz, and Isfahan with the potential of escalating tensions in the Middle East. This military action, briefed by the Defense Department on the morning of June 22nd, 2025, codenamed Operation Midnight Hammer, has prompted Iran to vow retaliation,

    READ MORE

  • Vulnerability Summary for the Week of June 16, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info _CreativeMedia_–Elite Video Player Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in _CreativeMedia_ Elite Video Player allows Stored XSS. This issue affects Elite Video Player: from n/a through 10.0.5. 2025-06-17 7.1 CVE-2025-30988 Adnan Haque (a11n)–Virtual Moderator Cross-Site Request Forgery (CSRF) vulnerability

    READ MORE

  • Vulnerability Summary for the Week of June 9, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Acer–ControlCenter Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features.

    READ MORE

  • CISA Releases Cybersecurity Advisory on SimpleHelp RMM Vulnerability

    Today, CISA released Cybersecurity Advisory: Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider. This advisory is in response to ransomware actors targeting customers of a utility billing software provider through unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management (RMM). This incident is part of a broader trend of

    READ MORE

  • Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider

    Summary The Cybersecurity and Infrastructure Security Agency (CISA) is releasing this advisory in response to ransomware actors leveraging unpatched instances of a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) to compromise customers of a utility billing software provider. This incident reflects a broader pattern of ransomware actors targeting organizations through unpatched versions of SimpleHelp

    READ MORE

  • SkillBridge Frequently Asked Questions (FAQs)

    Below is a list of frequently asked questions to help interns navigate their time at DefendEdge. General Program What is expected of me as an intern? Interns are expected to actively participate in hands-on cybersecurity tasks, follow company policies, complete assessments, ask questions, and seek mentorship when needed. What skills should I focus on developing

    READ MORE

  • Vulnerability Summary for the Week of June 2, 2025

    High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–ABC Courier Management System A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /adminSQL. The manipulation of the argument Username leads to sql injection. It is possible

    READ MORE