Vulnerability Summary for the Week of December 29, 2025

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info SmarterTools–SmarterMail Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution.…

Cyber Briefing: 2026.01.05

India-targeted espionage, IoT botnets, credential abuse, disputed breaches, crypto wallet hacks, massive healthcare exposure, cyber M&A, and arrests dominated. This article has been indexed from CyberMaterial Read the original article: Cyber Briefing: 2026.01.05

ProfileHound: Post-Escalation Tool Designed to Achieve Red Team Objectives

ProfileHound emerges as a specialized post-exploitation instrument for offensive security professionals seeking to identify high-value targets within Active Directory environments. The tool addresses a critical gap in red-team reconnaissance by enumerating domain user profiles stored on compromised machines, enabling operators…

Attackers Leverage FortiWeb Vulnerabilities to Deploy Sliver C2 for Long-Term Access

Threat researchers have uncovered a sophisticated attack campaign targeting FortiWeb web application firewalls across multiple continents, with adversaries deploying the Sliver command-and-control framework to establish persistent access and establish covert proxy infrastructure. The discovery came from analyzing exposed Silver C2…