# CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall February 05, 2026 | TrendAI Research Team _In this excerpt of a TrendAI Research Services vulnerability report, Jonathan Lein and Simon Humbert of the TrendAI Research team detail a recently patched command injection vulnerability in the Arista NG Firewall. This […]

Director of Research **Published:** 05 February 2026 at 15:28 UTC **Updated:** 05 February 2026 at 15:30 UTC Welcome to the Top 10 Web Hacking Techniques of 2025, the 19th edition of our annual community-powered effort to identify the most innovative must-read web security research published in the last year. This […]

## TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was notably sparse on technical details, describing only “Improper Input Validation” (CWE-20). We decided to dig deeper. Through reverse engineering and code […]

A friend of mine, namely Antide “xarkes” Petit, came up with a pretty good rule of thumb that I think should be elevated into a law, Antide’s Law: > If it’s unclear what a cyber-security company is doing, what they’re doing is pretty clear. For example, take a look at […]

**Check Point Research** has identified several campaigns targeting multiple countries in the **Southeast Asian region**. These related activities have been collectively categorized under the codename “ **Amaranth-Dragon**”. The campaigns demonstrate a clear focus on **government entities** across the region, suggesting a motivated threat actor with a strong interest in **geopolitical […]

# How Mercari strengthened mobile security for millions of users with Oversecured # CUSTOMER SUCCESS STORY ## How Mercari strengthened mobile security for millions of users with Oversecured ### Case Study Summary **Company:** Mercari – Japan’s largest marketplace app **Industry:** E-commerce, FinTech, Mobile Marketplace **Challenge:** Securing mobile applications handling cryptocurrency, […]

# Beyond ACLs: Mapping Windows Privilege Escalation Paths with BloodHound Windows privileges are special rights that grant processes the ability to perform sensitive operations. Some privileges allow bypassing standard Access Control List (ACL) checks, which can lead to significant security implications. While privileges like SeDebugPrivilege, SeImpersonatePrivilege or SeBackupPrivilege are frequently […]

# Someone Knows Bash Far Too Well, And We Love It (Ivanti EPMM Pre-Auth RCEs CVE-2026-1281 & CVE-2026-1340) When Ivanti removed the embargoes from CVE-2026-1281 and CVE-2026-1340 – pre-auth Remote Command Execution vulnerabilities in Ivanti’s Endpoint Manager Mobile (EPMM) solution – we sighed with relief. Clearly, the universe had decided […]

Check Point Research continuously investigates real-world attacks, vulnerabilities, attackers’ infrastructure, and emerging techniques across global networks and environments. The Cyber Security Report 2026 consolidates our research efforts throughout 2025 to deliver a clear, data-driven view of the current threat landscape and its trajectory in 2026. As Check Point’s flagship annual […]

# General Graboids: Worms and Remote Code Execution in Command & Conquer _[this work was conducted collaboratively by Bryan Alexander and Jordan Whitehead]_ This post details several vulnerabilities discovered in the popular online game Command & Conquer: Generals. We recently presented some of this work at an information security conference […]