Gladinet fixes zero-day vulnerability in CentreStack

#cyberNEWS Gladinet fixes actively exploited zero-day in file-sharing software. Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. Researchers at cybersecurity platform Huntress disclosed the exploitation activity last week saying that the flaw was a bypass for mitigations Gladinet implemented for the deserialization vulnerability leading to remote code execution (RCE) identified as CVE-2025-30406. https://lnkd.in/d3zHN7d8

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September.

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. https://lnkd.in/d3zHN7d8

The latest update for #Detectify includes "The #API vulnerabilities nobody talks about: excessive data exposure" and "New API #testing category now available". #cybersecurity #webvulnerabilities #websecurity https://lnkd.in/dHMDMPz

Gladinet has released security updates for its CentreStack business solution to address a local file inclusion vulnerability (CVE-2025-11371) that threat actors have leveraged as a zero-day since late September. Researchers at cybersecurity platform Huntress disclosed the exploitation activity last week saying that the flaw was a bypass for mitigations Gladinet implemented for the deserialization vulnerability leading to remote code execution (RCE) identified as CVE-2025-30406. #staycurious #stayinformed #noble1 #tomshaw TOM SHAW

Security researchers have discovered a malicious modification in the npm package postmark-mcp, an MCP server used to send emails through Postmark. By adding a blind copy to an external domain, attackers were able to secretly exfiltrate email contents. This marks the first known instance of an MCP server being exploited in the wild. Learn more about the vulnerability, indicators of compromise and mitigation details in this blog by Diksha Ojha. #ThreatProtection #VulnerabilityManagement

Security researchers have discovered a malicious modification in the npm package postmark-mcp, an MCP server used to send emails through Postmark. By adding a blind copy to an external domain, attackers were able to secretly exfiltrate email contents. This marks the first known instance of an MCP server being exploited in the wild. Learn more about the vulnerability, indicators of compromise and mitigation details in this blog by Diksha Ojha. #ThreatProtection #VulnerabilityManagement

Security researchers have discovered a malicious modification in the npm package postmark-mcp, an MCP server used to send emails through Postmark. By adding a blind copy to an external domain, attackers were able to secretly exfiltrate email contents. This marks the first known instance of an MCP server being exploited in the wild. Learn more about the vulnerability, indicators of compromise and mitigation details in this blog by Diksha Ojha. #ThreatProtection #VulnerabilityManagement

Security researchers have discovered a malicious modification in the npm package postmark-mcp, an MCP server used to send emails through Postmark. By adding a blind copy to an external domain, attackers were able to secretly exfiltrate email contents. This marks the first known instance of an MCP server being exploited in the wild. Learn more about the vulnerability, indicators of compromise and mitigation details in this blog by Diksha Ojha. #ThreatProtection #VulnerabilityManagement