Threat Hunting with Open Source Intelligence (OSINT)
Threat Hunting with Open Source Intelligence (OSINT)
Latest
Current CVEs You Need to Patch — Critical Threats in August 2025
1. Microsoft SharePoint: ToolShell Exploitation (CVE-2025-53770 / 53771)
1. What's happening: A critical deserialization vulnerability (CVE-2025-53770, CVSS 9.8) is being actively exploited. It enables unauthenticated remote code execution on-premises. It's part of the "ToolShell" exploit chain, including spoofing bypass (CVE-2025-53771).
2. Impacted systems: SharePoint
Apple Zero-Day Under Active Exploitation (CVE-2025-6558)
Apple has disclosed a critical zero-day vulnerability affecting multiple versions of iOS, iPadOS, and macOS — now tracked as CVE‑2025‑6558. This vulnerability is currently being actively exploited in the wild, with attackers using it as part of highly targeted spyware campaigns.
Overview of CVE‑2025‑6558
* CVE ID: CVE‑
Android "No-Touch" Remote Code Execution: Patches You Need Now
What's Happening?
Google's August 2025 security update patches a critical flaw in Andriod's System component– CVE-2025-48530, dubbed the "No-Touch" RCE. This vulnerability allows attackers to execute code without any user interaction or elevated privileges, especially impacting devices running Android 16.
In addition,
CitrixBleed 2: NetScaler Memory Leak (CVE-2025-5777)
Citrix has confirmed a critical new vulnerability in NetScaler ADC and Gateway appliances, tracked as CVE-2025-5777. Dubbed CitrixBleed 2, this flaw builds upon lessons from previous memory exposure vulnerabilities – and once again places enterprise infrastructure at serious risk.
Summary of CVE-2025-5777
* CVE ID: CVE-2025-5777
* Severity: Critical (CVSS 9.8)
* Component
7 Essential Security Tools Every Cyber Pro Should Be Using in 2025
Why Security Tools Matter
In today's threat landscape, even small teams need enterprise-grade visibility. Whether you're a red teamer, SOC analyst, or solo sysadmin, the right tools are critical to your cyber defense stack.
At ThreatGrid, we believe in sharing tools that are accessible, powerful, and
Cybersecurity Fundamentals: What Every Modern User Should Know
Cybersecurity is no longer just the responsibility of IT departments – it's a personal and professional necessity for everyone connected to the internet. With rising ransomware attacks, phishing scams, and AI-powered threats, understanding the basics of cybersecurity is critical in 2025 and beyond.
In this post, we'll