Blog | Holm Security | Cyberattacks & exploits

August 12, 2025 — Cyberattacks & exploits Newly-discovered critical CodeIgniter4 flaw requires immediate action A critical CodeIgniter4 vulnerability requires immediate action A newly-disclosed critical vulnerability in CodeIgniter4 (versions before 4.6.2) puts many websites and applications at risk of complete server compromise. The flaw, tracked as CVE-2025-54418 and...

May 10, 2024 — Cyberattacks & exploits Google Chrome zero-day vulnerability exploited in the wild

Understanding the vulnerability: A memory issue in Chrome The identified vulnerability...

April 12, 2024 — Cyberattacks & exploits Zero-day vulnerability in Palo Alto Networks PAN-OS exploited in the wild

Understanding the vulnerability CVE-2024-3400 Tracked as CVE-2024-3400 and rated with the...

February 27, 2024 — Cyberattacks & exploits Critical vulnerabilities discovered in ConnectWise ScreenConnect

Understanding the vulnerabilities CVE-2024-1708 This is a path-traversal vulnerability...

Filter posts

January 24, 2024 — Cyberattacks & exploits Critical security flaw in GoAnywhere MFT: Users exposed to unauthorized admin access

Understanding CVE-2024-0204 This vulnerability, with a high CVSS score of 9.8, arises from a path traversal weakness in the "/InitialAccountSetup.xhtml"...

January 23, 2024 — Cyberattacks & exploits Exploited vulnerabilities in Ivanti: Connect Secure and Policy Secure pose serious threats

Understanding CVE-2023-46805 & CVE-2024-21887 CVE-2023-46805, rated CVSS 8.2, is a vulnerability in the Ivanti Connect Secure (ICS) web component that allows...

October 18, 2023 — Cyberattacks & exploits Cisco zero-day vulnerability: Exploiting thousands of devices

Understanding CVE-2023-20198 The vulnerability, rooted in the web UI feature, affects Cisco IOS XE software with enabled HTTP or HTTPS server features....

June 2, 2023 — Cyberattacks & exploits MOVEit Transfer zero-day vulnerability exploited in data theft attacks

MOVEit Transfer is a popular file transfer program developed by Ipswitch, a subsidiary of US-based Progress Software Corporation, and widely used by...

May 29, 2023 — Cyberattacks & exploits Barracuda email security gateway appliance zero-day vulnerability

Security flaw in email security gateway The California-based company investigation has revealed that the flaw is rooted in a component that screens the...

March 17, 2023 — Cyberattacks & exploits Microsoft Outlook zero-day vulnerability CVE-2023-23397 exploited

Outlook vulnerability allows zero-click attackers to compromise user authentication An attacker who successfully exploited this vulnerability could access a...