Contact us
Cloud platform
  • Cyber Threat Intelligence, Notificação de Vulnerabilidades OT/ICS

Monthly NDV – November/2025

See November’s most critical vulnerabilities and the urgent actions needed to reduce risk.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

New Sha1-Hulud Wave Hits Over 25,000 Repositories via NPM Supply Chain

The new malware variant compromises thousands of npm repositories, stealing credentials and wiping directories if exfiltration fails.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Privilege Escalation Vulnerability in Cisco Catalyst Center Virtual Appliance

CVE-2025-20341 (CVSS 8.8) allows low-privileged authenticated users to escalate to Administrator through crafted HTTP requests. No workarounds exist, and Cisco urges immediate upgrade to version 2.3.7.10-VA.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Critical Vulnerability in Fortinet FortiWeb

CVE-2025-64446 (CVSS 9.1) allows unauthenticated attackers to run administrative commands through a path traversal flaw, is actively exploited in the wild, and requires urgent patching of vulnerable FortiWeb appliances.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Denial-of-service vulnerability in Palo Alto Networks PAN-OS

CVE-2025-4619 allows remote firewall reboot through crafted packets, leading to downtime and requiring immediate patching.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Microsoft fixes 63 vulnerabilities in the Patch Tuesday, including an actively exploited zero-day

The November 2025 update addresses severe Windows flaws, including a kernel zero-day already used in real-world attacks

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

SAP fixes critical vulnerabilities in the November Patch Day

The November 2025 update addresses severe flaws enabling remote code execution and full system compromise

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Critical Vulnerability in React Native CLI

A critical flaw (CVE-2025-11953) in the @react-native-community/cli package allows remote code execution via the Metro server. Immediate update to version 20.0.0 is required.

READ MORE
  • Cyber Threat Intelligence, SEK Security Advisory

Critical Vulnerability in WordPress Post SMTP Plugin

A critical flaw (CVE-2025-11833) allows unauthenticated attackers to access email logs and hijack admin accounts. Immediate update to version 3.6.1 is strongly advised.

READ MORE
Where we are
Argentina

Esmeralda 1042, piso 10, CABA, Buenos Aires

Brazil

Av. Tamboré, nº 267, 13º andar, conjunto 131, Torre Norte, Alphaville. CEP 06460-000, Cidade de Barueri - São Paulo

Colômbia

Cra. 45 #114-44. Oficina 404 Edificio Invention Center. Bogotá, Colômbia

Chile

Suecia 0155, Piso 14 7510114 Santiago, Providencia, Región Metropolitana, Chile

Peru

Av. Del Pinar 152 Of. 1101 Chacarilla del Estanque, Santiago de Surco, Lima

Follow SEK on social media:
Linkedin Youtube
Report a concern
The information submitted through this channel will be kept confidential, as will your identity.
Submit your report
Access the manual
Contact us
Cloud Platform
Linkedin Youtube
Privacy Overview
SEK

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Strictly Necessary Cookies

Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.

3rd Party Cookies

This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

Additional Cookies

This website uses the following additional cookies:

(List the cookies that you are using on the website here.)