Feb 23, 2022 Cyber Threat Intelligence

Track daily vulnerability activity, KEV additions, public exploits, critical disclosures, and EPSS risk shifts.

Daily summary

  • Iclinks Scadaflex Ii Firmware: public exploit or PoC linked
  • 4 new critical disclosures — review patch status on exposed services.

Top threats today

Three highest-priority changes — analyst brief, not a CVE dump.

Active exploit activity

CVE-2022-25359 Iclinks Scadaflex Ii Firmware

  • Public exploit or PoC available
  • Exploit activity linked

Public exploit or PoC linked — exploitation bar is lower than disclosure-only CVEs.

Critical exposure

CVE-2021-35689 A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition.

  • CVSS 9.8
  • Remote code execution exposure

New critical Oracle Talent Acquisition Cloud RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Critical exposure

CVE-2022-25330 Trendmicro Serverprotect RCE

  • CVSS 9.8
  • Remote code execution exposure

New critical Trendmicro Serverprotect RCE (CVSS 9.8) — fresh disclosure window; early internet scanning often precedes mature exploit chains.

Active exploitation

CISA KEV — confirmed in-the-wild exploitation.

Nothing flagged in this category for this digest.

View KEV additions

Exploit & PoC activity

CVE-2022-25359 Exploit

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.

View new exploit links

Exploitation dynamics

Nothing flagged in this category for this digest.

See EPSS increases

New critical disclosures

CVE-2021-35689 CVSS 9.8

A potential vulnerability in the Oracle Talent Acquisition Cloud - Taleo Enterprise Edition.

CVE-2021-4070 CVSS 9.1

Off-by-one Error in GitHub repository v2fly/v2ray-core prior to 4.44.0.

CVE-2022-25329 CVSS 9.8

Trend Micro ServerProtect 6.0/5.8 Information Server uses a static credential to perform authentication when a specific command is typed...

CVE-2022-25330 CVSS 9.8

Integer overflow conditions that exist in Trend Micro ServerProtect 6.0/5.8 Information Server could allow a remote attacker to crash the...

View critical disclosures

cvelogic Threat Intelligence