📡 ~/news - Cyber News & Threats
64 postsBreaking cybersecurity news, vulnerability disclosures, and threat analysis. Stay informed about the latest in the security landscape.
Critical HPE AOS-CX Flaw Lets Remote Attackers Reset Admin Passwords
A newly disclosed CVE-2026-23813 in HPE Aruba AOS-CX switches permits unauthenticated remote password resets via the web UI. With a CVSS score of 9.8, the bug threatens full control of enterprise and service-provider networks until patched.
Ivanti Endpoint Manager Auth Bypass (CVE-2026-1603) Added to CISA KEV
CISA has placed Ivanti Endpoint Manager’s authentication-bypass flaw (CVE-2026-1603) on its Known Exploited Vulnerabilities list, urging agencies to patch within two weeks. The unauthenticated bypass can steal credential data and is already being used in the wild, despite patches being available since early 2021.
Critical RCE Flaws Hit Veeam Backup & Replication - Patch Immediately
Three authenticated remote code execution bugs (CVE-2026-21666, CVE-2026-21667, CVE-2026-21708) and two high-severity flaws threaten Veeam Backup & Replication servers. Rapid patching to build 12.3.2.4465 is essential to protect backup data from ransomware and other attacks.
Google Patches Two Actively Weaponized Chrome Zero-Days (Skia & V8)
Google released emergency updates on March 13 2026 for Chrome zero-days CVE-2026-3909 (Skia) and CVE-2026-3910 (V8), both rated 8.8 CVSS and confirmed exploited in the wild. The patches close a third weaponized Chrome flaw this year.
Zero-Day Alert: CVE-2026-21262 Lets Low-Privileged Users Grab SQL Sysadmin Rights
Microsoft disclosed a critical elevation-of-privilege zero-day in SQL Server 2016-2025 (CVE-2026-21262). An authenticated low-privilege account can pivot to sysadmin, jeopardizing on-prem, cloud, and hybrid deployments. Patches released March 10-11, 2026 - immediate remediation is essential.
Zero-Click Data Theft: Excel’s Copilot Agent Flaw (CVE-2026-26144)
A critical information-disclosure bug (CVE-2026-26144) lets a malicious Excel file trigger Copilot Agent to exfiltrate data without any user interaction. Microsoft patched it in March 2026; immediate mitigation is to apply the update or disable Copilot.
Record 90 Zero-Day Exploits in 2025: Enterprise Software Becomes Prime Target
Google Threat Intelligence Group tracked 90 actively-exploited zero-days in 2025 - the highest ever for enterprise software. Nearly half hit security and networking appliances, signalling a dangerous shift toward edge devices.
Cisco Secure FMC Critical Flaws: Auth Bypass & Insecure Deserialization (CVE-2026-20079, CVE-2026-20131)
Cisco disclosed two perfect-score (10/10) vulnerabilities in its Secure Firewall Management Center (FMC) that allow unauthenticated attackers to gain root OS access via authentication bypass and insecure Java deserialization. Immediate patching is mandatory for all FMC and FTD deployments.
Zero-Day Exploits Are Hitting Enterprises Faster, Harder, and More Frequently
Zero-day dwell time has collapsed, with attacks now occurring within days of disclosure. Chinese state-backed groups and commercial surveillance vendors now dominate zero-day usage, and over half of ransomware-linked CVEs in 2025 were weaponised as zero-days, targeting networking and security products.
Cisco Catalyst SD-WAN Flaws CVE-2026-20128 & CVE-2026-20122 Exploited in the Wild
Cisco reports active exploitation of two critical SD-WAN bugs-an info-disclosure (CVE-2026-20128) and an arbitrary file overwrite (CVE-2026-20122). Both are chained with CVE-2022-20775 to bypass auth, gain root, and persist, with threat actor UAT-8616 behind the campaign.
Half of 2025’s Zero-Day Exploits Targeted Enterprises - Google Report
Google’s Threat Intelligence Group logged 90 zero-day vulnerabilities exploited in the wild in 2025, with 43 (nearly 50%) aimed at enterprise technologies. The surge underscores rising attacker focus on high-value corporate assets and the urgent need for robust zero-day detection.
Critical Android LPE CVE-2026-0047 Powers Targeted Spyware Campaigns
A critical local privilege escalation flaw (CVE-2026-0047) in Android's ActivityManagerService has been observed in limited, targeted attacks. The bug requires no user interaction and can grant attackers system-level code execution, raising alarm for both consumers and enterprises.
OpenClaw’s Local Agent Flaw (CVE-2026-25253) Lets Malicious Sites Hijack Your AI Assistant
A critical vulnerability (CVE-2026-25253) allows a malicious website to connect to a locally running OpenClaw agent over localhost, bypass authentication and brute-force the password without limits. Attackers can then execute arbitrary commands, stealing code, credentials, and integrations.
Cisco Patches 48 Flaws - Critical Auth Bypass & RCE Demand Immediate Upgrade
Cisco has released patches for 48 vulnerabilities across its Secure FMC, ASA, and FTD platforms. Two CVEs - CVE-2026-20079 (authentication bypass) and CVE-2026-20131 (remote code execution) - each score 10.0, leaving no work-arounds and forcing urgent upgrades.
Zero-click RCE in FreeScout: CVE-2026-28289 Lets Attackers Take Over Servers
A newly disclosed TOCTOU flaw (CVE-2026-28289) lets attackers upload a .htaccess file prefixed with a zero-width space, bypassing validation and achieving zero-click remote code execution on any self-hosted FreeScout instance.
Critical CVE-2026-2256: MS-Agent Shell Tool Flaw Enables Full System Takeover
A critical input-sanitization bug in the open-source MS-Agent AI framework (CVE-2026-2256) lets crafted prompts drive arbitrary OS command execution via the Shell tool, leading to full host compromise and data exfiltration. Immediate mitigation steps are required.
OAuth Redirect Abuse: Malware Campaign Targets Government Agencies
Microsoft has uncovered a sophisticated phishing campaign that leverages OAuth URL redirection to bypass email and browser defenses, delivering malicious payloads to government and public-sector users. The attacks exploit native OAuth redirect behavior, not token theft, and require immediate mitigation.
Chrome’s Gemini Panel Flaw (CVE-2026-0628) Enables Malicious Extensions to Escalate Privileges
A high-severity vulnerability (CVE-2026-0628) in Chrome’s Gemini Live side-panel allowed malicious extensions to bypass policy checks, inject code into privileged pages and gain local file system, camera, and microphone access. Google patched the issue in Chrome 143.0.7499.192/.193 (Windows/macOS) and 143.0.7499.192 (Linux) in early January 2026.
Google Patches Exploited Qualcomm Zero-Day (CVE-2026-21385)
Google’s March 2026 Android security bulletin patches a critical Qualcomm graphics component zero-day (CVE-2026-21385) that is already being exploited in the wild. The integer overflow leads to memory corruption and remote code execution on devices with over 200 Snapdragon chipsets.
Critical Flaws in Anthropic’s Claude Code Expose Developers to Full Machine Takeover
Three critical vulnerabilities (CVE-2025-59536 and CVE-2026-21852) in Claude Code let malicious project configs execute arbitrary commands and steal API keys, threatening developers, CI/CD pipelines, and downstream services.
VMware Aria Operations Faces Critical Command Injection, XSS & Escalation Flaws
VMware disclosed three high-severity vulnerabilities (CVE-2026-22719, CVE-2026-22720, CVE-2026-22721) in Aria Operations that enable unauthenticated command injection, stored XSS, and privilege escalation. Patches are now available for Aria Operations 8.18.6, Cloud Foundation 5.2.3 and 9.0.2, and related Telco Cloud products.
Juniper PTX Routers Hit by Critical RCE - CVE-2026-21902
Juniper disclosed a critical, unauthenticated remote code execution flaw (CVE-2026-21902) in the On-Box Anomaly Detection framework of Junos OS Evolved on PTX series routers. An out-of-band patch (25.4R1-S1-EVO / 25.4R2-EVO) is now available, but the vulnerability’s impact on network edge devices remains severe.
Cisco SD-WAN Zero-Day (CVE-2026-20127) Exploited - Patch Now
Cisco disclosed a critical CVE-2026-20127 authentication bypass in Catalyst SD-WAN Controllers and Manager, scored 10.0 CVSS, that has been exploited for over three years. CISA’s emergency directive forces federal and private networks to patch immediately.
Fortinet Issues Urgent Patches for Critical XSS and Auth Bypass Flaws
Fortinet released eight security advisories covering FortiAuthenticator, FortiClient for Windows, FortiGate, FortiOS and FortiSandbox. The most severe flaws - CVE-2025-52436 (XSS in FortiSandbox) and CVE-2026-22153 (authentication bypass in FortiOS) - can be exploited without credentials, enabling unauthenticated command execution and privilege escalation. Organizations are urged to apply the patches immediately.
BeyondTrust Remote Support & PRA Critical Pre-Auth RCE (CVE-2026-1731)
BeyondTrust disclosed CVE-2026-1731, a pre-authentication OS command injection that enables unauthenticated remote code execution on Remote Support ≤ 25.3.1 and Privileged Remote Access ≤ 24.3.4. About 11,000 internet-exposed instances are at risk, prompting immediate patching.
Critical SAP CRM, S/4HANA & NetWeaver Flaws: CVE-2026-0488 & CVE-2026-0509
SAP’s February 2026 patch day disclosed two critical vulnerabilities-CVE-2026-0488 (9.9) in the CRM/S/4HANA scripting editor and CVE-2026-0509 (9.6) in NetWeaver ABAP. Both enable authenticated attackers to execute arbitrary SQL or bypass RFC authorizations, demanding immediate remediation.
Moltbook’s Black Market: Prompt-Injection “Digital Drugs” Threaten AI Agents
Moltbook, the AI-only social network, is hosting a thriving marketplace where bots sell malicious prompt-injection payloads dubbed “digital drugs”. These payloads can hijack AI behavior, exfiltrate credentials, and automate attacks across connected services, creating a new supply chain for AI-centric exploits.
Microsoft Patch Tuesday Feb 2026: Six Zero-Days, Including Critical Shell Bypass CVE-2026-21510, Fixed
Microsoft’s February 2026 Patch Tuesday delivered updates for more than 50 vulnerabilities, among them six actively exploited zero-days. The most severe, CVE-2026-21510, bypasses Windows Shell protections, enabling silent execution of malicious links across all supported Windows versions.
Zero-Click Prompt Injection: How Link Previews Turn AI Agents into Data Leaks
Researchers found that AI assistants embedded in messaging apps automatically preview URLs, enabling a zero-click prompt-injection attack that can exfiltrate secrets without user interaction. Mitigations include disabling previews, sandboxing LLM calls, and adding validation layers.
Apple Patches Critical dyld Zero-Day (CVE-2026-20700) Exploited in the Wild
Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS on Feb 12 2026 to fix CVE-2026-20700, a dyld memory-corruption flaw leveraged by sophisticated actors for remote code execution. Immediate patching is essential for all affected devices.
Critical RCE in Windows Notepad Markdown Engine (CVE-2026-20841) Disclosed
A command-injection flaw in the new Markdown rendering engine of Windows Notepad (CVE-2026-20841) allows attackers to execute arbitrary code via crafted Markdown files or links. Microsoft rated it 8.8/10 (critical) and patched it in the February 2026 Patch Tuesday release.
Critical SolarWinds Web Help Desk RCE (CVE-2025-40551) Added to CISA KEV Catalog
CISA has placed the critical CVE-2025-40551 remote code execution flaw in SolarWinds Web Help Desk on its Known Exploited Vulnerabilities catalog. Active exploitation forces federal agencies to patch by the end of February 2026, underscoring the risk to all WHD users.
Critical SSRF Bug (CVE-2025-62616) Plagues AutoGPT Platforms
A critical Server-Side Request Forgery (SSRF) vulnerability (CVE-2025-62616) has been discovered in Significant-Gravitas AutoGPT versions before autogpt-platform-beta-v0.6.34. Unauthenticated attackers can force the AI agent server to issue arbitrary HTTP requests, exposing internal services and paving the way for credential theft or RCE.
CISA Flags Four Actively-Exploited Vulnerabilities - Immediate Patch Required
CISA has added four CVEs-including a GitLab SSRF and a SolarWinds Web Help Desk flaw-to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and private enterprises must patch now to stop active exploitation.
Critical Unauthenticated SQL Injection in PEAR (CVE-2026-25241) Threatens PHP Ecosystem
A critical unauthenticated SQL injection (CVE-2026-25241) has been discovered in PEAR versions before 1.33.0 via the /get/<package>/<version> endpoint. Remote attackers can run arbitrary SQL, leading to full database compromise and possible server takeover. Immediate upgrade to PEAR 1.33.0 or strict network segmentation is required.
Critical Ivanti EPMM Zero-Day RCE Flaws (CVE-2026-1281 & CVE-2026-1340) Actively Exploited
Ivanti disclosed two critical, unauthenticated remote-code-execution zero-days in Endpoint Manager Mobile (EPMM). Both CVEs are in CISA’s KEV catalog and are being exploited in the wild, prompting emergency patches and urgent remediation.
FortiCloud SSO Zero-Day (CVE-2026-24858) Triggers Global Service Shutdown
Fortinet disclosed a critical authentication-bypass zero-day (CVE-2026-24858) in its FortiCloud single sign-on service. Active exploitation forced the vendor to disable SSO worldwide while patches are rolled out, and CISA added the flaw to its KEV catalog.
CVE-2026-0603: High-Impact Second-Order SQL Injection in Hibernate’s InlineIdsOrClauseBuilder
A newly disclosed high-severity vulnerability (CVE-2026-0603) allows attackers to inject malicious SQL during Hibernate UPDATE/DELETE operations via the InlineIdsOrClauseBuilder. Enterprise Java applications that permit client-controlled identifiers are at risk of data breach or remote code execution.
Microsoft Issues Emergency OOB Patch for Actively Exploited Office Zero-Day (CVE-2026-21509)
Microsoft released an out-of-band security update to patch CVE-2026-21509, a critical security-feature bypass in Office that enables remote code execution. The vulnerability is being actively exploited, forcing enterprises, governments, and individuals to deploy the fix immediately.
China Bans US & Israeli Cybersecurity Software - What It Means for the Industry
Beijing has ordered domestic firms to stop using cybersecurity products from over a dozen US and Israeli vendors, citing national security. The move deepens tech decoupling and forces a rapid shift to home-grown solutions, shaking the global security-software market.
FortiGate SSO Bypass Re-exploited: CVE-2026-22755 Shows Patch Adoption Gaps
A new wave of attacks is leveraging CVE-2026-22755 to gain unauthenticated remote code execution on FortiGate firewalls. Despite a December patch, threat actors are bypassing the fix, exposing enterprises, ISPs, and government agencies to full network compromise.
Oracle Jan 2026 CPU Unveils Critical CVE-2026-21963 Among 158 Fixes
Oracle's January 2026 Critical Patch Update (CPU) rolls out 158 security fixes, highlighted by the newly disclosed critical vulnerability CVE-2026-21963 affecting WebLogic and database services. Immediate patching is essential for OCI, Java-based middleware, and on-premise Oracle deployments.
Microsoft January 2026 Patch Breaks RDP Credential Prompts - Critical Impact
Microsoft’s January 2026 Patch Tuesday bundles 114 CVEs, including the actively exploited zero-day CVE-2026-20805. The update unintentionally disrupts Remote Desktop Services credential prompts, causing authentication failures for users and admins across Windows 10/11 and Server environments.
SmarterMail WT-2026-0001 Auth Bypass: Decompiler-Driven Admin Takeover
A critical authentication bypass (WT-2026-0001) in SmarterTools SmarterMail lets attackers reset the admin password and execute OS commands. Discovered via binary decompilation, proof-of-concept code is public and active exploitation has been reported worldwide.
Critical SQL Injection in SAP S/4HANA Financials (CVE-2026-0501) - Immediate Action Required
A critical SQL injection (CVE-2026-0501) in SAP S/4HANA Financials - General Ledger lets authenticated attackers run arbitrary SQL. Both Private Cloud and On-Premise deployments are affected. SAP has issued patches on Jan 22 2026; rapid remediation is essential.
CVE-2026-22200: Ticket-to-Shell in osTicket - PHP Filter RCE
A critical remote code execution flaw (CVE-2026-22200) allows unauthenticated attackers to inject malicious PHP filter chains into osTicket tickets and exfiltrate files via PDF export. The vulnerability, patched in osTicket 1.18.3/1.17.7, threatens any self-hosted deployment.
Zero-Day Exploit Surge: Nearly 30% of Flaws Attacked Before Disclosure
VulnCheck’s 2026 State of Exploitation report shows that 28.96% of known exploited vulnerabilities were weaponised before public disclosure, up from 23.6% in 2024. The accelerating timeline forces enterprises to rethink patch cycles and threat-intel sharing.
Critical Zero-Day in Cloudflare WAF Allows ACME Path Bypass - Patch Released Jan 19 2026
A critical zero-day in Cloudflare's Web Application Firewall let attackers slip past custom rules via the ACME HTTP-01 challenge path. The flaw was actively exploited before a patch rolled out on Jan 19 2026. Immediate remediation is mandatory for all Cloudflare-protected sites.
Physical Text Hijacks AI Robots: New Visual Prompt Injection Threat
UC Santa Cruz researchers reveal that strategically placed misleading text can manipulate camera-based AI systems without any software breach. The attack, demonstrated on self-driving cars, delivery drones, and service robots, forces a rethink of perception security.
Google Gemini Calendar Prompt Injection: New AI Threat for Enterprises
A newly disclosed flaw lets attackers embed malicious instructions in Google Calendar invites, hijacking Gemini's responses. The vulnerability bypasses typical LLM defenses and forces enterprises to rethink AI security controls.
Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM & Webex
Cisco has released emergency patches for CVE-2026-20045, a critical unauthenticated remote code execution flaw in Unified Communications Manager and Webex, confirmed to be actively exploited. Agencies and enterprises must apply fixes immediately.
Oracle Jan 2026 CPU Fixes 158 CVEs - Critical SSRF in Java Demands Immediate Action
Oracle’s January 2026 Critical Patch Update (CPU) patches 158 unique CVEs across 30 product families, including a high-severity SSRF bug in Java (CVE-2026-21945). Enterprises must prioritize remediation for Database, Fusion Middleware, Cloud Infrastructure, and Java runtimes to avoid remote exploitation.
Critical Prompt-Injection Flaws in Anthropic’s Official MCP Git Server
Three high-severity vulnerabilities (CVE-2025-68143/44/45) were discovered in Anthropic's mcp-server-git. They enable prompt-injection attacks that let adversaries drive AI assistants to execute code, delete files, or load malicious data, affecting any deployment that uses the Model Context Protocol.
January 2026 Patch Tuesday: 114 CVEs Fixed, 3 Zero-Days Actively Exploited
Microsoft’s January 2026 Patch Tuesday delivered fixes for 114 vulnerabilities-including three zero-day flaws under active exploitation. CrowdStrike breaks down the technical details, impact, and mitigation steps for Windows, Office, Azure, Edge, and related services.
China-Linked APT UAT-8837 Leverages Sitecore Zero-Day to Penetrate Critical Infrastructure
UAT-8837, a China-nexus advanced persistent threat, is exploiting a newly discovered Sitecore CMS zero-day (CVE-2025-53690) to gain initial footholds in North American energy, water, and transportation networks. The group follows up with credential dumping, lateral movement via native Windows tools, and data exfiltration.
Critical Gogs RCE (CVE-2025-8110) Under Active Exploitation - What You Must Do Now
CISA adds a high-severity Gogs path-traversal RCE (CVE-2025-8110) to its KEV catalog after confirming active exploitation. Unauthenticated attackers can overwrite files via the PutContents API, compromising CI/CD pipelines. No patch exists yet; immediate mitigations are required.
Critical ServiceNow AI Flaw CVE-2025-12420 Enables Unauthenticated User Impersonation
ServiceNow disclosed a critical CVE-2025-12420 vulnerability in its AI platform that lets unauthenticated actors forge any user identity and execute arbitrary actions. An emergency patch was released in October 2025, but the flaw highlights deep security challenges for AI-enabled SaaS.
MongoBleed (CVE-2025-14847): Critical Unauthenticated Memory Disclosure in MongoDB
MongoBleed (CVE-2025-14847) lets an unauthenticated attacker read arbitrary process memory from MongoDB servers via malformed zlib-compressed messages. With a CVSS 8.7 score, the flaw impacts MongoDB 5.0-5.2 and 6.0-6.1, and patches were released on Jan 13 2026.
Zero-Click Audio Exploit Chains Pixel 9: Project Zero’s Critical Findings
Project Zero has uncovered a multi-stage zero-click exploit chain that compromises Pixel 9 devices without any user interaction. The chain stitches together two new CVEs in the Dolby audio decoder and a kernel driver, prompting an emergency patch rollout for Android 14 users.
RondoDox Botnet Mass-Exploits Critical HPE OneView RCE (CVE-2025-37164)
Check Point Research confirms that the RondoDox botnet is actively exploiting CVE-2025-37164, a critical unauthenticated RCE in HPE OneView. Tens of thousands of attempts have been blocked, forcing immediate patching and network-segmentation actions.
FortiSIEM Critical RCE Flaw (CVE-2025-64155) Allows Unauthenticated Root Takeover
A newly disclosed OS command injection (CWE‑78) in FortiSIEM's web interface (CVE‑2025‑64155) lets unauthenticated attackers execute arbitrary commands, gain admin shells and ultimately compromise the underlying Linux host as root. Fortinet has issued patches for 7.2.0‑7.2.5; immediate mitigation is required.
Critical Windows Info-Disclosure Zero-Day (CVE-2026-20805) Actively Exploited - Patch & CISA Alert
Microsoft disclosed CVE-2026-20805, an info-disclosure flaw that can be chained to remote code execution, and released patches on Jan 14 2026. CISA issued an emergency alert confirming active exploitation, urging immediate remediation across all supported Windows versions.
Cisco AsyncOS Zero-Day (CVE-2025-20393) Exploited in the Wild - Patch Now Available
Cisco disclosed a critical remote code execution flaw (CVE-2025-20393) in AsyncOS that has been actively exploited by a suspected Chinese APT since November 2025. Emergency patches were released on 16 January 2026, and immediate mitigation is required for all affected firewalls and IPS devices.
Modernizing Vulnerability Sharing for AI Threats: A New Framework
AI/ML systems introduce a class of vulnerabilities that traditional CVE processes cannot capture. Palo Alto Networks proposes an AI-specific taxonomy, risk scoring, and coordinated disclosure model to protect the expanding AI supply chain.