Tag: exploit
-
Malicious hackers exploit Cisco zero-day for highest access level at communications service provider
Mandiant detailed the incident in a blog post Wednesday, but it’s unclear who was behind it or if they managed to get broad visibility into the victim’s internal traffic. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-sd-wan-zero-day-exploit-communications-provider/
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure
Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat actor exploited Cisco Catalyst SD-WAN vulnerability CVE-2026-20245 (CVSS base score of 7.8) as a zero-day at least two months before it was publicly disclosed. The flaw allows an authenticated attacker with…
-
Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access
New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/mandiant-reveals-how-cisco-sd-wan-zero-day-attacks-gained-root-access/
-
Langflow RCE Flaw Lets Attackers Execute Arbitrary Python Code Without Authentication
Tags: ai, authentication, cve, cyber, data-breach, exploit, flaw, framework, open-source, rce, remote-code-execution, vulnerabilityA critical unauthenticated remote code execution (RCE) vulnerability in Langflow, tracked as CVE-2026-33017, is being actively exploited in the wild within hours of its disclosure. This vulnerability allows attackers to execute arbitrary Python code on exposed instances without any authentication. It affects the widely used open-source AI workflow framework designed for building large language model…
-
Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges First seen…
-
Cisco Vulnerability Exploited Months Before Disclosure, Google Warns
A high-severity flaw in Cisco Catalyst SD-WAN Manager disclosed in early June was exploited as early as March First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisco-vulnerability-exploited/
-
Plugins verteilen Schadcode über manipuliertes CDN-Skript – Supply-Chain-Angriff trifft 1,2 Millionen WordPress-Seiten
First seen on security-insider.de Jump to article: www.security-insider.de/wordpress-supply-chain-angriff-optinmonster-cdn-schadcode-a-b2cef61d808bf531e17d4f573af7f099/
-
CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in…
-
CISA warns of max severity Ubiquiti flaws exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-of-max-severity-ubiquiti-flaws-exploited-in-attacks/
-
Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild
Attackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The flaw, caused by improper validation of certain HTTP requests, allows a remote attacker without…
-
Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)
CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/24/cisco-unified-cm-flaw-exploited-to-drop-webshells-cve-2026-20230/
-
Apple’s MacOS Gap Lets Users Disable Security Tools
Attackers can exploit the issue to disable security and integrated browser tools without needing administrator privileges or kernel exploits. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apple-macos-security-gap-users-disable-security-tools
-
PoC Released for Microsoft Exchange Server EWS InstallApp SSRF Vulnerability
A proof-of-concept exploit has been released for CVE-2026-45502, a server-side request forgery (SSRF) vulnerability in the Microsoft Exchange Server’s Exchange Web Services (EWS) InstallApp operation. This vulnerability poses risks to organisations that have not yet deployed the security updates from June 2026. The flaw affects Exchange Server versions 2016 CU23, 2019 CU14 and CU15, and…
-
U.S. CISA adds Ubiquiti UniFi OS and Lantronix EDS5000 plugin flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities (KEV) catalog. The two flaws added to the catalog are: The first flaw, tracked…
-
Webmin Stored XSS Vulnerability Lets Attackers Exploit Root Users
A newly disclosed stored cross-site scripting (XSS) vulnerability in Webmin has raised significant security concerns, as it allows attackers with limited privileges to target and potentially compromise root users. This vulnerability, tracked as CVE-2026-22678, affects Webmin versions before 2.641 and resides in the System and Server Status module, a commonly used component for monitoring system…
-
Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME).The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remote First seen…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
Hackers Exploit RAR Vulnerability to Drop Startup VBS in Ukraine UAV Malware Campaign
A newly observed espionage campaign targeting Ukraine’s unmanned aerial vehicle (UAV) ecosystem leverages a RAR archive exploit to install a persistent VBS loader, which then retrieves a Windows payload linked to an emergent actor the researcher calls GhostShell (Malwarebox ID MB-0009). The initial artifact is an archive named Besomar_documentation.rar, distributed with decoy PDF files mimicking…
-
GTA 6 Early Access Scam Uses Fake VIP Pages to Steal Cryptocurrency Payments
A fresh wave of scam websites is exploiting the fevered anticipation for Grand Theft Auto VI, offering “VIP early access” in exchange for cryptocurrency payments and delivering nothing in return. These pages are carefully designed to look legitimate neon Vice Citystyle art, official-looking logos, luxury-car imagery and polished layouts then instruct victims to pay hundreds…
-
CISA Adds Ubiquiti UniFi OS Flaws to KEV Catalog
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, network, office, risk, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three critical vulnerabilities affecting Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. This highlights the increasing risk to both enterprise and small-office network environments that rely on this popular network management platform. The newly identified flaws, CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, affect UniFi OS…
-
JaredFromSubway MEV bot loses $15 million in exploit
Tags: exploitFirst seen on scworld.com Jump to article: www.scworld.com/brief/jaredfromsubway-mev-bot-loses-15-million-in-exploit
-
WordPress plugin Gravity SMTP exploited for sensitive information disclosure
First seen on scworld.com Jump to article: www.scworld.com/brief/wordpress-plugin-gravity-smtp-exploited-for-sensitive-information-disclosure
-
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-unified-cm-sme-flaw-cve-2026-20230-now-exploited-in-attacks/
-
GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges.Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into the…
-
The Exploit Doesn’t Exist. You Can Still Prove It Works Against You
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-exploit-doesnt-exist-you-can-still-prove-it-works-against-you/
-
Five Eyes Agencies Warn AI Is Accelerating Cyber Threats and Zero-Day Exploitation
The Five Eyes cyber security agencies have issued a joint warning that artificial intelligence is rapidly accelerating cyber threats, including the exploitation of zero day vulnerabilities, and urged organizations to act immediately. In a statement released on June 22, 2026, senior leaders from agencies across the United States, United Kingdom, Canada, Australia, and New Zealand…
-
DifyTap Bugs Let Attackers ‘Wiretap’ AI Chat Histories
Four vulnerabilities allow attackers to exploit Dify, a platform for AI application building and management, to silently access and exfiltrate sensitive data. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/difytap-bugs-wiretap-ai-chat-histories
-
Pixelsmash: Lücke in FFmpeg-Decoder gefährdet unzählige Systeme
Tags: exploitMit einer nur 50 KByte großen Videodatei können Angreifer Server- und Desktop-Anwendungen zum Absturz bringen oder gar Schadcode einschleusen. First seen on golem.de Jump to article: www.golem.de/news/pixelsmash-luecke-in-ffmpeg-decoder-gefaehrdet-unzaehlige-systeme-2606-210068.html
-
FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
A large-scale credential harvesting campaign called “FortiBleed” has been uncovered, revealing how threat actors are exploiting Fortinet FortiGate firewalls to capture authentication data on an unprecedented scale. Research from the SOCRadar Threat Research Unit (STRU) indicates that this operation has already compromised over 110 million credentials by targeting misconfigured or weakly secured devices, turning them…