Tag: exploit
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…
-
How AI Agents Automate CVE Vulnerability Research
The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases, deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis, to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation… First seen…
-
Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls
Tags: access, cybercrime, exploit, firewall, network, ransomware, security-incident, software, vulnerabilityAn analysis of more than two trillion IT events collected during 2025 by Barracuda Networks finds 90% of ransomware incidents exploited firewalls via unpatched software or a vulnerable account that enables cybercriminals to gain access to an IT environment. Merium Khalid, director of offensive security for the security operations center (SOC) at Barracuda Networks, said..…
-
Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls
Tags: access, cybercrime, exploit, firewall, network, ransomware, security-incident, software, vulnerabilityAn analysis of more than two trillion IT events collected during 2025 by Barracuda Networks finds 90% of ransomware incidents exploited firewalls via unpatched software or a vulnerable account that enables cybercriminals to gain access to an IT environment. Merium Khalid, director of offensive security for the security operations center (SOC) at Barracuda Networks, said..…
-
Analysis: Root Cause of Most Security Incidents Traced to Unpatched Firewalls
Tags: access, cybercrime, exploit, firewall, network, ransomware, security-incident, software, vulnerabilityAn analysis of more than two trillion IT events collected during 2025 by Barracuda Networks finds 90% of ransomware incidents exploited firewalls via unpatched software or a vulnerable account that enables cybercriminals to gain access to an IT environment. Merium Khalid, director of offensive security for the security operations center (SOC) at Barracuda Networks, said..…
-
Cryptohack Roundup: Step Finance Shuts Down After Exploit
Also: IoTex Bridge Exploit Linked to Private Key Breach. This week, Step Finance shuts down, IoTeX bridge exploit, Russia-linked exchanges help evade sanctions, Australian charged in $3.5 million scam, a hacker returned $21 million in seized bitcoin to South Korean prosecutors and Malaysia arrested 12 police officers in an extortion case. First seen on govinfosecurity.com…
-
Cisco says hackers have been exploiting a critical bug to break into big customer networks since 2023
The U.S. government and its allies said hackers have been exploiting the newly identified bug in Cisco networking gear around the world for years, and urged organizations to patch. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/26/cisco-says-hackers-have-been-exploiting-a-critical-bug-to-break-into-big-customer-networks-since-2023/
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Cisco SD-WAN flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: This week, Cisco warned of a critical Cisco SD-WAN vulnerability, tracked…
-
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023. The flaw affects Catalyst SD-WAN Controller and Manager and allows remote, unauthenticated attackers to bypass authentication and gain full administrative access by sending…
-
Zoom Update Scam Infects 1,437 Users in 12 Days to Deploy Surveillance Tools
A dangerous new scam is targeting Zoom users by exploiting their trust in video meeting invites. Over just twelve days, 1,437 Windows users unknowingly installed a malicious version of the Teramind monitoring agent after visiting a fake Zoom meeting page designed to trigger silent downloads. The operation starts at uswebzoomus[.]com/zoom/ a domain mimicking Zoom’s legitimate interface. When opened, it displays…
-
OpenAI Confirms Chinese Hackers Used ChatGPT in Cyberattack Campaign
OpenAI has confirmed that Chinese-linked operators misused ChatGPT as part of a broader campaign that blended cyber operations, online harassment, and covert influence tactics, according to its latest threat report “Disrupting malicious uses of AI.” While the models were not used to write exploits or break into networks directly, they were repeatedly abused to plan…
-
Malicious Ads Bypass Google Ads Screening via New Campaign Platform Exploit
A sophisticated cloaking platform called 1Campaign, designed to help attackers run malicious Google Ads campaigns while evading detection. The service acts as a full”‘service infrastructure for malvertising, filtering out researchers and automated scanners to keep phishing and cryptocurrency drainer sites online for extended periods. Operated by a developer using the alias DuppyMeister, 1Campaign has been…
-
ServiceNow AI Platform Vulnerability Allows Remote Code Execution
ServiceNow has disclosed a critical security vulnerability in its AI Platform that could allow unauthenticated attackers to remotely execute code within the ServiceNow Sandbox environment. Tracked as CVE-2026-0542, the flaw was formally published on February 25, 2026, under security advisory KB2693566. Overview of the Vulnerability The vulnerability exists within the ServiceNow AI Platform and can be exploited…
-
Government Data Stolen After Hacker Jailbreaks Claude AI to Write Malicious Exploit Code
Tags: ai, breach, cyber, cyberattack, cybersecurity, data, exploit, government, hacker, malicious, vulnerabilityA hacker successfully manipulated Anthropic’s Claude AI to launch a sophisticated month-long cyberattack against Mexican government agencies. Between December 2025 and January 2026, the attacker utilized >>jailbreaking<< techniques to bypass safety guardrails, forcing the AI to identify vulnerabilities, generate functional exploit code, and exfiltrate sensitive data. The Jailbreak Method Cybersecurity firm Gambit Security revealed that…
-
Global Cyber Agencies Urge Immediate Patching of Cisco SD-WAN Zero Day
The US and allies are urging Cisco Catalyst SD-WAN customers to hunt for signs of exploitation First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/immediate-patch-cisco-catalyst/
-
New PoC for Windows Exploit Lets Low-Privileged Users Crash Systems with BSOD
Security researchers have released a new Proof of Concept (PoC) for a vulnerability in the Windows Common Log File System (CLFS) driver. The flaw, identified as CVE-2026-2636, allows low-privileged users to force a system into a Blue Screen of Death (BSoD), effectively causing a Denial of Service. Vulnerability Mechanism The discovery occurred while a researcher…
-
Cisco SD-WAN Zero-Day CVE-2026-20127 Exploited Since 2023 for Admin Access
A newly disclosed maximum-severity security flaw in Cisco Catalyst SD-WAN Controller (formerly vSmart) and Catalyst SD-WAN Manager (formerly vManage) has come under active exploitation in the wild as part of malicious activity that dates back to 2023.The vulnerability, tracked as CVE-2026-20127 (CVSS score: 10.0), allows an unauthenticated remote attacker to bypass authentication and obtain First…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Critical Cisco SD-WAN 0-Day Exploited for Root Access in Active Cyberattacks
Tags: access, authentication, cisco, cvss, cyber, cyberattack, exploit, flaw, network, threat, update, vulnerability, zero-dayCisco has released urgent updates to patch a critical zero-day vulnerability in its Catalyst SD-WAN products. A highly sophisticated threat actor, known as UAT-8616, is actively exploiting this flaw in the wild to gain deep access to enterprise network edges.”‹ Vulnerability Overview Vulnerability Details Information Vulnerability Cisco Catalyst SD-WAN Controller Authentication Bypass Severity Critical CVSS…
-
Governments issue warning over Cisco zero-day attacks dating back to 2023
The global campaign marks the second series of multiple actively exploited zero-day vulnerabilities in Cisco edge technology since last spring. The similarities don’t end there. First seen on cyberscoop.com Jump to article: cyberscoop.com/cisco-zero-days-cisa-emergency-directive-five-eyes/
-
Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems
Emergency CISA Directive Lands as DHS Shutdown Strains Cyber Operations. The Cybersecurity and Infrastructure Security Agency issued a directive Wednesday ordering civilian agencies to secure and hunt for compromise in vulnerable Cisco SD-WAN systems after officials observed active exploitation – while warning that shutdown-related disruptions heighten operational risk. First seen on govinfosecurity.com Jump to article:…
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
Inside the story of the US defense contractor who leaked hacking tools to Russia
The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/inside-the-story-of-the-us-defense-contractor-who-leaked-hacking-tools-to-russia/
-
US Sanctions Russian Exploit Broker Over Stolen US Cyber Tools
The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams. First seen on hackread.com Jump to article: hackread.com/us-sanctions-russian-exploit-broker-us-cyber-tools/
-
Treasury Sanctions Russian Exploit Brokerage
The U.S. sanctioned Russia-linked Operation Zero for trafficking stolen zero-day exploits tied to national security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/treasury-sanctions-russian-exploit-brokerage/
-
Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks. First seen on therecord.media Jump to article: therecord.media/five-eyes-warn-hackers-exploit-cisco-sd-wan
-
Cisco Catalyst SD-WAN users targeted in series of cyber attacks
The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639459/Cisco-Catalyst-SD-WAN-users-targeted-in-series-of-cyber-attacks