Tag: exploit
-
Cisco Catalyst SD-WAN users targeted in series of cyber attacks
The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639459/Cisco-Catalyst-SD-WAN-users-targeted-in-series-of-cyber-attacks
-
Application exploitation back in vogue, says IBM cyber unit
IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639365/Application-exploitation-back-in-vogue-says-IBM-cyber-unit
-
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/
-
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Tags: ai, api, cybersecurity, exploit, flaw, intelligence, remote-code-execution, theft, vulnerabilityCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.”The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing First seen on thehackernews.com Jump to article: thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
-
NDSS 2025 On Borrowed Time Preventing Static Side-Channel Analysis
Tags: attack, conference, control, data, exploit, Internet, network, side-channel, technology, threatSession 13C: Side Channels 2 Authors, Creators & Presenters: Robert Dumitru (Ruhr University Bochum and The University of Adelaide), Thorben Moos (UCLouvain), Andrew Wabnitz (Defence Science and Technology Group), Yuval Yarom (Ruhr University Bochum) PAPER On Borrowed Time — Preventing Static Side-Channel Analysis In recent years a new class of side-channel attacks has emerged. Instead…
-
Software vulnerabilities are being weaponized faster than ever
A report by VulnCheck shows threat groups are exploiting a small percentage of critical flaws well before security teams can mitigate. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/software-vulnerabilities-are-being-weaponized-faster-than-ever/813096/
-
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A >>highly sophisticated<< cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cisco-sd-wan-zero-day-cve-2026-20127/
-
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8616-sd-wan/
-
The Real Initial Access Vector: Compromised Active Directory Credentials
Compromised Active Directory credentials allow attackers to log in without exploits, driving modern authentication-based initial access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-real-initial-access-vector-compromised-active-directory-credentials/
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 2026-21852
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds
IBM’s 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/app-exploits-surge-ai-speeds/
-
Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks
Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said. First seen on cyberscoop.com Jump to article: cyberscoop.com/vulncheck-exploited-vulnerabilities-report-2025/
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 –
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
Ex-L3Harris exec jailed 7 years for selling exploits to Russia
Former Trenchant manager profited millions from cyber tools reserved for the US First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/former_l3harris_exec_jailed/
-
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
-
SolarWinds Serv-U hit by four critical RCE-level vulnerabilities
SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/solarwinds-serv-u-vulnerabilities-cve-2025-40538-to-cve-2025-40541/
-
CISA Issues Alert on Active Exploitation of FileZen Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese vendor Soliton Systems K.K. The flaw, tracked as CVE-2026-25108, is classified as an OS Command…
-
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…
-
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/peter-williams-l3harris-executive-sentenced-trade-secrets-theft-russia/
-
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/
-
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-russian-exploit-broker-for-buying-stolen-zero-days/
-
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Soliton Systems K.K. FileZen is a…
-
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ex-l3harris-exec-jailed-for-selling-zero-days-to-russian-exploit-broker/
-
Cybercriminals Exploit Fake Avast Website to Steal Users Credit Card Information
Cybercriminals have launched a convincing phishing operation by building a fake Avast website designed to steal credit card information from unsuspecting visitors. The fraudulent page mimics Avast’s official portal almost perfectly, complete with the genuine Avast logo pulled directly from the company’s content delivery network. It displays regular navigation links like “Home,” “My Account,” and…
-
Defense Contractor Employee Jailed for Selling 8 Zero-Days to Russian Broker
A 39-year-old Australian national who was previously employed at U.S. defense contractor L3Harris has been sentenced to a little over seven years in prison for selling eight zero-day exploits to Russian exploit broker Operation Zero in exchange for millions of dollars.Peter Williams pleaded guilty to two counts of theft of trade secrets in October 2025.…
-
SolarWinds Patches 4 Critical Serv-U 15.5 Flaws Allowing Root Code Execution
SolarWinds has released updates to address four critical security flaws in its Serv-U file transfer software that, if successfully exploited, could result in remote code execution.The vulnerabilities, all rated 9.1 on the CVSS scoring system, are listed below -CVE-2025-40538 – A broken access control vulnerability that allows an attacker to create a system admin user…
-
Threat Actors Exploit Apache ActiveMQ Vulnerability to Gain RDP Access, Deploy LockBit Ransomware
Threat actors recently abused a critical Apache ActiveMQ vulnerability to gain deep access to a Windows environment, eventually deploying LockBit ransomware over RDP. The attack shows how failing to patch CVE-2023-46604 can give adversaries repeat access and time to turn an initial foothold into full-domain impact. The exploit loaded a malicious Java Spring bean configuration XML file,…
-
OAuth Vulnerabilities in Entra ID Could Exploit ChatGPT to Breach User Email Accounts
OAuth consent attacks in Microsoft Entra ID are giving threat actors a stealthy path to cloud email, and even trusted apps like ChatGPT can become a vehicle if permissions are abused. In this hypothetical case, a user in an Entra ID tenant adds the legitimate ChatGPT service principal and grants it Microsoft Graph OAuth permissions,…
-
CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed vulnerability in FileZen to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerability, tracked as CVE-2026-25108 (CVSS v4 score: 8.7), is a case of operating system (OS) command injection that could allow an authenticated user to execute First…
-
Treasury sanctions Russian zero-day broker accused of buying exploits stolen from U.S. defense contractor
The U.S. Treasury announced it was imposing sanctions against a Russian broker of zero-day exploits, its founder and two affiliates, citing a threat to U.S. national security. Another affiliated zero-day broker in the United Arab Emirates was also sanctioned. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/24/treasury-sanctions-russian-zero-day-broker-accused-of-buying-exploits-stolen-from-u-s-defense-contractor/