Tag: exploit
-
Feds Scramble Amid Shutdown to Secure Cisco SD-WAN Systems
Emergency CISA Directive Lands as DHS Shutdown Strains Cyber Operations. The Cybersecurity and Infrastructure Security Agency issued a directive Wednesday ordering civilian agencies to secure and hunt for compromise in vulnerable Cisco SD-WAN systems after officials observed active exploitation – while warning that shutdown-related disruptions heighten operational risk. First seen on govinfosecurity.com Jump to article:…
-
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Tags: access, advisory, attack, authentication, cisa, cisco, cve, cyber, cybersecurity, exploit, flaw, government, infrastructure, intelligence, mitigation, network, risk, software, threat, update, vulnerability, zero-dayExploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks. Key takeaways: CVE-2026-20127 is an Authentication Bypass Vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager. Patches have been released and no workarounds are currently available. Exploitation in the…
-
Inside the story of the US defense contractor who leaked hacking tools to Russia
The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker. This is how we first learned of his arrest, reported the story, and some of the unanswered questions we still have. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/25/inside-the-story-of-the-us-defense-contractor-who-leaked-hacking-tools-to-russia/
-
US Sanctions Russian Exploit Broker Over Stolen US Cyber Tools
The US Treasury targets Sergey Zelenyuk and his firm Operation Zero for the illegal trade of stolen government cyber tools following the sentencing of Peter Williams. First seen on hackread.com Jump to article: hackread.com/us-sanctions-russian-exploit-broker-us-cyber-tools/
-
Treasury Sanctions Russian Exploit Brokerage
The U.S. sanctioned Russia-linked Operation Zero for trafficking stolen zero-day exploits tied to national security risks. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/treasury-sanctions-russian-exploit-brokerage/
-
AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who……
-
Five Eyes allies warn hackers are actively exploiting Cisco SD-WAN flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning of a “cyber threat actor’s ongoing exploitation of Cisco SD-WAN systems,” describing the activity as presenting a significant risk to federal civilian executive branch networks. First seen on therecord.media Jump to article: therecord.media/five-eyes-warn-hackers-exploit-cisco-sd-wan
-
Cisco Catalyst SD-WAN users targeted in series of cyber attacks
The NCSC, Cisa, and other Five Eyes agencies have warned of mass exploitation of vulnerabilities in Cisco Catalyst SD-WAN, which Cisco is attributing to an unknown threat actor called UAT-8616. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639459/Cisco-Catalyst-SD-WAN-users-targeted-in-series-of-cyber-attacks
-
Application exploitation back in vogue, says IBM cyber unit
IBM’s X-Force unit observes an uptick in the exploitation of vulnerable public-facing software applications First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366639365/Application-exploitation-back-in-vogue-says-IBM-cyber-unit
-
Critical Cisco SD-WAN bug exploited in zero-day attacks since 2023
Cisco is warning that a critical authentication bypass vulnerability in Cisco Catalyst SD-WAN, tracked as CVE-2026-20127, was actively exploited in zero-day attacks that allowed remote attackers to compromise controllers and add malicious rogue peers to targeted networks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-cisco-sd-wan-bug-exploited-in-zero-day-attacks-since-2023/
-
Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration
Tags: ai, api, cybersecurity, exploit, flaw, intelligence, remote-code-execution, theft, vulnerabilityCybersecurity researchers have disclosed multiple security vulnerabilities in Anthropic’s Claude Code, an artificial intelligence (AI)-powered coding assistant, that could result in remote code execution and theft of API credentials.”The vulnerabilities exploit various configuration mechanisms, including Hooks, Model Context Protocol (MCP) servers, and environment variables executing First seen on thehackernews.com Jump to article: thehackernews.com/2026/02/claude-code-flaws-allow-remote-code.html
-
Software vulnerabilities are being weaponized faster than ever
A report by VulnCheck shows threat groups are exploiting a small percentage of critical flaws well before security teams can mitigate. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/software-vulnerabilities-are-being-weaponized-faster-than-ever/813096/
-
Threat actor leveraged Cisco SD-WAN zero-day since 2023 (CVE-2026-20127)
A >>highly sophisticated<< cyber threat actor has been exploiting a zero-day authentication bypass vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cisco-sd-wan-zero-day-cve-2026-20127/
-
NDSS 2025 On Borrowed Time Preventing Static Side-Channel Analysis
Tags: attack, conference, control, data, exploit, Internet, network, side-channel, technology, threatSession 13C: Side Channels 2 Authors, Creators & Presenters: Robert Dumitru (Ruhr University Bochum and The University of Adelaide), Thorben Moos (UCLouvain), Andrew Wabnitz (Defence Science and Technology Group), Yuval Yarom (Ruhr University Bochum) PAPER On Borrowed Time — Preventing Static Side-Channel Analysis In recent years a new class of side-channel attacks has emerged. Instead…
-
Active exploitation of Cisco Catalyst SD-WAN by UAT-8616
Cisco Talos is tracking the active exploitation of CVE-2026-20127, a vulnerability in Cisco Catalyst SD-WAN Controller, formerly vSmart, that allows an unauthenticated remote attacker to bypass authentication and obtain administrative privileges. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-8616-sd-wan/
-
The Real Initial Access Vector: Compromised Active Directory Credentials
Compromised Active Directory credentials allow attackers to log in without exploits, driving modern authentication-based initial access. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-real-initial-access-vector-compromised-active-directory-credentials/
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 2026-21852
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
44% Surge in App Exploits as AI Speeds Up Cyber-Attacks, IBM Finds
IBM’s 2026 X-Force report reveals 44% rise in cyber-attacks on public apps, driven by AI and flaws First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/app-exploits-surge-ai-speeds/
-
Vulnerabilities grew like weeds in 2025, but only 1% were weaponized in attacks
Too many defenders and researchers are paying attention to defects and unsubstantiated exploit concepts that aren’t worth their time, VulnCheck’s Caitlin Condon said. First seen on cyberscoop.com Jump to article: cyberscoop.com/vulncheck-exploited-vulnerabilities-report-2025/
-
Caught in the Hook: RCE and API Token Exfiltration Through Claude Code Project Files 2025-59536 –
y Aviv Donenfeld and Oded Vanunu Executive Summary Check Point Research has discovered critical vulnerabilities in Anthropic’s Claude Code that allow attackers to achieve remote code execution and steal API credentials through malicious project configurations. The vulnerabilities exploit various configuration mechanisms including Hooks, Model Context Protocol (MCP) servers, and environment variables -executing arbitrary shell commands…
-
Ex-L3Harris exec jailed 7 years for selling exploits to Russia
Former Trenchant manager profited millions from cyber tools reserved for the US First seen on theregister.com Jump to article: www.theregister.com/2026/02/25/former_l3harris_exec_jailed/
-
Hackers Exploit Cortex XDR Live Terminal for C2 Communications
Hackers can repurpose the Cortex XDR Live Terminal feature as a stealthy, EDR”‘trusted command”‘and”‘control (C2) channel, effectively turning a built”‘in response tool into a “living off the land” backdoor on protected endpoints. This abuse leverages the agent’s trusted communications and flexible remote”‘execution capabilities to blend malicious operations into normal Cortex XDR traffic. Cortex XDR Live…
-
SolarWinds Serv-U hit by four critical RCE-level vulnerabilities
SolarWinds has fixed four critical vulnerabilities in its popular Serv-U file transfer solution, which is used by businesses and organizations of all sizes. If exploited, the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/solarwinds-serv-u-vulnerabilities-cve-2025-40538-to-cve-2025-40541/
-
CISA Issues Alert on Active Exploitation of FileZen Vulnerability
The Cybersecurity and Infrastructure Security Agency (CISA) has added a new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation in the wild. The vulnerability affects FileZen, a file-sharing and data transfer product developed by Japanese vendor Soliton Systems K.K. The flaw, tracked as CVE-2026-25108, is classified as an OS Command…
-
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, received a prison sentence of just over seven years for selling eight zero-day exploits to the Russian broker Operation Zero for millions. Williams pleaded guilty…
-
Ex-L3Harris executive sentenced to 87 months for selling stolen cyber-exploit trade secrets
Peter Williams, a former executive of Trenchant, L3Harris’ cyber division, has been sentenced to 87 months in prison by a federal judge in Washington, D.C., after pleading … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/peter-williams-l3harris-executive-sentenced-trade-secrets-theft-russia/
-
CISA flags exploited FileZen command injection bug, patch now! (CVE-2026-25108)
CISA has added CVE-2026-25108, an OS command injection vulnerability in Soliton Systems’ FileZen secure file transfer solution, to its Known Exploited Vulnerabilities … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/25/cve-2026-25108-filezen-vulnerability-exploited/
-
US sanctions Russian broker for buying stolen zero-day exploits
The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/us-sanctions-russian-exploit-broker-for-buying-stolen-zero-days/
-
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Soliton Systems K.K FileZen flaw, tracked as CVE-2026-25108 (CVSS v4 score of 8.7), to its Known Exploited Vulnerabilities (KEV) catalog. Soliton Systems K.K. FileZen is a…
-
Ex-L3Harris exec jailed for selling zero-days to Russian exploit broker
The former head of Trenchant, a specialized U.S. defense contractor unit, was sentenced Tuesday to more than seven years in federal prison for stealing and selling zero-day exploits to a Russian exploit broker whose clients include the Russian government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ex-l3harris-exec-jailed-for-selling-zero-days-to-russian-exploit-broker/