Tag: exploit
-
Attackers exploit Ivanti EPMM zero-days to seize control of MDM servers
Patch, but verify first: Unit 42 directed organizations to Ivanti’s security advisory for remediation guidance, which recommends applying version-specific RPM patches for EPMM 12.x branches that require no appliance downtime. Ivanti cautioned, however, that the patch does not survive a version upgrade and must be reinstalled if the software is updated. “The permanent fix for…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
CISA Warns of Actively Exploited Roundcube Vulnerabilities
Tags: cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, open-source, risk, threat, vulnerabilityOn February 20, 2026, the Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) Catalog by adding two critical flaws in Roundcube Webmail. These vulnerabilities, CVE-2025-49113 and CVE-2025-68461, are being actively exploited by threat actors. Roundcube, a popular open-source webmail client used by organizations worldwide, now faces heightened risks as attackers target…
-
North Korean Hackers Exploit Fake IT Worker Schemes and Malicious Interview Lures
North Korean state-backed hackers are running large-scale fake IT worker and “Contagious Interview” campaigns that abuse developer hiring workflows to deliver JavaScript-based malware, steal code and credentials, and covertly generate revenue for the regime. Since at least 2022, North Korean threat actors have impersonated recruiters and hiring managers, luring software developers into executing booby-trapped code…
-
Security Affairs newsletter Round 564 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…
-
Week in review: Firmware-level Android backdoor found on tablets, Dell zero-day exploited since 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Security at AI speed: The new CISO reality The CISO role has changed … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/22/week-in-review-firmware-level-android-backdoor-found-on-tablets-dell-zero-day-exploited-since-2024/
-
NDSS 2025 -DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing
Session 13A: JavaScript Security Authors, Creators & Presenters: Liam Wachter (EPFL), Julian Gremminger (EPFL), Christian Wressnegger (Karlsruhe Institute of Technology (KIT)), Mathias Payer (EPFL), Flavio Toffalini (EPFL) PAPER DUMPLING: Fine-Grained Differential JavaScript Engine Fuzzing Web browsers are ubiquitous and execute untrusted JavaScript (JS) code. JS engines optimize frequently executed code through just-in-time (JIT) compilation. Subtly…
-
AI-Assisted Threat Actor Compromises 600+ FortiGate Devices in 55 Countries
A Russian-speaking, financially motivated threat actor has been observed taking advantage of commercial generative artificial intelligence (AI) services to compromise over 600 FortiGate devices located in 55 countries.That’s according to new findings from Amazon Threat Intelligence, which said it observed the activity between January 11 and February 18, 2026.”No exploitation of FortiGate First seen on…
-
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Roundcube is a popular webmail platform and has been repeatedly targeted…
-
Best Cyber Security Consulting Companies
With rapid technological progress, it is estimated that nearly 200 billion connected devices, ranging from medical equipment and industrial machines to cars, smartphones, and home appliances, will be communicating through the Internet of Things (IoT) and Industrial IoT (IIoT). This massive interconnected ecosystem creates an enormous attack surface for attackers to exploit, disrupt, and infiltrate….…
-
CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities in question are listed below -CVE-2025-49113 (CVSS score: 9.9) – A deserialization of untrusted data vulnerability that allows remote code First seen on thehackernews.com…
-
Hospitals at Risk of BeyondTrust Ransomware Hacks
Critical Vulnerability Could Give Attackers Foothold in Clinical Networks. Federal authorities and industry officials are urging healthcare sector entities to address a critical flaw in BeyondTrust Remote Support and Privileged Remote Access software, which if exploited, could give an attacker a foothold inside a hospital or clinic network. First seen on govinfosecurity.com Jump to article:…
-
NDSS 2025 NodeMedic-FINE: Automatic Detection And Exploit Synthesis For Node.js Vulnerabilities
Session 13A: JavaScript Security Authors, Creators & Presenters: Darion Cassel (Carnegie Mellon University), Nuno Sabino (IST & CMU), Min-Chien Hsu (Carnegie Mellon University), Ruben Martins (Carnegie Mellon University), Limin Jia (Carnegie Mellon University) PAPER NodeMedic-FINE: Automatic Detection and Exploit Synthesis for Node.js Vulnerabilities The Node.js ecosystem comprises millions of packages written in JavaScript. Many packages…
-
BeyondTrust RCE flaw now exploited in ransomware attacks
Tags: attack, cisa, cve, cybersecurity, exploit, flaw, hacker, infrastructure, ransomware, rce, remote-code-execution, vulnerabilityHackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks/
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products to conduct a wide range of malicious actions, including deploying VShell and The vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), allows attackers to execute operating system commands in the context of the…
-
BeyondTrust Remote Support exploitation ramps up with backdoors, remote tools
Researchers warn that thousands of instances may still be vulnerable to exploitation activity. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/beyondtrust-remote-support-exploitation-backdoors-remote-tools/812707/
-
Silicon Valley Engineers Indicted for Alleged Trade Secret Theft From Google and Tech Firms
Federal authorities arrested three Silicon Valley engineers on Thursday, charging them with conspiring to steal trade secrets from Google and other tech giants. The case highlights growing insider threats in the chip design sector, where foreign adversaries could exploit sensitive data on processor security and cryptography. Samaneh Ghandali, 41, her husband Mohammadjavad Khosravi (aka Mohammad…
-
CISA gives federal agencies three days to patch actively exploited Dell bug
Hardcoded credential flaw in RecoverPoint already abused in espionage campaign First seen on theregister.com Jump to article: www.theregister.com/2026/02/20/cisa_dell_vulnerability/
-
Real-Time Risk Detection with Automated Vulnerability Assessment Tools
The global vulnerability landscape continues to expand rapidly, with thousands of new CVEs published every year. Thus, allowing hackers to weaponize newly disclosed flaws at an instant. Public reporting and threat intelligence analyses consistently show that exploitation often begins within days, and sometimes hours, of disclosure. That reality has fundamentally changed what “vulnerability assessment tools”……
-
PromptSpy abuses Gemini AI to gain persistent access on Android
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity…
-
Hackers Exploit Critical BeyondTrust Vulnerability to Deploy VShell and SparkRAT
Hackers are actively exploiting a critical vulnerability in BeyondTrust’s remote support software to deploy the VShell backdoor and SparkRAT remote access trojan, enabling full compromise of exposed systems. The vulnerability, tracked as CVE-2026-1731, is being used in real-world attacks against multiple industries across the U.S., Europe, and Asia-Pacific. BeyondTrust is an identity and access management…
-
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden
Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
-
MCP Servers Expose a Hidden AI Attack Surface in Enterprise Environments
MCP servers can be exploited for code execution, data exfiltration and zero-click supply chain attacks in AI-driven environments. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/mcp-servers-expose-a-hidden-ai-attack-surface-in-enterprise-environments/
-
Threat groups use AI to speed up and scale cyberattacks
A report from Palo Alto Networks finds hackers are increasingly using stolen identities and exploiting critical vulnerabilities within minutes of disclosure. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/threat-groups-ai-speed-scale-cyberattacks/812439/