Actively Exploited
Weaver E-cology critical bug exploited in attacks since March
Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since mid-March to run discovery commands. The attacks started five days after the software vendor released a security update to address the issue, and two weeks before disclosing it publicly. Researchers at threat intelligence company Vega documented the malicious activity and […]
CISA says ‘Copy Fail’ flaw now exploited to root Linux systems
CISA has warned that threat actors have started exploiting the “Copy Fail” Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. Tracked as CVE-2026-31431, this security flaw was found in the Linux kernel’s algif_aead cryptographic algorithm interface and enables unprivileged local users to gain root privileges on unpatched […]
Critrical cPanel flaw mass-exploited in “Sorry” ransomware attacks
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in “Sorry” ransomware attacks. This week, an emergency update for WHM and cPanel was released to fix a critical authentication bypass flaw that allows attackers to access control panels. WHM and cPanel are Linux-based web hosting control panels for server […]
Critical cPanel and WHM bug exploited as a zero-day, PoC now available
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. It is unclear when exploitation started, but KnownHost, a hosting provider that uses cPanel, said the day the vulnerability was disclosed that “successful exploits have been seen […]
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Hackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. Exploitation started in early February, before the security issues were disclosed publicly at the end of the month, according to researchers at cloud-native application security company Snyk. Qinglong is a self-hosted open-source time management platform […]
CISA orders feds to patch Windows flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. Tracked as CVE-2026-32202, this security flaw was reported by cybersecurity firm Akamai, which described it as a zero-click NTLM hash leak vulnerability left behind after Microsoft incompletely patched a remote code execution flaw […]
Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
Hackers are targeting sensitive information stored in the LiteLLM open-source large-language model (LLM) gateway by exploiting a critical vulnerability tracked as CVE-2026-42208. The flaw is an SQL injection issue that occurs during LiteLLM’s proxy API key verification step. An attacker can exploit it without authentication by sending a specially crafted Authorization header to any LLM […]
Over 10,000 Zimbra servers vulnerable to ongoing XSS attacks
Over 10,000 Zimbra Collaboration Suite (ZCS) instances exposed online are vulnerable to ongoing attacks exploiting a cross-site scripting (XSS) security flaw, according to nonprofit security organization Shadowserver. Zimbra is a popular email and collaboration software suite used by hundreds of millions of people worldwide, including hundreds of government agencies and thousands of businesses. The vulnerability (tracked as CVE-2025-48700) […]
Hackers exploit file upload bug in Breeze Cache WordPress plugin
Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. The security issue is tracked as CVE-2026-3844 and has been leveraged in more than 170 exploitation attempts by the Wordfence security solution for the WordPress ecosystem. The Breeze Cache WordPress caching […]
CISA orders feds to patch BlueHammer flaw exploited as zero-day
CISA has given U.S. government agencies two weeks to secure their Windows systems against a Microsoft Defender privilege escalation vulnerability that has been exploited in zero-day attacks. Tracked as CVE-2026-33825, this high-severity security flaw allows low-privileged local threat actors to gain SYSTEM permissions on unpatched devices by exploiting an insufficient granularity of access control weakness. Microsoft patched […]