Actively Exploited
Trend Micro warns of Apex One zero-day exploited in the wild
Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. Apex One is Trend Micro’s enterprise-grade endpoint security platform that protects corporate networks from a wide range of security threats, including malware, ransomware, fileless attacks, and web-based threats. Tracked as CVE-2026-34926, this directory traversal vulnerability in the […]
Drupal: Critical SQL injection flaw now targeted in attacks
Drupal is warning that hackers are attempting to exploit a “highly critical” SQL injection vulnerability announced earlier this week. The content management system (CMS) project published a PSA on May 18, urging administrators to reserve time for core updates that addressed an issue that threat actors might start exploiting “within hours or days.” The flaw is now […]
Microsoft warns of new Defender zero-days exploited in attacks
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. The first one, tracked as CVE-2026-41091, is a privilege escalation security flaw affecting Microsoft Malware Protection Engine 1.1.26030.3008 and earlier, which provides the scanning, detection, and cleaning capabilities for Microsoft antivirus and antispyware software. This flaw stems […]
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. During the intrusions, the hacker took between 30 and 60 minutes to log in, do network reconnaissance, test credential reuse on internal systems, and log out. SonicWall warned in a security advisory for […]
Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. Burst Statistics is a privacy-focused analytics plugin active on 200,000 WordPress sites and marketed as a lightweight alternative to Google Analytics. The flaw, tracked as CVE-2026-8181, was introduced on April 23 with the release of […]
Cisco warns of new critical SD-WAN flaw exploited in zero-day attacks
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. CVE-2026-20182 has a maximum severity of 10.0 and impacts Cisco Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager in on-prem and SD-WAN Cloud deployments. In an […]
CISA gives feds four days to patch Ivanti flaw exploited as zero-day
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) that has been exploited in zero-day attacks. Tracked as CVE-2026-6973, this security flaw allows attackers with administrative privileges to execute arbitrary code remotely on systems running […]
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. The security flaw (tracked as CVE-2026-6973) stems from an Improper Input Validation weakness that allows remote attackers with administrative privileges to execute arbitrary code on targeted systems running EPMM 12.8.0.0 and earlier. Ivanti says […]
Palo Alto Networks firewall zero-day exploited for nearly a month
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. Tracked as CVE-2026-0300, this remote code execution security flaw was found in the PAN-OS User-ID Authentication Portal (also known as the Captive Portal) and stems from a buffer overflow vulnerability that allows unauthenticated attackers […]
Palo Alto Networks warns of firewall RCE zero-day exploited in attacks
Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. Also known as the Captive Portal, the User-ID Authentication Portal is a PAN-OS security feature that authenticates users whose identities cannot be automatically mapped by the firewall. Tracked as CVE-2026-0300, this zero-day bug stems from […]