19 articles tagged with "Active Exploitation"
CVE-2026-0300 allows unauthenticated attackers to execute code as root on PA-Series and VM-Series firewalls. Patches coming May 13—here's how to mitigate now.
Russian state hackers weaponize CVE-2026-32202, an incomplete patch for Windows Shell that enables zero-click NTLM hash theft. Microsoft confirms active exploitation after Akamai discovers the bypass.
Four actively exploited vulnerabilities added to CISA's KEV catalog on April 24. Federal agencies face May 8 deadline—here's what's being targeted.
CVE-2026-21643 exploitation began March 26, six weeks after Fortinet's patch. Around 1,000 internet-exposed EMS instances remain vulnerable to unauthenticated RCE.
CVE-2026-3055 now actively exploited. CISA adds the CVSS 9.3 memory leak to KEV catalog, giving federal agencies until April 2 to patch SAML IdP configurations.
Attackers exploiting CVE-2025-32975 authentication bypass in Quest KACE to hijack admin accounts and deploy credential harvesters. Patched in May 2025—many remain exposed.
Five vulnerabilities under active exploitation added to CISA's KEV catalog. Federal agencies must patch by April 3, 2026. Includes three Apple kernel flaws and Laravel RCE.
CVE-2026-1492 in User Registration & Membership plugin enables unauthenticated admin account creation. CVSS 9.8—over 100,000 sites at risk.
Cisco confirms active exploitation of two more SD-WAN Manager vulnerabilities. Attackers deploying web shells through arbitrary file overwrite and credential exposure flaws.
Four actively exploited vulnerabilities added to CISA's catalog including SolarWinds Web Help Desk deserialization flaw with CVSS 9.8. Federal agencies have until February 6 to patch.
CVE-2026-23760 enables unauthenticated admin takeover in SmarterMail. Exploitation began two days after patch release.
Five vulnerabilities added to CISA's KEV catalog this week. VMware vCenter RCE bug patched 18 months ago now seeing active exploitation.
CVE-2026-24061 allows remote authentication bypass in GNU InetUtils telnetd. Exploitation activity detected within hours of disclosure.
Arctic Wolf reports automated attacks creating rogue admin accounts on supposedly patched FortiGate devices. Fortinet acknowledges incomplete fix.
CVE-2026-0625 allows unauthenticated remote code execution on legacy DSL routers. Affected models reached end-of-life in 2020 and won't receive fixes.
Federal agencies have until January 19 to patch CVE-2025-14847. Security researchers release open-source detection tool as attackers harvest credentials from exposed servers.
CVE-2020-12812 allows attackers to bypass two-factor authentication on FortiGate devices by simply changing username case. Fortinet issued fresh advisory on December 25.
Critical out-of-bounds write vulnerability in WatchGuard Firebox firewalls under active exploitation with over 125,000 devices exposed online.
Two critical CVSS 9.8 vulnerabilities in FortiGate devices are being actively exploited just days after patch release. Attackers targeting SSO authentication.