PROBABLYPWNED
Home/Tag/Active Exploitation

Active Exploitation

23 articles tagged with "Active Exploitation"

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8
Vulnerabilities3 min read

Oracle E-Business CVE-2026-46817 Under Active Attack—CVSS 9.8

Critical authentication bypass in Oracle Payments (CVE-2026-46817) is being actively exploited. Over 900 vulnerable instances exposed online, with attackers achieving system takeover via unauthenticated HTTP requests.

Marcus ChenJul 6, 2026
APT28 Exploiting Windows Shell Flaw to Steal NTLM Credentials
Vulnerabilities5 min read

APT28 Exploiting Windows Shell Flaw to Steal NTLM Credentials

Russian state hackers weaponize CVE-2026-32202, an incomplete patch for Windows Shell that enables zero-click NTLM hash theft. Microsoft confirms active exploitation after Akamai discovers the bypass.

Vulnerability DeskApr 28, 2026
Quest KACE SMA CVSS 10.0 Flaw Exploited in the Wild
Vulnerabilities3 min read

Quest KACE SMA CVSS 10.0 Flaw Exploited in the Wild

Attackers exploiting CVE-2025-32975 authentication bypass in Quest KACE to hijack admin accounts and deploy credential harvesters. Patched in May 2025—many remain exposed.

Vulnerability DeskMar 24, 2026
CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog
Vulnerabilities4 min read

CISA Adds Apple, Craft CMS, Laravel Bugs to KEV Catalog

Five vulnerabilities under active exploitation added to CISA's KEV catalog. Federal agencies must patch by April 3, 2026. Includes three Apple kernel flaws and Laravel RCE.

Vulnerability DeskMar 21, 2026
CISA Adds SolarWinds, Sangoma, GitLab Flaws to KEV
Vulnerabilities3 min read

CISA Adds SolarWinds, Sangoma, GitLab Flaws to KEV

Four actively exploited vulnerabilities added to CISA's catalog including SolarWinds Web Help Desk deserialization flaw with CVSS 9.8. Federal agencies have until February 6 to patch.

Vulnerability DeskFeb 4, 2026