top of page
ALL POSTS
Critical ArcGIS Account Recovery Vulnerability Exploited in Ongoing Attack Campaign
Key Findings Cybercriminals are actively exploiting ArcGIS Account Recovery configurations to breach customer environments right now Attackers bypass hardened primary login defenses by targeting weaker account recovery mechanisms instead Built-in application accounts with weak security questions or common usernames are primary targets Organizations using centralized identity providers instead of built-in accounts are protected from this specific threat Esri will release a sec
Jun 202 min read
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Bypass Flaw (CVE-2026-0257)
Key Findings CVE-2026-0257 is an authentication bypass vulnerability in Palo Alto Networks PAN-OS affecting GlobalProtect portals and gateways Active exploitation confirmed by Rapid7 starting May 17, 2026, with two distinct attack waves originating from different hosting providers Vulnerability allows attackers to forge authentication cookies and bypass VPN access controls without credentials CISA added the flaw to its Known Exploited Vulnerabilities catalog in early June, re
Jun 153 min read
PAN-OS GlobalProtect Authentication Bypass Vulnerability Under Active Exploitation in the Wild
Key Findings CVE-2026-0257 is an authentication bypass vulnerability actively exploited in the wild against Palo Alto Networks PAN-OS appliances Threat actors can forge valid VPN authentication cookies without credentials if specific certificate configurations exist CISA added this flaw to the Known Exploited Vulnerabilities catalog due to active exploitation campaigns A single threat actor orchestrated at least two waves of attacks starting May 17, 2026, successfully obtaini
May 303 min read
Cisco Catalyst SD-WAN Controller Critical Authentication Bypass Under Active Exploitation for Admin Access
Key Findings Critical authentication bypass vulnerability CVE-2026-20182 (CVSS 10.0) in Cisco Catalyst SD-WAN Controller actively exploited in limited attacks since May 2026 Vulnerability allows unauthenticated remote attackers to gain administrative privileges and manipulate SD-WAN fabric network configurations CISA added the flaw to Known Exploited Vulnerabilities catalog with a May 17, 2026 deadline for federal agencies to remediate The vulnerability affects the vdaemon se
May 143 min read
Quest KACE SMA Critical Vulnerability CVE-2025-32975 Exposes 60 Organizations to Directory Traversal Attacks
Key Findings CVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE SMA with a maximum CVSS score of 10.0 An unpatched instance at managed services provider HIQ was exploited to compromise over 60 downstream organizations across law enforcement, healthcare, education, and government The attacker left a 308 MB toolkit and 512 MB database dump publicly accessible on an unprotected HTTP server for three days Over 12,000 internet-facing KACE appliances are
May 132 min read
Critical cPanel Vulnerability Actively Exploited Against Government and MSP Infrastructure
Key Findings Unknown threat actor exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, targeting government and military entities in Southeast Asia Attack infrastructure originating from IP address 95.111.250[.]175, primarily focusing on Philippines and Laos government and military domains Concurrent targeting of MSPs and hosting providers across Philippines, Laos, Canada, South Africa, and the United States using publicly available pro
May 43 min read
CVE-2026-1604: Remote Unauthenticated Attacker Can Steal Ivanti EPM Secrets (Updated)
Key Findings Ivanti released security patches for its Endpoint Manager (EPM) product, addressing two critical vulnerabilities. The most severe flaw, CVE-2026-1603, is a high-severity authentication bypass (CVSS 8.6) that allows remote unauthenticated attackers to access stored credentials. The second vulnerability, CVE-2026-1602, is a medium-severity SQL injection flaw (CVSS 6.5) that could enable data theft by authenticated attackers. There is no evidence of these vulnerabil
Feb 122 min read
FortiGate Under Siege: Critical SAML SSO Flaw Enables Authentication Bypass and Config Theft
Key Findings Threat actors have begun exploiting two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). The vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled. Fortinet has released patches for the flaws in FortiOS, FortiWeb,
Dec 16, 20252 min read
bottom of page
