ALL POSTS

Key Findings About 900 Sangoma FreePBX systems were infected with web shells after attackers exploited a command injection flaw. Hundreds of Sangoma FreePBX instances are still infected with web shells following attacks that began in December 2025. The campaign exploited a post-authentication command injection vulnerability, tracked as CVE-2025-64328 (CVSS score of 8.6), in the endpoint manager interface. The Shadowserver Foundation reports that around 900 FreePBX instances a

Key Findings OpenClaw has fixed a high-severity security issue that could have allowed a malicious website to connect to a locally running AI agent and take over control. The flaw, dubbed "ClawJacked" by Oasis Security, enables a malicious website to silently open a WebSocket connection to the local OpenClaw gateway and brute-force the password. Upon successful authentication, the malicious script can register as a trusted device, which is automatically approved by the gatewa

Key Findings: A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), has been actively exploited since 2023 to gain remote, unauthenticated administrative access. The vulnerability allows an attacker to bypass authentication and gain full administrative access to affected Cisco Catalyst SD-WAN Controller and Manager systems. Exploited environments include on-premises, Cisco Hosted SD-WAN Cloud, and FedRAMP Cisco Hosted SD-WAN Cloud deployments.

Background The XWorm malware has been around since 2022, but the latest version 7.2 surfaced on Telegram marketplaces in late 2025 and early 2026. Attackers are using social engineering tactics to lure victims into opening malicious Excel attachments in emails disguised as business communications. Technical Details The Excel file exploits an old vulnerability (CVE-2018-0802) to run a hidden script (HTA file) that downloads what appears to be a normal JPEG image. However, the

Key Findings: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two vulnerabilities affecting the RoundCube Webmail platform to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities are: CVE-2025-49113 (CVSS score: 9.9) - A deserialization of untrusted data vulnerability that allows remote code execution. CVE-2025-68461 (CVSS score: 7.2) - A cross-site scripting (XSS) vulnerability. These vulnerabilities have been actively exploited b

Key Findings Cybersecurity researchers have disclosed multiple security vulnerabilities in four popular Microsoft Visual Studio Code (VS Code) extensions with over 125 million collective installs. The vulnerable extensions are Live Server, Code Runner, Markdown Preview Enhanced, and Microsoft Live Preview. If successfully exploited, these vulnerabilities could allow threat actors to steal local files and execute code remotely. The researchers warn that a single malicious exte

Key Findings Apple released emergency updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS to address an actively exploited zero-day vulnerability (CVE-2026-20700) The vulnerability is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that could allow attackers to execute arbitrary code The flaw was discovered and reported by Google's Threat Analysis Group, suggesting it may have been used in sophisticated nation-state or commercial spyware attacks Apple

Key Findings: A critical vulnerability in MongoDB allows unauthenticated attackers to crash database servers The flaw, tracked as CVE-2022-29464, has a CVSS score of 8.7 and can lead to Denial of Service (DoS) conditions The vulnerability is caused by a memory exhaustion issue that can be triggered without any authentication Background MongoDB is a popular open-source NoSQL database management system that is widely adopted by organizations for its flexibility and scalability.

Key Findings The European Commission detected a cyber attack on its central mobile device management infrastructure on January 30, 2026. The attack may have exposed the personal details, including names and phone numbers, of some Commission staff members. However, the Commission's swift response contained the breach within 9 hours and ensured that no mobile devices were compromised. The attack is linked to critical vulnerabilities (CVE-2026-1281 and CVE-2026-1340) in Ivanti's

Key Findings Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products Tracked as CVE-2026-1731 with a CVSS score of 9.9 Allows unauthenticated remote attackers to execute OS commands and compromise systems Affects RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior Patches available in RS v25.3.2+ and PRA v25.1.1+ Customers with older versions (RS <21.3, PRA <22.1) must upgrade b

Key Findings Critical vulnerability (CVE-2026-1868) discovered in GitLab self-hosted AI Gateway with a CVSS score of 9.9 Flaw allows attackers to execute arbitrary code or trigger a Denial of Service on affected systems The vulnerability is caused by improper sanitization of user-supplied templates in the Duo Workflow Service Affects versions 18.1.6, 18.2.6, and 18.3.1 of the GitLab AI Gateway Patched versions 18.6.2, 18.7.1, and 18.8.1 have been released to address the issue

Key Findings IBM has disclosed a critical vulnerability, CVE-2025-13375, in its Common Cryptographic Architecture (CCA) software with a CVSS score of 9.8. The flaw allows unauthenticated attackers to execute arbitrary commands with elevated privileges on the system, exposing the IBM Hardware Security Modules (HSMs). The vulnerability affects specific versions of the CCA software running on IBM's 4769 and 4770 cryptographic coprocessors, as well as the IBM i platform. The impa

Key Findings Cisco has released urgent updates to address critical vulnerabilities in Cisco Meeting Management and Cisco TelePresence Collaboration Endpoint (CE) Software The vulnerabilities could allow attackers to seize control of meeting management systems or crash communication endpoints The most severe flaw, CVE-2026-20098, carries a high CVSS score of 8.8 and allows remote attackers to execute arbitrary commands with root privileges Background Cisco Meeting Management i

Key Findings An FBI informant claimed in 2017 that Jeffrey Epstein had a "personal hacker" who was an Italian born in Calabria. The hacker, whose name was redacted, reportedly sold zero-day exploits and offensive cyber tools to several countries, including the U.S. and the U.K. He allegedly created a zero-day exploit and sold it to Hezbollah in exchange for a trunk of cash. The hacker was known for finding vulnerabilities in iOS, BlackBerry, and Firefox. He surrounded himself

Key Findings Kyverno, a popular Kubernetes-native policy engine, has released an urgent security update to address a critical vulnerability (CVE-2026-22039) with a maximum CVSS score of 10. The flaw allows any user with policy creation rights to effectively become a cluster admin, shattering Kyverno's isolation boundaries. The update also fixes a high-severity Denial of Service (DoS) vulnerability (CVE-2026-23881) with a CVSS score of 7.7. Background Kyverno is a Kubernetes-n

Key Findings SolarWinds has released security updates to address six vulnerabilities in their Web Help Desk product, including four critical flaws. The four critical vulnerabilities could be exploited without authentication to achieve remote code execution (RCE) or bypass authentication: CVE-2025-40551 (CVSS 9.8) - Unauthenticated RCE via deserialization of untrusted data CVE-2025-40552 (CVSS 9.8) - Authentication bypass to execute actions and methods CVE-2025-40553 (CVSS 9.8

Key Findings A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library, tracked as CVE-2026-22709. The vulnerability carries a CVSS score of 9.8 out of 10.0, indicating its high severity. The flaw allows attackers to escape the sandbox environment and execute arbitrary code on the underlying operating system. Background vm2 is a Node.js library used to run untrusted code within a secure sandboxed environment. The library intercepts and prox

Key Findings: Fortinet has released security updates to address a critical flaw (CVE-2026-24858, CVSS 9.4) impacting FortiOS, FortiManager, and FortiAnalyzer. The vulnerability is an authentication bypass related to the FortiCloud single sign-on (SSO) feature, which can allow an attacker with a FortiCloud account and a registered device to access other devices registered to different accounts. The vulnerability is actively being exploited in the wild, with Fortinet confirming

Key Findings: React team issued urgent security advisory about incomplete fixes for Denial of Service (DoS) vulnerabilities in React Server Components New high-severity flaw CVE-2026-23864 (CVSS 7.5) allows attackers to trigger server crashes, out-of-memory exceptions, or excessive CPU usage via "specially crafted HTTP requests" Vulnerability affects React packages using server-side rendering (react-server-dom-webpack, react-server-dom-parcel, react-server-dom-turbopack) in v

Key Findings Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. The vulnerability is a security feature bypass that allows an unauthorized attacker to bypass security protections locally by sending a malicious Office file. Microsoft confirmed the Preview Pane is not an attack vector, but did not disclose technical details about the active exploits. Office 2021 and later are automa