top of page
ALL POSTS
Cisco SD-WAN Vulnerability Now Exploited in the Wild: Patch CVE-2026-20262 Immediately
Key Findings CVE-2026-20262 affects Cisco Catalyst SD-WAN Manager and is actively exploited in the wild The vulnerability allows authenticated attackers to write or overwrite arbitrary files on the system Planted files can be leveraged to escalate privileges to root level All deployment types are vulnerable: On-Prem, Cloud-Pro, Cisco-managed cloud, and FedRAMP installations Cisco has released patched builds across all affected versions Attackers are already deploying suspicio
Jun 162 min read
LiteSpeed and FreeBSD Privilege Escalation Flaws Under Active Exploitation (CVE-2026-54420, CVE-2026-49413)
Key Findings LiteSpeed cPanel plugin versions before 2.4.8 contain a privilege escalation flaw actively exploited in the wild Vulnerability allows low-privileged users on shared hosting to gain full root access by abusing symlink handling Flaw affects servers running CloudLinux/CageFS and scores 8.5 on CVSS scale Patch available now in cPanel plugin v2.4.8 and WHM Plugin v5.3.2.1 Attackers use distinctive pattern of certificate endpoint calls repeated 7-10 times from single I
Jun 152 min read
Critical Apache Solr Vulnerability Exposes Clusters to Remote Exploitation
Key Findings Apache Solr versions 9.4.0 through 9.10.1 and 10.0.0 contain hardcoded default credentials that allow unauthenticated remote administrative access CVE-2026-44825 affects only installations using the command-line authentication tool, not manually configured systems Industrial IoT converters using USR-W610 devices have a critical CVSS 9.8 vulnerability (CVE-2026-7786) with embedded plaintext credentials USR device manufacturer has not responded to vulnerability coo
Jun 33 min read
NGINX CVE-2026-42945 Worker Crash Vulnerability Exploited in the Wild with Potential RCE
Key Findings NGINX vulnerability CVE-2026-42945 (CVSS 9.2) is actively exploited in the wild days after public disclosure Heap buffer overflow in ngx_http_rewrite_module affects NGINX versions 0.6.27 through 1.30.0 Flaw can crash worker processes or enable remote code execution on systems with ASLR disabled Exploitation requires specific NGINX configuration knowledge and crafted HTTP requests VulnCheck detected weaponized exploitation attempts against honeypot networks Two cr
May 172 min read
Google Thwarted First AI-Generated Zero-Day Exploit Before Attack
Key Findings Google Threat Intelligence Group discovered a zero-day exploit developed entirely by artificial intelligence before attackers could deploy it at scale Code analysis revealed telltale AI artifacts including excessive documentation strings, highly annotated code, and a hallucinated CVSS score that don't match human developer patterns A well-known cybercrime group with a history of high-profile attacks and mass exploitation was preparing to use the exploit for finan
May 122 min read
AI-Powered Zero-Day: Hackers' First Known 2FA Bypass Campaign Stopped by Google
Key Findings Google identified threat actors using an AI-generated zero-day exploit to bypass two-factor authentication on a web-based administration tool, marking the first confirmed use of AI in malicious vulnerability discovery in the wild The exploit was delivered as a Python script containing telltale signs of large language model generation, including excessive docstrings, fabricated CVSS scores, and textbook-style code formatting The vulnerability required valid user c
May 113 min read
Critical Ollama GGUF Loader Vulnerability Exposes Sensitive Process Memory to Remote Attackers
Key Findings CVE-2026-7482 (CVSS 9.1) affects Ollama versions before 0.17.1, impacting an estimated 300,000+ servers globally Out-of-bounds read in GGUF model loader allows unauthenticated remote attackers to leak entire process memory Vulnerability enables exfiltration of API keys, environment variables, system prompts, and user conversation data Two additional Windows update flaws (CVE-2026-42248 and CVE-2026-42249) enable persistent code execution but remain unpatched Olla
May 113 min read
Palo Alto PAN-OS Zero-Day Vulnerability Under Active Exploitation
Key Findings Critical buffer overflow vulnerability CVE-2026-0300 in Palo Alto Networks PAN-OS is actively being exploited in the wild with limited confirmed attacks Flaw affects authentication portals on PA-Series and VM-Series firewalls, allowing unauthenticated attackers to execute code with root privileges CVSS score of 9.3 with low attack complexity means the vulnerability is easily exploitable and automatable for mass campaigns More than 5,800 publicly exposed VM-Series
May 62 min read
Critical cPanel Vulnerability Actively Exploited Against Government and MSP Infrastructure
Key Findings Unknown threat actor exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, targeting government and military entities in Southeast Asia Attack infrastructure originating from IP address 95.111.250[.]175, primarily focusing on Philippines and Laos government and military domains Concurrent targeting of MSPs and hosting providers across Philippines, Laos, Canada, South Africa, and the United States using publicly available pro
May 43 min read
Over 400,000 WordPress Sites Vulnerable to Breeze Cache Plugin Exploit (CVE-2026-3844)
Key Findings Critical vulnerability (CVE-2026-3844, CVSS 9.8) in Breeze Cache WordPress plugin allows unauthenticated file uploads Over 400,000 websites currently affected by the flaw Wordfence detected 170+ active attacks, with 3,936 blocked in 24 hours alone Vulnerability requires "Host Files Locally – Gravatars" option to be enabled, which is disabled by default Affects all versions up to 2.4.4; patch available in version 2.4.5 Background Breeze Cache is a popular free Wor
Apr 262 min read
Fast-moving Storm-1175 exploits new vulnerabilities to breach networks and deploy Medusa
Key Findings China-based Storm-1175 executes rapid ransomware attacks, sometimes completing full intrusions within 24 hours The group exploits newly disclosed vulnerabilities before organizations can patch them, leveraging over 16 different flaws since 2023 Primary targets include healthcare, education, finance, and services sectors across the US, UK, and Australia Storm-1175 has weaponized zero-day exploits before public disclosure, demonstrating advanced capabilities The gr
Apr 73 min read
CISA Adds TrueConf Client Vulnerability to Known Exploited Vulnerabilities Catalog
Key Findings CISA added CVE-2026-3502, a flaw in TrueConf Client, to its Known Exploited Vulnerabilities catalog on April 2, 2026 The vulnerability has a CVSS score of 7.8 and allows attackers to download and install malicious updates without integrity verification Threat actors are actively exploiting this flaw by compromising TrueConf servers and replacing legitimate update files with malicious payloads Check Point researchers attributed a wave of attacks called Operation T
Apr 53 min read
bottom of page
