Tag: exploited vulnerability
14 articles

CISA Flags Exploited SharePoint Zero-Day Vulnerability
Don't wait until it's too late: Federal agencies have until July 19, 2026, to patch a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, that's already being exploited by hackers to execute malicious code remotely. This high-severity flaw, with a CVSS score of 9.8, could allow attackers to take control of your SharePoint Server if left unpatched.

CISA Mandates Patching of Exploited Oracle Flaw by Saturday
Federal cyber authorities are sounding the alarm: a high-risk flaw in Oracle E-Business Suite, already being exploited by hackers, must be patched by Saturday to prevent takeover of vulnerable systems. Over 1,000 Internet-exposed instances are at risk, with more than half located in the United States.

CISA Mandates Patching of Exploited Langflow Auth Bypass Flaw
The CISA has stepped in to mandate patching of a critical Langflow Auth Bypass flaw, CVE-2026-55255, that's being exploited by financially motivated threat actors to access sensitive user data. This vulnerability allows attackers to siphon off sensitive data and hijack computing resources with just a crafted request.

CISA Mandates Patching of Exploited Adobe ColdFusion Flaw
Adobe has issued a warning to patch a critical flaw, CVE-2026-48282, in ColdFusion versions 2025.9, 2023.20, and earlier, as attackers have already begun exploiting it just two hours after disclosure. Admins are urged to deploy the updates within 72 hours to prevent code execution on unpatched systems.

Adobe ColdFusion Flaw Exploited in Targeted Attacks
With 775 exposed ColdFusion instances online, a newly patched flaw is being exploited by attackers, putting countless systems at risk. Adobe has urgently warned customers to apply updates immediately to protect against this and 10 other critical vulnerabilities.

CISA Flags Exploited PTC Windchill Flaw Amid Web Shell Attacks
PTC has confirmed that attackers are exploiting a high-severity flaw, CVE-2026-12569, in its Windchill software to drop malicious web shells on vulnerable systems, allowing them to execute arbitrary code remotely. The company has reported heightened threat activity, urging users to take immediate action to protect themselves.

CISA Warns of Actively Exploited Joomla Flaw Enabling PHP Code Execution
A critical Joomla flaw, tracked as CVE-2026-48907, is being actively exploited, allowing attackers to upload and execute PHP code - and the US Cybersecurity and Infrastructure Security Agency (CISA) is warning users to take immediate action. A patch is available in version 2.9.99.5 of the Widget Factory Joomla Content Editor.

CISA Mandates Patching of Exploited Check Point VPN Bug
A critical vulnerability in Check Point VPNs, known as CVE-2026-50751, has been exploited in dozens of organizations worldwide, with one incident linked to Qilin ransomware. This bug allows hackers to bypass authentication and establish remote access, putting targeted organizations at risk.

CISA Warns of Actively Exploited Oracle WebLogic Server Vulnerability
The US Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm on a highly exploitable Oracle WebLogic Server vulnerability, CVE-2024-21182, that's being actively targeted by threat actors. Over 1,592 vulnerable servers are currently exposed online, making it a pressing concern for organizations to patch up ASAP.

Ivanti Discloses Actively Exploited Zero-Day in Endpoint Manager
Ivanti has confirmed that hackers are actively exploiting a zero-day vulnerability, CVE-2026-6973, in its Endpoint Manager Mobile (EPMM) software, allowing them to run code remotely with administrative privileges. The company has issued patches for this and four other EPMM flaws to protect its customers.

CISA Flags Apache ActiveMQ Flaw as Actively Exploited
The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on a high-severity flaw in Apache ActiveMQ Classic, warning that it's being actively exploited by hackers - and giving organizations a narrow window to assess their exposure and respond. With a CVSS score of 8.8, this vulnerability is a critical threat that demands immediate attention.

CISA Warns of Exploited Windows Task Host Vulnerability
Stay one step ahead of cyber threats by securing your Windows systems - a recently exploited vulnerability in Windows Task Host could let attackers escalate privileges and take full control of your machines. The Cybersecurity and Infrastructure Security Agency (CISA) has flagged this issue as high-risk, urging swift action to protect affected systems.

Microsoft Patch Tuesday Addresses 165 Vulnerabilities, Including Exploited SharePoint Flaw
Microsoft's April Patch Tuesday update is a doozy, addressing a whopping 165 vulnerabilities, including a SharePoint Server spoofing flaw that's already been exploited in the wild. This mega update also fixes a bug that was publicly disclosed by a frustrated researcher.

CISA Mandates Emergency Patch for Exploited Ivanti EPMM Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert, ordering US government agencies to patch a critical vulnerability in Ivanti Endpoint Manager Mobile (EPMM) within just four days, as the flaw has been under active exploitation since January. With a Sunday deadline looming, federal IT teams are racing against the clock to secure systems and prevent further attacks.