Tag: known exploited vulnerabilities
26 articles

CISA Warns of Active Exploits Targeting FortiSandbox Flaws
Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

CISA Orders Emergency Patch for Exploited Fortinet Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to patch or mitigate two critical Fortinet vulnerabilities within a tight three-day window, underscoring the severity of these flaws. This urgent action follows the discovery of a critical OS command injection vulnerability in FortiSandbox, allowing attackers to execute unauthorized code or commands.

Attackers Exploit Joomla Extension Bugs with Perfect 10 Scores
Critical vulnerabilities in two popular Joomla extensions have been exploited in the wild, allowing attackers to gain remote control of affected sites by uploading malicious files. The Cybersecurity and Infrastructure Security Agency has sounded the alarm, adding the flaws to its Known Exploited Vulnerabilities catalog.

CISA Warns of Exploited Flaws in Joomla Extensions
Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

CISA Flags SharePoint Flaw as Exploitable
Microsoft initially downplayed the risk of a SharePoint vulnerability, saying exploitation was less likely, but the Cybersecurity and Infrastructure Security Agency has since escalated the flaw to its list of known exploited vulnerabilities. This move signals a heightened sense of urgency for organizations to address the potentially critical issue.

CISA Warns of Active SharePoint RCE Exploitation
CISA warns that a high-severity vulnerability in Microsoft SharePoint Server, known as CVE-2026-45659, is being actively exploited, allowing authorized attackers to execute code remotely. This critical flaw, patched by Microsoft in May, requires immediate attention to prevent network breaches.

Ransomware gangs exploit Windows BlueHammer flaw
Ransomware gangs are actively exploiting a critical Microsoft Defender flaw, nicknamed BlueHammer, which has been added to CISA's list of Known Exploited Vulnerabilities. This vulnerability is a prime target for malicious cyber actors, posing a significant risk to those who haven't yet applied the necessary patches.

CISA Warns of Actively Exploited Ubiquiti Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting security flaws in Ubiquiti UniFi OS devices, posing a significant threat to system security. Federal agencies have just three days to apply crucial updates or recommended fixes to avoid potential breaches.

Legacy Infrastructure Exposes AI Agents to Hijacking Risks
Legacy infrastructure can put your AI agents at risk of hijacking, as seen with CVE-2025-24813, a remote code execution flaw that lets attackers turn a routine server compromise into a full takeover. An unpatched Internet-facing Apache Tomcat server is all it takes to expose your enterprise to this threat.

Cisco Disrupts Active Exploitation of SD-WAN Manager Flaw
Cisco is taking swift action to combat the active exploitation of a medium-severity flaw in its SD-WAN Manager, known as CVE-2026-20262, which could let hackers create or overwrite files on affected systems. Federal agencies have until June 29, 2026 to remediate the vulnerability.

LiteLLM Flaw Exploited in Wild, Enables Unauthenticated RCE
A high-severity flaw in BerriAI's LiteLLM, known as CVE-2026-42271, has been actively exploited, allowing unauthenticated users to execute commands remotely. This critical vulnerability affects LiteLLM versions 1.74.2 to 1.83.7 and has been deemed a major security risk.

CISA Warns of Exploited Magento Extension Flaw
A critical flaw in the Mirasvit Full Page Cache Warmer Magento extension, tracked as CVE-2026-45247, has been exploited by hackers, allowing them to execute remote code without authentication. This vulnerability, rated 9.8 on the CVSS scale, enables attackers to wreak havoc by supplying a malicious PHP object in the CacheWarmer cookie.

CISA Warns of Active Exploits Targeting Android, Linux Flaws
A high-severity Android flaw, CVE-2025-48595, is being actively exploited in targeted attacks, allowing hackers to gain increased privileges without needing any user interaction. This critical vulnerability affects Android 14-16 and has prompted CISA to add it to its list of Known Exploited Vulnerabilities.

CISA Flags Oracle WebLogic Flaw as Actively Exploited
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity Oracle WebLogic flaw, CVE-2024-21182, as actively exploited, prompting federal agencies to apply fixes by June 4, 2026. This critical vulnerability, rated 7.5 by CVSS, was added to CISA's Known Exploited Vulnerabilities Catalog after evidence of active exploitation was confirmed.

CISA Opens KEV Nominations to Bolster Vulnerability Intelligence
CISA is now accepting nominations for its Known Exploited Vulnerabilities catalog, empowering public reporting to strengthen the nation's cybersecurity posture by quickly identifying and mitigating exploited vulnerabilities. By submitting through the new KEV nomination form, you're helping to keep federal, private, and critical infrastructure networks safe.

CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could allow attackers to take control of systems and execute malicious code.

CISA Flags Cisco SD-WAN Vulnerability as Exploited
CISA has flagged a critical Cisco SD-WAN vulnerability, CVE-2026-20182, as exploited, giving federal agencies until May 17, 2026, to patch the authentication bypass flaw that could grant hackers administrative privileges. This vulnerability, scoring 10.0 on the CVSS scale, is now a top priority for remediation.

Ivanti EPMM Flaw Exploited, Grants Admin-Level Access
A critical flaw in Ivanti's Endpoint Manager Mobile (EPMM) has been exploited, allowing attackers to gain admin-level access - and the government is taking swift action to mitigate the threat. Federal agencies are now required to remediate the vulnerability, known as CVE-2026-6973, by May 10, 2026.

CISA Warns of Actively Exploited Linux Root Access Bug
A nine-year-old Linux kernel bug, known as Copy Fail, is being actively exploited in the wild, allowing unprivileged users to gain root access with a simple 732-byte Python-based exploit. The Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, warning of potential security risks.

Microsoft Patch Fails to Quell Russian Spy Exploitation of Windows Flaw
Microsoft's latest patch isn't enough to stop Russian spies from exploiting a Windows flaw, leaving sensitive information vulnerable to exposure. The incomplete fix is linked to a previously patched vulnerability from February, highlighting the urgent need for a more robust solution.

CISA Orders Federal Agencies to Patch Exploited Windows Flaw
Federal agencies are on high alert: a critical Windows vulnerability, CVE-2026-32202, must be patched by May 12 to prevent zero-click credential theft via malicious LNK files. CISA has ordered all Federal Civilian Executive Branch agencies to secure their Windows endpoints and servers within two weeks.

CISA Flags Actively Exploited ConnectWise, Windows Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.

CISA Flags Four Exploited Vulnerabilities, Sets Federal Patch Deadline
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged four actively exploited vulnerabilities, urging Federal Civilian Executive Branch (FCEB) agencies to patch or discontinue use of affected systems by May 8, 2026. These critical flaws, detailed in CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant threat to cybersecurity and must be addressed promptly.

CISA Warns of Active Cisco SD-WAN Exploits
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning to federal agencies, ordering them to patch three critical Cisco SD-WAN vulnerabilities within four days after discovering they're being actively exploited by hackers. This urgent directive comes after Cisco patched the flaws in its Catalyst SD-WAN Manager platform.