Skip to main content

Tag: known exploited vulnerabilities

26 articles

Network device on a rack in a brightly-lit data center environment.

CISA Warns of Active Exploits Targeting FortiSandbox Flaws

Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

Analyst 207
Technician applies security patch to computer system, symbolizing vulnerability fix.

CISA Orders Emergency Patch for Exploited Fortinet Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to patch or mitigate two critical Fortinet vulnerabilities within a tight three-day window, underscoring the severity of these flaws. This urgent action follows the discovery of a critical OS command injection vulnerability in FortiSandbox, allowing attackers to execute unauthorized code or commands.

Analyst 207
Attackers Exploit Joomla Extension Bugs with Perfect 10 Scores

Attackers Exploit Joomla Extension Bugs with Perfect 10 Scores

Critical vulnerabilities in two popular Joomla extensions have been exploited in the wild, allowing attackers to gain remote control of affected sites by uploading malicious files. The Cybersecurity and Infrastructure Security Agency has sounded the alarm, adding the flaws to its Known Exploited Vulnerabilities catalog.

Analyst 207
Web server setup under attack in a bright office environment.

CISA Warns of Exploited Flaws in Joomla Extensions

Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

Analyst 207
Officials gather around a podium and large screen displaying a blurred SharePoint interface.

CISA Flags SharePoint Flaw as Exploitable

Microsoft initially downplayed the risk of a SharePoint vulnerability, saying exploitation was less likely, but the Cybersecurity and Infrastructure Security Agency has since escalated the flaw to its list of known exploited vulnerabilities. This move signals a heightened sense of urgency for organizations to address the potentially critical issue.

Analyst 207
A lone computer workstation sits in a vast, empty IT room with rows of server racks in the background.

CISA Warns of Active SharePoint RCE Exploitation

CISA warns that a high-severity vulnerability in Microsoft SharePoint Server, known as CVE-2026-45659, is being actively exploited, allowing authorized attackers to execute code remotely. This critical flaw, patched by Microsoft in May, requires immediate attention to prevent network breaches.

Analyst 207
Windows computer setup on office desk with laptop and keyboard in focus, near a whiteboard with network diagram.

Ransomware gangs exploit Windows BlueHammer flaw

Ransomware gangs are actively exploiting a critical Microsoft Defender flaw, nicknamed BlueHammer, which has been added to CISA's list of Known Exploited Vulnerabilities. This vulnerability is a prime target for malicious cyber actors, posing a significant risk to those who haven't yet applied the necessary patches.

Analyst 207
Ubiquiti UniFi OS device in a small business office setting with ambient daylight.

CISA Warns of Actively Exploited Ubiquiti Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning that hackers are actively exploiting security flaws in Ubiquiti UniFi OS devices, posing a significant threat to system security. Federal agencies have just three days to apply crucial updates or recommended fixes to avoid potential breaches.

Analyst 207
Dimly lit server room with outdated equipment and exposed cables.

Legacy Infrastructure Exposes AI Agents to Hijacking Risks

Legacy infrastructure can put your AI agents at risk of hijacking, as seen with CVE-2025-24813, a remote code execution flaw that lets attackers turn a routine server compromise into a full takeover. An unpatched Internet-facing Apache Tomcat server is all it takes to expose your enterprise to this threat.

Analyst 207
Technician in a network operations room checking equipment surrounding a central router.

Cisco Disrupts Active Exploitation of SD-WAN Manager Flaw

Cisco is taking swift action to combat the active exploitation of a medium-severity flaw in its SD-WAN Manager, known as CVE-2026-20262, which could let hackers create or overwrite files on affected systems. Federal agencies have until June 29, 2026 to remediate the vulnerability.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room with a highlighted server in the foreground.

LiteLLM Flaw Exploited in Wild, Enables Unauthenticated RCE

A high-severity flaw in BerriAI's LiteLLM, known as CVE-2026-42271, has been actively exploited, allowing unauthenticated users to execute commands remotely. This critical vulnerability affects LiteLLM versions 1.74.2 to 1.83.7 and has been deemed a major security risk.

Analyst 207
Server racks and computer hardware in a dimly lit e-commerce IT area.

CISA Warns of Exploited Magento Extension Flaw

A critical flaw in the Mirasvit Full Page Cache Warmer Magento extension, tracked as CVE-2026-45247, has been exploited by hackers, allowing them to execute remote code without authentication. This vulnerability, rated 9.8 on the CVSS scale, enables attackers to wreak havoc by supplying a malicious PHP object in the CacheWarmer cookie.

Analyst 207
Smartphone on a neutral surface with blurred background.

CISA Warns of Active Exploits Targeting Android, Linux Flaws

A high-severity Android flaw, CVE-2025-48595, is being actively exploited in targeted attacks, allowing hackers to gain increased privileges without needing any user interaction. This critical vulnerability affects Android 14-16 and has prompted CISA to add it to its list of Known Exploited Vulnerabilities.

Analyst 207
Server equipment on a rack in a brightly-lit government agency setting.

CISA Flags Oracle WebLogic Flaw as Actively Exploited

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged a high-severity Oracle WebLogic flaw, CVE-2024-21182, as actively exploited, prompting federal agencies to apply fixes by June 4, 2026. This critical vulnerability, rated 7.5 by CVSS, was added to CISA's Known Exploited Vulnerabilities Catalog after evidence of active exploitation was confirmed.

Analyst 207
Professional in a government agency setting near a whiteboard or screen.

CISA Opens KEV Nominations to Bolster Vulnerability Intelligence

CISA is now accepting nominations for its Known Exploited Vulnerabilities catalog, empowering public reporting to strengthen the nation's cybersecurity posture by quickly identifying and mitigating exploited vulnerabilities. By submitting through the new KEV nomination form, you're helping to keep federal, private, and critical infrastructure networks safe.

Analyst 207
Rows of equipment racks and monitoring stations in a server room with an empty workstation.

CISA Flags Actively Exploited Langflow, Trend Micro Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on two major vulnerabilities, CVE-2025-34291 and CVE-2026-34926, currently being exploited by hackers, and is requiring federal agencies to patch them by June 4, 2026. These weaknesses, found in Langflow and Trend Micro Apex One, could allow attackers to take control of systems and execute malicious code.

Analyst 207
Network equipment and cables surround a Cisco-style SD-WAN controller device in a large IT infrastructure room.

CISA Flags Cisco SD-WAN Vulnerability as Exploited

CISA has flagged a critical Cisco SD-WAN vulnerability, CVE-2026-20182, as exploited, giving federal agencies until May 17, 2026, to patch the authentication bypass flaw that could grant hackers administrative privileges. This vulnerability, scoring 10.0 on the CVSS scale, is now a top priority for remediation.

Analyst 207
Rows of computer servers with a focused server displaying a blank screen in a brightly-lit network operations center.

Ivanti EPMM Flaw Exploited, Grants Admin-Level Access

A critical flaw in Ivanti's Endpoint Manager Mobile (EPMM) has been exploited, allowing attackers to gain admin-level access - and the government is taking swift action to mitigate the threat. Federal agencies are now required to remediate the vulnerability, known as CVE-2026-6973, by May 10, 2026.

Analyst 207
Linux terminal on a monitor in a data center or computer lab setting.

CISA Warns of Actively Exploited Linux Root Access Bug

A nine-year-old Linux kernel bug, known as Copy Fail, is being actively exploited in the wild, allowing unprivileged users to gain root access with a simple 732-byte Python-based exploit. The Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog, warning of potential security risks.

Analyst 207
Patch cable connected to network switch in dimly lit server room with Windows desktop in background.

Microsoft Patch Fails to Quell Russian Spy Exploitation of Windows Flaw

Microsoft's latest patch isn't enough to stop Russian spies from exploiting a Windows flaw, leaving sensitive information vulnerable to exposure. The incomplete fix is linked to a previously patched vulnerability from February, highlighting the urgent need for a more robust solution.

Analyst 207
Windows computer terminal on office desk with paperwork and pen in a government setting.

CISA Orders Federal Agencies to Patch Exploited Windows Flaw

Federal agencies are on high alert: a critical Windows vulnerability, CVE-2026-32202, must be patched by May 12 to prevent zero-click credential theft via malicious LNK files. CISA has ordered all Federal Civilian Executive Branch agencies to secure their Windows endpoints and servers within two weeks.

Analyst 207
Modern IT infrastructure room with servers, networking equipment, and exposed cables, with a window showing daylight in the…

CISA Flags Actively Exploited ConnectWise, Windows Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged two major vulnerabilities, including a critical flaw in ConnectWise ScreenConnect and a Microsoft Windows Shell bug, as actively exploited by hackers. These flaws could allow attackers to execute remote code, access confidential data, and compromise critical systems.

Analyst 207
Federal agency office with computer workstation, papers, and laptop, conveying urgency and remediation.

CISA Flags Four Exploited Vulnerabilities, Sets Federal Patch Deadline

The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged four actively exploited vulnerabilities, urging Federal Civilian Executive Branch (FCEB) agencies to patch or discontinue use of affected systems by May 8, 2026. These critical flaws, detailed in CISA's Known Exploited Vulnerabilities (KEV) catalog, pose a significant threat to cybersecurity and must be addressed promptly.

Analyst 207
Dimly lit network operations center with glowing laptop and large screen displaying city map highlighting vulnerabilities.

CISA Warns of Active Cisco SD-WAN Exploits

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning to federal agencies, ordering them to patch three critical Cisco SD-WAN vulnerabilities within four days after discovering they're being actively exploited by hackers. This urgent directive comes after Cisco patched the flaws in its Catalyst SD-WAN Manager platform.

Analyst 207