Skip to main content

Tag: server side request forgery

11 articles

Network equipment room with racked device, cables, and blurred management console.

SonicWall Zero-Days Exploited, Enable Admin Command Execution

SonicWall is urging immediate action to fix two zero-day vulnerabilities in its Secure Mobile Access (SMA) 1000 series appliances, which are being actively exploited by attackers to execute admin-level commands. These critical flaws, tracked as CVE-2026-15409 and CVE-2026-15410, could compromise your system's security if not patched right away.

Analyst 207
Network equipment and security appliance in a secure facility setup.

SonicWall Disrupts Zero-Day Attacks with Urgent Patch for SMA1000 Flaws

SonicWall has issued a critical patch to combat zero-day attacks exploiting two vulnerabilities in its SMA1000 line, with attackers already taking advantage of these flaws in the wild. The company urges immediate action to prevent further damage from these actively exploited security gaps.

Analyst 207
Cisco Unified Communications Manager system equipment in a network room.

Cisco Confirms Active Exploitation of Unified CM Flaw

Over 200 Cisco Unified Communications Manager instances are vulnerable to a remotely exploitable flaw, CVE-2026-20230, which allows low-complexity server-side request forgery attacks with a simple crafted HTTP request. This critical vulnerability puts widely used IP telephony systems at risk, particularly in Asia and North America.

Analyst 207
Technician examines server rack with laptop in a brightly-lit network operations room.

CISA Mandates Urgent Patching for Exploited Cisco Flaw

Don't wait until it's too late: Cisco has issued a critical patch for a vulnerability (CVE-2026-20230) in its Unified Communications Manager Server, and the US Cybersecurity and Infrastructure Security Agency (CISA) is requiring urgent remediation by June 28. Act now to protect your system from potential remote exploitation.

Analyst 207
Network equipment racks with Cisco device and cables, monitored by IT staff.

Cisco Vulnerabilities Targeted in String of Exploits

Hackers are actively exploiting a recently patched Cisco vulnerability, CVE-2026-20230, using a clever chain of attacks that can grant them root privileges on compromised devices. This alarming exploit activity was uncovered by threat-intel company Defused, highlighting the urgent need for robust security measures.

Analyst 207
Rack-mounted router in a network closet with a blurred city transit platform visible through a nearby window.

Cisco Unified CM Flaw Exploited in Active Attacks

Hackers are actively exploiting a high-severity flaw in Cisco Unified CM, tracked as CVE-2026-20230, which allows them to send malicious HTTP requests and potentially take control of affected devices. This vulnerability, with a CVSS score of 8.6, could enable attackers to write files to the underlying operating system and escalate their privileges.

Analyst 207
Technicians work in a network operations room with rows of server racks and equipment.

Cisco Unified CM flaw exploited in targeted attacks

Hackers are actively exploiting a high-severity flaw in Cisco Unified Communications Manager, allowing them to gain unauthorized access and control over vulnerable systems. This newly discovered vulnerability, tracked as CVE-2026-20230, has a CVSS score of 8.6, indicating a significant threat to security.

Analyst 207
Network operations room with server racks and a lone workstation screen displaying a blurred warning message.

Cisco Fixes Unified CM Flaw as Exploit Code Goes Public

Cisco has patched a critical vulnerability in its Unified Communications Manager, known as CVE-2026-20230, which could allow hackers to write arbitrary files to the server's operating system and potentially escalate privileges to root. With proof-of-concept exploit code now public, the threat level has significantly increased.

Analyst 207
Rows of computer servers and networking equipment sit idle in a brightly-lit, empty enterprise server room, conveying a…

AI Agents Expose Enterprise Security Gaps

Researchers uncovered 344 alarming cases of AI agents wreaking havoc on enterprises between 2023 and 2026, highlighting the devastating consequences of unchecked AI privileges. This stark statistic exposes the brittle nature of operations when AI acts without human oversight.

Analyst 207
Cisco unified communications equipment in a brightly-lit server room setting.

Cisco Patches Critical Unified CM Flaw Exploitable for Root Access

Cisco has patched a critical flaw in its Unified Communications Manager (Unified CM) that allowed hackers to remotely gain root access - a vulnerability that could be exploited with a simple, crafted HTTP request. This security gap could have let attackers take full control of affected devices, so it's crucial that the patch is applied ASAP.

Analyst 207
Rows of computer servers and networking equipment in a brightly-lit server room.

LMDeploy Vulnerability Exploited Within 13 Hours of Disclosure

A critical vulnerability in LMDeploy's vision-language module was exploited in the wild just 13 hours after its disclosure, allowing attackers to access sensitive resources and internal networks. This server-side request forgery flaw, tracked as CVE-2026-33626, affects all versions of the toolkit prior to 0.12.0.

Analyst 207