Cisco warned of active exploitation of a vulnerability in Catalyst SD-WAN Manager. Tracked as CVE-2026-20245, the vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system. CISA acknowledged the active exploitation of the vulnerability by adding it to its Known Exploited Vulnerabilities Catalog. CISA urges users to patch the vulnerability … Continue reading “Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability Exploited in Attack (CVE-2026-20245)”
Tag: Actively exploited
Microsoft Exchange Server Spoofing Vulnerability Exploited in Attack (CVE-2026-42897)
Microsoft has addressed a new security vulnerability impacting on-premises versions of Exchange Server that is being exploited in the wild. Tracked as CVE-2026-42897, the vulnerability may allow an attacker to perform network spoofing.
Linux Kernel Local Privilege Escalation Vulnerability Exploited in Attacks (Fragnesia) (CVE-2026-46300)
Cybersecurity researchers have identified a new variant in the DirtyFrag family of Linux local privilege escalation vulnerabilities, named ‘Fragnesia’. Tracked as CVE-2026-46300, successful exploitation of the vulnerability may allow an unprivileged local attacker to modify read-only file contents in the kernel page cache and gain root privileges. The vulnerability has been named Fragnesia because the core bug … Continue reading “Linux Kernel Local Privilege Escalation Vulnerability Exploited in Attacks (Fragnesia) (CVE-2026-46300)”
PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)
Palo Alto has warned its users about the active exploitation of a vulnerability in the Palo Alto User-ID Authentication Portal (aka Captive Portal) service running on PAN-OS. Tracked as CVE-2026-0300, the vulnerability has a critical severity rating with a CVSS score of 9.3. Successful exploitation of the vulnerability can lead to arbitrary code execution. Palo Alto has mentioned in their advisory that they are aware … Continue reading “PAN-OS User-ID Authentication Portal Vulnerability Exploited in Attacks (CVE-2026-0300)”
Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)
Threat actors are exploiting a vulnerability in the Linux Kernel tracked as CVE-2026-31431. Named Copy Fail, it’s a critical Linux kernel local privilege escalation vulnerability that allows unprivileged users to gain root by corrupting the page cache of setuid binaries via the AF_ALG crypto API. The vulnerability was discovered and reported by Theori and Xint. CISA also acknowledged the active exploitation of the vulnerability … Continue reading “Linux Kernel Vulnerability Exploited in the Wild (Copy Fail) (CVE-2026-31431)”
Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)
Google released fixes to address two zero-day vulnerabilities impacting its Chrome browser. Tracked as CVE-2026-3909 & CVE-2026-3910, both vulnerabilities have been assigned a high severity rating with a CVSS score of 8.8. Both vulnerabilities were discovered and reported by Google itself on March 10, 2026. CISA also acknowledged the active exploitation of the vulnerabilities and added them to its Known Exploited Vulnerabilities Catalog. CISA urged users to patch the vulnerabilities before March … Continue reading “Google Patches Two Chrome Vulnerabilities Exploited in the Wild (CVE-2026-3909 & CVE-2026-3910)”
Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)
Cisco Talos discovered a cyberattack campaign targeting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. Tracked as CVE-2025-20939, the vulnerability may allow an attacker to execute arbitrary commands with root privileges on the underlying operating system of targeted appliances. The vulnerability has a critical severity rating with a … Continue reading “Cisco Releases Fix for Actively Exploited Zero-day Vulnerability (CVE-2025-20393)”
Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)
Security experts from e-commerce security firm Sansec have discovered that threat attackers are actively exploiting a vulnerability in Adobe Commerce and Magento Open-Source platforms. Tracked as CVE-2025-54236, the vulnerability has a critical severity rating with a CVSS score of 9.1. The vulnerability originates from an improper input validation and could allow attackers to hijack customer accounts … Continue reading “Adobe Magento Improper Input Validation Vulnerability Exploited in Attack (CVE-2025-54236)”
F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)
F5 Networks warned its users about a widespread cyberattack that compromised its systems and led to the theft of BIG-IP source code and details of unpatched security vulnerabilities. In the article, F5 describes becoming aware of the breach in August 2025. A highly sophisticated nation-state threat actor maintained long-term, persistent access to, and downloaded files … Continue reading “F5 BIG-IP Source Code Leaked in State-Linked Cyberattack (BRICKSTORM Malware)”
Malicious MCP Server on npm postmark-mcp Exploited in Attack
Security researchers discovered a significant vulnerability in the Model Context Protocol (MCP) server that was exploited in the wild. The reports described this as the first-ever instance of an MCP server being exploited in the wild, which can lead to software supply chain risks. The flaw exists in the npm package postmark-mcp, an MCP server … Continue reading “Malicious MCP Server on npm postmark-mcp Exploited in Attack”