Exploitation

FortiGate Devices

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials

Cybersecurity researchers have uncovered a campaign in which threat actors are exploiting vulnerabilities in FortiGate Next‑Generation Firewall devices to gain unauthorized access to corporate networks and steal sensitive credentials. According to a report from SentinelOne, attackers are targeting firewall appliances by exploiting recently disclosed security flaws or by using weak authentication credentials. Once inside the system, […]

Attackers Exploit FortiGate Devices to Breach Networks and Steal Service Account Credentials Read More »

Web Server Exploits and Mimikatz

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure

High profile organizations across South Asia, Southeast Asia, and East Asia are being targeted in an ongoing cyber campaign believed to be conducted by a Chinese linked threat group. The attacks have been running for several years and primarily focus on organizations that play a critical role in national infrastructure. Security researchers from Palo Alto Networks

Attackers Use Web Server Exploits and Mimikatz to Target Asian Critical Infrastructure Read More »

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1

A newly uncovered cyber offensive framework named Coruna, also tracked as CryptoWaters, has emerged as one of the most advanced iOS exploit kits observed in recent years. According to findings released by Google, the toolkit specifically targets Apple iPhone devices running iOS versions from 13.0 through 17.2.1. Devices operating on the latest iOS releases remain

Coruna iOS Exploit Kit Leverages 23 Exploits in Five Attack Chains Targeting iOS 13 to 17.2.1 Read More »

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks

More than 900 internet facing FreePBX systems from Sangoma Technologies remain compromised with web shells following exploitation of a serious command injection vulnerability, according to findings released by Shadowserver Foundation. The large scale compromise began in December 2025 and continues to impact organizations worldwide. Of the affected instances, 401 are located in the United States, 51 in Brazil,

Over 900 Sangoma FreePBX Instances Compromised in Active Web Shell Attacks Read More »

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access

A critical zero-day vulnerability affecting Cisco Catalyst SD-WAN platforms has been actively exploited since 2023, enabling attackers to gain unauthorized administrative access to targeted environments. The flaw, identified as CVE-2026-20127, carries a maximum CVSS score of 10.0 and impacts both Cisco Catalyst SD-WAN Controller and SD-WAN Manager solutions. The vulnerability allows a remote, unauthenticated attacker

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access Read More »

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution

SolarWinds has issued urgent security updates to resolve four critical vulnerabilities in its Serv-U file transfer platform. If exploited, these flaws could allow attackers to execute arbitrary code with root level privileges, creating severe security exposure for affected systems. All four vulnerabilities carry a CVSS score of 9.1, placing them in the critical severity category.

SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution Read More »

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

The United States Cybersecurity and Infrastructure Security Agency has officially added a newly revealed security flaw in FileZen to its Known Exploited Vulnerabilities (KEV) catalog after confirming that threat actors are actively abusing the issue in real world attacks. The vulnerability, identified as CVE-2026-25108, carries a CVSS v4 severity rating of 8.7 and involves an operating

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability Read More »

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited

The U.S. Cybersecurity and Infrastructure Security Agency, Cybersecurity and Infrastructure Security Agency, has issued an urgent alert regarding two recently patched vulnerabilities affecting Roundcube Webmail. The agency confirmed that both flaws are now being actively exploited in real world attacks and has directed federal agencies to apply patches within three weeks. Roundcube has served as the default

CISA Warns Recently Patched RoundCube Vulnerabilities Are Now Being Exploited Read More »

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb

Cybersecurity analysts have uncovered a sophisticated cryptojacking campaign that distributes a customized XMRig miner through pirated software bundles. The operation combines social engineering, privilege escalation, worm like propagation, and a time triggered logic bomb to maximize cryptocurrency mining performance on compromised systems. According to a technical assessment published by Trellix, the malware demonstrates a multi stage

Wormable XMRig Campaign Leverages BYOVD Exploit and Time Based Logic Bomb Read More »

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries

Amazon Threat Intelligence has reported a sophisticated cyber campaign in which a Russian-speaking, financially motivated threat actor leveraged commercial generative AI tools to compromise over 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, demonstrates how AI is increasingly lowering the barrier to entry for cybercriminals with limited

AI Assisted Threat Actor Compromises Over 600 FortiGate Devices Across 55 Countries Read More »