Exploitation

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses. […]

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools

Cybersecurity analysts have identified a newly emerging ransomware strain named Reynolds, notable for embedding a built-in Bring Your Own Vulnerable Driver (BYOVD) mechanism directly within its ransomware payload. This approach is designed to bypass endpoint security defenses before file encryption begins. BYOVD is a well-known attacker technique that abuses legitimate but vulnerable kernel drivers to escalate

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass

SolarWinds has issued security updates to fix multiple vulnerabilities affecting SolarWinds Web Help Desk (WHD), including four critical flaws that could enable unauthenticated attackers to bypass authentication and execute arbitrary code on affected systems. The vulnerabilities pose a serious risk to organizations using the platform, as several of the issues can be exploited without valid credentials, potentially giving

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass Read More »

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released emergency security updates to address a critical zero day vulnerability affecting several Unified Communications products and Webex Calling Dedicated Instance. The flaw, tracked as CVE-2026-20045, has been confirmed as actively exploited in real world attacks, prompting urgent action from organizations using impacted systems. Critical Zero Day Allows Remote Command Execution The vulnerability

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has issued urgent security updates for multiple vulnerabilities affecting on-premise Windows deployments of Apex Central, including a critical flaw that could allow attackers to execute arbitrary code with elevated privileges. The most severe issue, tracked as CVE-2025-69258, has been assigned a CVSS score of 9.8, placing it among the highest risk vulnerabilities. According to Trend

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions Read More »

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »