Exploitation

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools

Cybersecurity analysts have identified a newly emerging ransomware strain named Reynolds, notable for embedding a built-in Bring Your Own Vulnerable Driver (BYOVD) mechanism directly within its ransomware payload. This approach is designed to bypass endpoint security defenses before file encryption begins. BYOVD is a well-known attacker technique that abuses legitimate but vulnerable kernel drivers to escalate […]

Reynolds Ransomware Uses BYOVD Driver to Disable EDR Security Tools Read More »

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows

A severe security vulnerability has been disclosed in the n8n workflow automation platform that could allow attackers to execute arbitrary system commands on affected servers. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), bypasses prior safeguards introduced to fix CVE-2025-68613, which was patched in December 2025. According to n8n maintainers, an authenticated user with workflow creation or modification privileges can

Critical n8n Vulnerability CVE-2026-25049 Allows System Command Execution Through Malicious Workflows Read More »

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass

SolarWinds has issued security updates to fix multiple vulnerabilities affecting SolarWinds Web Help Desk (WHD), including four critical flaws that could enable unauthenticated attackers to bypass authentication and execute arbitrary code on affected systems. The vulnerabilities pose a serious risk to organizations using the platform, as several of the issues can be exploited without valid credentials, potentially giving

SolarWinds Fixes Four Critical Web Help Desk Flaws Allowing Unauthenticated RCE and Authentication Bypass Read More »

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex

Cisco has released emergency security updates to address a critical zero day vulnerability affecting several Unified Communications products and Webex Calling Dedicated Instance. The flaw, tracked as CVE-2026-20045, has been confirmed as actively exploited in real world attacks, prompting urgent action from organizations using impacted systems. Critical Zero Day Allows Remote Command Execution The vulnerability

Cisco Patches Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex Read More »

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines

Chinese-speaking threat actors are believed to have abused a compromised SonicWall VPN appliance to gain initial access and deploy a sophisticated VMware ESXi virtual machine escape exploit. According to cybersecurity firm Huntress, the exploit may have been under development as early as February 2024. Huntress detected the malicious activity in December 2025 and successfully disrupted

China-Linked Hackers Exploit VMware ESXi Zero-Day Flaws to Escape Virtual Machines Read More »

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions

Trend Micro has issued urgent security updates for multiple vulnerabilities affecting on-premise Windows deployments of Apex Central, including a critical flaw that could allow attackers to execute arbitrary code with elevated privileges. The most severe issue, tracked as CVE-2025-69258, has been assigned a CVSS score of 9.8, placing it among the highest risk vulnerabilities. According to Trend

Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions Read More »

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release

Cisco has issued updates to fix a medium-severity vulnerability affecting its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC), after a publicly available proof-of-concept (PoC) exploit was released. The flaw, tracked as CVE-2026-20029 with a CVSS score of 4.9, resides in the licensing functionality and could allow a remote, authenticated attacker with administrative

Cisco Patches ISE Security Flaw Following Public PoC Exploit Release Read More »

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet has reported active abuse of a long-standing security vulnerability in FortiOS SSL VPN that allows bypassing two-factor authentication (2FA) under specific configurations. The flaw, tracked as CVE-2020-12812 with a CVSS score of 5.2, arises due to improper authentication handling that lets users log in without being prompted for the second authentication factor if the

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability Read More »

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security vulnerability affecting Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active attacks. The flaw, identified as CVE-2023-52163 with a CVSS score of 8.8, allows post-authentication remote code execution through a command injection vulnerability.

CISA Flags Actively Exploited Digiever NVR Vulnerability Enabling RCE Read More »

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Cybersecurity experts have identified a new variant of the MacSync macOS information stealer that uses a digitally signed and notarized Swift application to bypass Apple’s Gatekeeper protections. The malware is disguised as a messaging app installer, fooling users into installing it. According to Jamf researcher Thijs Xhaflaire, unlike earlier MacSync variants that relied on drag-to-terminal

New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper Read More »