Network Security

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited

Cisco has confirmed that two security vulnerabilities affecting Cisco Catalyst SD-WAN Manager (previously known as SD-WAN vManage) are currently being exploited in real-world attacks. The vulnerabilities identified by Cisco are CVE-2026-20122 and CVE-2026-20128, both of which impact organizations using the SD-WAN management platform. Details of the Exploited Vulnerabilities The first issue, CVE-2026-20122, carries a CVSS score of 7.1 and allows an […]

Cisco Confirms Two Catalyst SD WAN Manager Vulnerabilities Are Being Actively Exploited Read More »

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries

Google-owned researchers and independent intelligence teams have uncovered fresh details about an artificial intelligence driven campaign targeting Fortinet FortiGate devices worldwide. Investigators now confirm that the attackers relied on an open-source offensive platform known as CyberStrikeAI to automate and scale their operations. AI Tool Identified in Mass Exploitation Campaign Threat analysts at Team Cymru traced the infrastructure

Open Source CyberStrikeAI Used in AI Powered FortiGate Attacks Spanning 55 Countries Read More »

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access

A critical zero-day vulnerability affecting Cisco Catalyst SD-WAN platforms has been actively exploited since 2023, enabling attackers to gain unauthorized administrative access to targeted environments. The flaw, identified as CVE-2026-20127, carries a maximum CVSS score of 10.0 and impacts both Cisco Catalyst SD-WAN Controller and SD-WAN Manager solutions. The vulnerability allows a remote, unauthenticated attacker

Cisco SD WAN Zero Day CVE-2026-20127 Exploited Since 2023 to Gain Admin Access Read More »

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution

A serious cybersecurity vulnerability has been identified in the Grandstream GXP1600 series VoIP phones, potentially allowing attackers to take full control of affected devices without authentication. Security experts warn that this flaw could enable remote compromise with root-level privileges, placing enterprise voice networks at significant risk. Critical RCE Vulnerability Identified The vulnerability, tracked as CVE-2026-2329, carries a CVSS

Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Read More »

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks

Several state-sponsored and criminal cyber groups from China, Iran, North Korea, and Russia have increasingly targeted the defense industrial base (DIB), according to the latest findings from the Google Threat Intelligence Group (GTIG). GTIG reports that these attacks revolve around four main strategies: targeting defense entities using battlefield technologies during the Russia-Ukraine conflict, exploiting employees

Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Attacks Read More »

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure

A large majority of recent exploitation attempts targeting a critical Ivanti Endpoint Manager Mobile, EPMM, vulnerability have been linked to a single IP address operating from bulletproof hosting infrastructure associated with PROSPERO. Threat intelligence company GreyNoise reported observing 417 exploitation sessions between February 1 and February 9, 2026, originating from eight distinct source IP addresses.

83% of Ivanti EPMM Exploits Traced to a Single IP on Bulletproof Hosting Infrastructure Read More »

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms

As part of the latest Patch Tuesday cycle, more than 60 technology vendors have rolled out security updates addressing vulnerabilities affecting operating systems, cloud infrastructure, enterprise applications, and network devices. The coordinated wave of patches reflects the ongoing effort to strengthen cybersecurity defenses across global IT environments. Microsoft Addresses 59 Vulnerabilities Microsoft issued fixes for

More Than 60 Software Vendors Release Security Updates Across OS, Cloud, and Network Platforms Read More »

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits

Cybersecurity researchers have uncovered a newly identified botnet operation named SSHStalker, which leverages the Internet Relay Chat, IRC, protocol as its command-and-control infrastructure. The campaign specifically targets Linux systems by exploiting outdated kernel vulnerabilities, many of which date back more than a decade. According to security firm Flare, the operation combines stealth-focused techniques with older Linux

SSHStalker Botnet Controls Linux Systems via IRC C2 and Legacy Kernel Exploits Read More »

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution

Fortinet has released security updates to remediate a critical security flaw affecting FortiClientEMS that could allow attackers to execute arbitrary code without authentication. The vulnerability is tracked as CVE-2026-21643 and carries a CVSS score of 9.1, placing it among high impact enterprise security risks. According to Fortinet, the issue stems from improper handling of user

Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution Read More »

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations

Singapore’s Cyber Security Agency (CSA) has confirmed that a China linked cyber espionage group known as UNC3886 carried out a coordinated and targeted campaign against the country’s telecommunications sector. According to CSA, the operation was deliberate, highly organized, and carefully executed. All four major telecommunications providers in Singapore, M1, SIMBA Telecom, Singtel, and StarHub, were

China-Linked UNC3886 Targets Singapore Telecom Sector in Cyber Espionage Operations Read More »