Image source: IB Photography, Shutterstock Here’s what you need to know about CVE-2026-41940, the flaw that attackers have used to compromise some 44K IPs so far. Threat actors are actively exploiting a…
Category: Vulnerabilities
CISA Mandates Immediate Action on Cisco Firewall Backdoor
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive requiring federal agencies to urgently hunt for and eradicate a persistent “Firestarter” backdoor affecting Cisco Firepower and Secure Firewall devices in an active cyberespionage campaign.
CISA Adds 3 Cisco SD-WAN Manager Flaws to Actively Exploited List
Image source: jackpress, Shutterstock Agency puts another 5 vulnerabilities in products from PaperCut, JetBrains, Kentico, Quest and Zimbra on its Known Exploited Vulnerabilities list. The US Cybersecurity and Infrastructure Security Agency (CISA)…
Exploits Turn Microsoft Defender Against Itself
Image source: PJ McDonnell, Shutterstock Attackers are using Blue Hammer, RedSun and UnDefend exploits in targeted, hands-on intrusions. Threat actors are actively exploiting three publicly available proof-of-concept attacks to compromise Microsoft Defender,…
2 Zero-Days and 18 Other High Risk Vulns in Microsoft’s April Update
Image source: The KonG, Shutterstock In total, the company released fixes for 165 CVEs this Patch Tuesday Microsoft released fixes for 165 CVEs this month. That is the second highest set of…
Calendar Invite Hijacks Gemini AI
Image source: mundissima via Shutterstock Tel Aviv University-led team shows how attackers can weaponize Google Calendar to manipulate connected home systems through AI exploits. New research has shown how attackers can weaponize…
12 Bugs in Microsoft’s April 2025 Update to Patch Now
Image source: QINQIE99,Shutterstock One of them is a 0-day that a threat actor is using in an ransomware campaign Microsoft has released fixes for 126 vulnerabilities in its April 2025 Patch Tuesday…
NSA, CISA, Others Warn About Fast Flux Threat: Here’s Why
Image source: Shutterstock Enterprise organizations, ISPs and security services providers are not adequately prepared to protect against attacks that leverage the technique, authoring agencies say. The NSA, CISA, and international partners have…
Max Severity Bug Affects MITRE Caldera Adversary Emulation Platform
Image source: MITRE Caldera Users should patch immediately to mitigate risk, Caldera security team says. MITRE’s Caldera team has patched a maximum severity remote code execution bug in the adversary emulation platform…
FBI: Russia’s APT29 May Exploit These 24 vulnerabilities-Be Aware
Image source: Shutterstock Recent flaws that the state-affiliated actor has exploited widely include CVE-2023-42793 in JetBrains TeamCity and CVE-2022-27924 in Zimbra. The FBI in collaboration with the National Security Agency, Cyber National…