Exploit List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 28.6.26 | CISA sets urgent deadline to fix Cisco flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. | Exploit | BleepingComputer |
| 27.6.26 | CISA warns of max severity Ubiquiti flaws exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers actively exploiting flaws in Ubiquity UniFi OS and Lantronix serial-to-ethernet servers. | Exploit | BleepingComputer |
| 27.6.26 | The Exploit Doesn't Exist. You Can Still Prove It Works Against You | Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists. | Exploit | BleepingComputer |
| 26.6.26 | CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data | Exploit | The Hacker News |
| 25.6.26 | Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access | An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two | Exploit | The Hacker News |
| 25.6.26 | CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting | Exploit | The Hacker News |
| 24.6.26 | Cisco Unified CM Flaw Exploited After PoC Reveals File-Write Path to Root | Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and | Exploit | The Hacker News |
| 24.6.26 | GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns | GitHub is moving to strengthen software supply chain security by updating " actions/checkout " to block pwn request attacks that exploit | Exploit | The Hacker News |
| 21.6.26 | Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin | Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. | Exploit | BleepingComputer |
| 21.6.26 | CISA: Splunk Enterprise flaw actively exploited, patch by Sunday | CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. | Exploit | BleepingComputer |
| 20.6.26 | CISA warns of another cPanel plugin flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin. | Exploit | BleepingComputer |
| 20.6.26 | Critical Fortinet FortiSandbox flaws now exploited in attacks | Attackers are now exploiting several critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, according to threat intelligence company Defused. | Exploit | BleepingComputer |
| 20.6.26 | Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys | Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a | Exploit | The Hacker News |
| 20.6.26 | Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain | Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8 , that achieves arbitrary code execution inside the SecureROM of Apple's A12 and A13 chips. That code is burned into the | Exploit | The Hacker News |
| 16.6.26 | Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week | Bad actors are exploiting multiple security vulnerabilities in Fortinet FortiSandbox, according to threat intelligence firm Defused Cyber. In a | Exploit | The Hacker News |
| 16.6.26 | Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw | Cisco has released security updates for a medium-severity security flaw in Catalyst SD-WAN Manager that has come under active exploitation in | Exploit | The Hacker News |
| 16.6.26 | CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting LiteSpeed cPanel Plugin to its Known | Exploit | The Hacker News |
| 15.6.26 | Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw | Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor | Exploit | The Hacker News |
| 14.6.26 | CISA orders feds to patch actively exploited Ivanti flaw by Sunday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. | Exploit | BleepingComputer |
| 14.6.26 | Oracle mitigates PeopleSoft zero-day exploited in data theft attacks | Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. | Exploit | BleepingComputer |
| 13.6.26 | CISA gives feds 3 days to patch Check Point VPN bug exploited as zero-day | CISA has ordered U.S. government agencies to secure their Check Point Remote Access VPN and Mobile Access deployments against a critical vulnerability exploited in zero-day attacks by Qilin ransomware affiliates. | Exploit | BleepingComputer |
| 13.6.26 | Google patches new Chrome zero-day flaw exploited in the wild | Google has released emergency updates to patch another Chrome zero-day vulnerability that has been exploited in the wild, the fifth such flaw patched since the start of the year. | Exploit | BleepingComputer |
| 12.6.26 | ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities | The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand | Exploit | The Hacker News |
| 12.6.26 | New GreatXML Exploit Bypasses Windows BitLocker via Recovery Partition XML Files | Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML , a day after they published an exploit for Microsoft Defender. "This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. | Exploit | The Hacker News |
| 10.6.26 | ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances | ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to | Exploit | The Hacker News |
| 9.6.26 | WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine | Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year | Exploit | The Hacker News |
| 9.6.26 | Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild - Patch Now | Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The | Exploit | The Hacker News |
| 9.6.26 | LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a high-severity flaw impacting BerriAI LiteLLM to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 9.6.26 | One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public | Security researchers have published a detailed, working exploit for a Linux kernel use-after-free that lets an unprivileged local user escalate to | Exploit | The Hacker News |
| 8.6.26 | Critical Check Point VPN Flaw Exploited to Bypass Passwords in IKEv1 Setups | Check Point has warned of active exploitation of a critical vulnerability impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The | Exploit | The Hacker News |
| 7.6.26 | CISA: Hackers now exploit SolarWinds Serv-U flaw to crash servers | CISA warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers. | Exploit | BleepingComputer |
| 7.6.26 | Cisco warns of unpatched SD-WAN zero-day exploited in attacks | On Thursday, Cisco warned of a high-severity, unpatched zero-day in the Cisco Catalyst SD-WAN Manager (tracked as CVE-2026-20245) actively exploited in attacks enabling root privilege escalation. | Exploit | BleepingComputer |
| 7.6.26 | Cisco warns of critical Unified CM flaw with PoC exploit code | Cisco has released security updates to patch a critical-severity Unified Communications Manager (Unified CM) flaw that allows attackers to gain root privileges. | Exploit | BleepingComputer |
| 7.6.26 | CISA warns of active attacks exploiting Android, Linux bugs | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting vulnerabilities in the Linux kernel and Android operating system. | Exploit | BleepingComputer |
| 7.6.26 | Critical Kirki flaw exploited to hijack WordPress admin accounts | Hackers are exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the Kirki plugin for WordPress to take over any user account, including those belonging to administrators. | Exploit | BleepingComputer |
| 6.6.26 | CISA flags two-year-old Oracle flaw as actively exploited in attacks | CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and is now actively exploited in attacks. | Exploit | BleepingComputer |
| 6.6.26 | Critical Windows Netlogon RCE flaw now exploited in attacks | The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability (CVE-2026-41089) in attacks. | Exploit | BleepingComputer |
| 6.6.26 | WP Maps Pro bug exploited to create admin accounts on WordPress sites | Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication. | Exploit | BleepingComputer |
| 6.6.26 | CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting SolarWinds Serv-U multi- | Exploit | The Hacker News |
| 5.6.26 | Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites | Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to | Exploit | The Hacker News |
| 4.6.26 | CISA Adds Exploited Magento RCE Flaw CVE-2026-45247 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical flaw impacting Mirasvit Cache Warmer, a | Exploit | The Hacker News |
| 3.6.26 | Gamaredon Exploits WinRAR to Deliver GammaWorm and GammaSteel Against Ukraine | The Russian hacking group known as Gamaredon has been attributed to the continued exploitation of a WinRAR vulnerability to deliver multiple | Exploit | The Hacker News |
| 1.6.26 | Critical WP Maps Pro Flaw Actively Exploited to Create Admin Accounts | Threat actors are attempting to actively exploit a critical security flaw impacting WP Maps Pro , a WordPress plugin that has had over 15,000 | Exploit | The Hacker News |
| 31.5.26 | Hackers exploit FortiClient EMS flaw to push infostealer malware | Hackers are exploiting an authentication bypass vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS) to deliver an undocumented credential stealer called EKZ | Exploit | BleepingComputer |
| 30.5.26 | CISA gives feds 4 days to patch actively exploited cPanel plugin flaw | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks. | Exploit | BleepingComputer |
| 30.5.26 | CISA orders feds to patch actively exploited Drupal vulnerability | CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited. | Exploit | BleepingComputer |
| 28.5.26 | FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch | Arctic Wolf observed a threat cluster exploiting CVE-2026-35616, deploying an infostealer disguised as a Fortinet patch to FortiClient EMS-managed endpoints. | Exploit | ARTICWOLF |
| 26.5.26 | Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability | In late 2025, Mandiant responded to a security incident involving a compromised web server running KnowledgeDeliver. KnowledgeDeliver is a Learning Management System (LMS) developed by Digital Knowledge commonly used in Japan. | Exploit | GTI |
| 26.5.26 | KnowledgeDeliver LMS Flaw Exploited to Deploy Godzilla and Cobalt Strike | A now-patched high-severity security flaw affecting Digital Knowledge KnowledgeDeliver , a Learning Management System (LMS) popular in | Exploit | The Hacker News |
| 25.5.26 | Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks | Threat actors are exploiting a recently disclosed critical security flaw in Ghost CMS to inject malicious JavaScript code with an aim to fuel | Exploit | The Hacker News |
| 24.5.26 | Trend Micro warns of Apex One zero-day exploited in the wild | Japanese cybersecurity software company Trend Micro has addressed an Apex One zero-day vulnerability exploited in attacks targeting Windows systems. | Exploit | BleepingComputer |
| 24.5.26 | Microsoft warns of new Defender zero-days exploited in attacks | On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. | Exploit | BleepingComputer |
| 23.5.26 | Exploit released for new PinTheft Arch Linux root escalation flaw | PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems. | Exploit | BleepingComputer |
| 23.5.26 | Microsoft shares mitigation for YellowKey Windows zero-day | Microsoft has shared mitigations for YellowKey, a recently disclosed Windows BitLocker zero-day vulnerability that grants access to protected drives. | Exploit | BleepingComputer |
| 23.5.26 | LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root | A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, | Exploit | The Hacker News |
| 23.5.26 | Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw impacting Drupal Core to | Exploit | The Hacker News |
| 21.5.26 | Microsoft Warns of Two Actively Exploited Defender Vulnerabilities | Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. | Exploit | The Hacker News |
| 20.5.26 | Microsoft Releases Mitigation for YellowKey BitLocker Bypass CVE-2026-45585 Exploit | Microsoft on Tuesday released a mitigation for a BitLocker bypass vulnerability named YellowKey following its public disclosure last week. | Exploit | The Hacker News |
| 17.5.26 | Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming | A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject | Exploit | The Hacker News |
| 17.5.26 | Funnel Builder WordPress plugin bug exploited to steal credit cards | A critical vulnerability in the Funnel Builder plugin for WordPress is being actively exploited to inject malicious JavaScript snippets into WooCommerce checkout pages. | Exploit | BleepingComputer |
| 17.5.26 | Microsoft warns of Exchange zero-day flaw exploited in attacks | On Thursday, Microsoft shared mitigations for a high-severity Exchange Server vulnerability exploited in attacks that allow threat actors to execute arbitrary code via cross-site scripting (XSS) while targeting Outlook on the web users. | Exploit | BleepingComputer |
| 17.5.26 | Hackers exploit auth bypass flaw in Burst Statistics WordPress plugin | Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. | Exploit | BleepingComputer |
| 13.5.26 | Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation | A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company | Exploit | The Hacker News |
| 10.5.26 | CISA gives feds four days to patch Ivanti flaw exploited as zero-day | CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | Ivanti warns of new EPMM flaw exploited in zero-day attacks | Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | Palo Alto Networks firewall zero-day exploited for nearly a month | Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. | Exploit | BleepingComputer |
| 10.5.26 | Palo Alto Networks warns of firewall RCE zero-day exploited in attacks | Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. | Exploit | BleepingComputer |
| 9.5.26 | They don’t hack, they borrow: How fraudsters target credit unions | Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. | Exploit | BleepingComputer |
| 9.5.26 | CISA says ‘Copy Fail’ flaw now exploited to root Linux systems | CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. | Exploit | BleepingComputer |
| 8.5.26 | Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions | Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag , it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers on April 30, 2026. | Exploit | The Hacker News |
| 8.5.26 | Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access | Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high- | Exploit | The Hacker News |
| 8.5.26 | PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems | Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud | Exploit | The Hacker News |
| 8.5.26 | PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage | Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as | Exploit | The Hacker News |
| 6.5.26 | Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution | Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the | Exploit | The Hacker News |
| 5.5.26 | MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks | Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, | Exploit | The Hacker News |
| 3.5.26 | CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux | Exploit | The Hacker News |
| 3.5.26 | Critical cPanel and WHM bug exploited as a zero-day, PoC now available | The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. | Exploit | BleepingComputer |
| 2.5.26 | CISA orders feds to patch Windows flaw exploited as zero-day | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. | Exploit | BleepingComputer |
| 1.5.26 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft | A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that | Exploit | The Hacker News |
| 29.4.26 | CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 27.4.26 | PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks | A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing | Exploit | The Hacker News |
| 26.4.26 | New ‘Pack2TheRoot’ flaw gives hackers root Linux access | A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. | Exploit | |
| 26.4.26 | Hackers exploit file upload bug in Breeze Cache WordPress plugin | Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. | Exploit | |
| 26.4.26 | CISA orders feds to patch BlueHammer flaw exploited as zero-day | CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. | Exploit | |
| 26.4.26 | New Mirai campaign exploits RCE flaw in EoL D-Link routers | A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. | Exploit | BleepingComputer |
| 25.4.26 | CISA flags new SD-WAN flaw as actively exploited in attacks | CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. | Exploit | |
| 25.4.26 | Actively exploited Apache ActiveMQ flaw impacts 6,400 servers | Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. | Exploit | BleepingComputer |
| 25.4.26 | CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 | Exploit | The Hacker News |
| 21.4.26 | No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks | The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI- | Exploit | The Hacker News |
| 21.4.26 | CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 19.4.26 | CISA flags Apache ActiveMQ flaw as actively exploited in attacks | CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. | Exploit | BleepingComputer |
| 19.4.26 | Recently leaked Windows zero-days now exploited in attacks | Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. | Exploit | |
| 19.4.26 | New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges | A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. | Exploit | |
| 19.4.26 | Critical Nginx UI auth bypass flaw now actively exploited in the wild | A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. | Exploit | |
| 19.4.26 | CISA flags Windows Task Host vulnerability as exploited in attacks | CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. | Exploit | |
| 18.4.26 | Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched | Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in | Exploit | The Hacker News |
| 12.4.26 | Hackers exploiting Acrobat Reader zero-day flaw since December | Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. | Exploit | |
| 12.4.26 | Hackers exploit critical flaw in Ninja Forms WordPress plugin | A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. | Exploit | |
| 11.4.26 | Max severity Flowise RCE vulnerability now exploited in attacks | Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. | Exploit | |
| 11.4.26 | Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit | Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. | Exploit | |
| 11.4.26 | CISA orders feds to patch exploited Fortinet EMS flaw by Friday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. | Exploit | |
| 10.4.26 | Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 | Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least | Exploit | The Hacker News |
| 6.4.26 | Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime | Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. | Exploit | BleepingComputer |
| 5.4.26 | 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants | Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different | Exploit | The Hacker News |
| 5.4.26 | Hackers exploit TrueConf zero-day to push malicious software updates | Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. | Exploit | |
| 5.4.26 | Routine Access Is Powering Modern Intrusions, a New Threat Report Finds | Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. | Exploit | |
| 5.4.26 | Google fixes fourth Chrome zero-day exploited in attacks in 2026 | Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. | Exploit | BleepingComputer |
| 4.4.26 | CISA orders feds to patch actively exploited Citrix flaw by Thursday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. | Exploit | |
| 3.4.26 | Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials | A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database | Exploit | The Hacker News |
| 1.4.26 | New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released | Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been | Exploit | The Hacker News |
| 1.4.26 | TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks | A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign | Exploit | The Hacker News |
| 29.3.26 | CISA: New Langflow flaw actively exploited to hijack AI workflows | The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. | Exploit | |
| 26.3.26 | CISA orders feds to patch DarkSword iOS flaws exploited attacks | CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit | Exploit | |
| 24.3.26 | Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems | Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to | Exploit | The Hacker News |
| 21.3.26 | CISA urges US orgs to secure Microsoft Intune systems after Stryker breach | CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems. | Exploit | |
| 21.3.26 | Critical Microsoft SharePoint flaw now exploited in attacks | A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. | Exploit | |
| 21.3.26 | CISA orders feds to patch Zimbra XSS flaw exploited in attacks | CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). | Exploit | BleepingComputer |
| 21.3.26 | The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms | Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. | Exploit | BleepingComputer |
| 21.3.26 | New DarkSword iOS exploit used in infostealer attack on iPhones | A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. | Exploit | |
| 21.3.26 | CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities ( KEV ) catalog, urging federal agencies to patch them by April 3, 2026. | Exploit | The Hacker News |
| 20.3.26 | 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security | A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable | Exploit | The Hacker News |
| s19.3.26 | CISA flags Wing FTP Server flaw as actively exploited in attacks | CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. | Exploit | BleepingComputer |
| 19.3.26 | DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover | A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, | Exploit | The Hacker News |
| 19.3.26 | CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting | Exploit | The Hacker News |
| 17.3.26 | CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known | Exploit | The Hacker News |
| 15.3.26 | Google fixes two new Chrome zero-days exploited in attacks | Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. | Exploit | BleepingComputer |
| 15.3.26 | CISA orders feds to patch n8n RCE flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. | Exploit | |
| 13.3.26 | Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 | Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the | Exploit | The Hacker News |
| 12.3.26 | CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited | Exploit | The Hacker News |
| 10.3.26 | FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials | Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) | Exploit | The Hacker News |
| 10.3.26 | CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 9.3.26 | Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure | High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The | Exploit | The Hacker News |
| 7.3.26 | WordPress membership plugin bug exploited to create admin accounts | Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. | Exploit | |
| 7.3.26 | Google says 90 zero-days were exploited in attacks last year | Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. | Exploit | |
| 7.3.26 | Cisco flags more SD-WAN flaws as actively exploited in attacks | Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. | Exploit | |
| 7.3.26 | CISA flags VMware Aria Operations RCE flaw as exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. | Exploit | |
| 6.3.26 | Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities | Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in | Exploit | The Hacker News |
| 4.3.26 | Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 | Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between | Exploit | The Hacker News |
| 4.3.26 | CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria | Exploit | The Hacker News |
| 1.3.26 | US sanctions Russian broker for buying stolen zero-day exploits | The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. | Exploit | BleepingComputer |
| 28.2.26 | CISA: Recently patched RoundCube flaws now exploited in attacks | CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. | Exploit | |
| 22.2.26 | CISA orders feds to patch actively exploited Dell flaw within 3 days | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. | Exploit | |
| 21.2.26 | CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known | Exploit | The Hacker News |
| 19.2.26 | CISA gives feds 3 days to patch actively exploited BeyondTrust flaw | CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. | Exploit | |
| 19.2.26 | Google patches first Chrome zero-day exploited in attacks this year | Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. | Exploit | |
| 18.2.26 | CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 16.2.26 | New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released | Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity | Exploit | The Hacker News |
| 15.2.26 | Critical BeyondTrust RCE flaw now exploited in attacks, patch now | A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. | Exploit | |
| 13.2.26 | Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability | Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access | Exploit | The Hacker News |
| 12.2.26 | 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure | A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to | Exploit | The Hacker News |
| 12.2.26 | Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices | Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in | Exploit | The Hacker News |
| 10.2.26 | Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data | The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems | Exploit | The Hacker News |
| 10.2.26 | SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers | Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk | Exploit | The Hacker News |
| 9.2.26 | TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure | Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious | Exploit | The Hacker News |
| 8.2.26 | Critical n8n flaws disclosed along with public exploits | Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. | Exploit | |
| 8.2.26 | CISA: VMware ESXi flaw now exploited in ransomware attacks | CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. | Exploit | |
| 8.2.26 | CISA warns of five-year-old GitLab flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. | Exploit | |
| 4.2.26 | CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to | Exploit | The Hacker News |
| 3.2.26 | Ivanti warns of two EPMM flaws exploited in zero-day attacks | Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. | Exploit | |
| 3.2.26 | Microsoft patches actively exploited Office zero-day vulnerability | Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. | Exploit | |
| 3.2.26 | CISA says critical VMware RCE flaw now actively exploited | CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. | Exploit | |
| 30.1.26 | Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released | Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day | Exploit | The Hacker News |
| 28.1.26 | Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 | Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched | Exploit | The Hacker News |
| 27.1.26 | Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation | Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, | Exploit | The Hacker News |
| 25.1.26 | CISA confirms active exploitation of four enterprise software bugs | The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. | Exploit | |
| 25.1.26 | Hackers exploit critical telnetd auth bypass flaw to get root | A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. | Exploit | |
| 25.1.26 | SmarterMail auth bypass flaw now exploited to hijack admin accounts | Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. | Exploit | |
| 25.1.26 | Hackers exploit security testing apps to breach Fortune 500 firms | Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. | Exploit | |
| 24.1.26 | CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that | Exploit | The Hacker News |
| 24.1.26 | CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 22.1.26 | SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release | A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The | Exploit | The Hacker News |
| 22.1.26 | Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations | Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes | Exploit | The Hacker News |
| 18.1.26 | Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks | Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. | Exploit | |
| 18.1.26 | Hackers exploit Modular DS WordPress plugin flaw for admin access | Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. | Exploit | |
| 18.1.26 | Exploit code public for critical FortiSIEM command injection flaw | Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. | Exploit | |
| 17.1.26 | CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks | CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. | Exploit | |
| 16.1.26 | Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways | Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. | Exploit | The Hacker News |
| 16.1.26 | Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access | A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE- | Exploit | The Hacker News |
| 14.1.26 | CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known | Exploit | The Hacker News |
| 10.1.26 | VMware ESXi zero-days likely exploited a year before disclosure | Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. | Exploit | |
| 10.1.26 | Cisco warns of Identity Service Engine flaw with exploit code | Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. | Exploit | |
| 10.1.26 | CISA tags max severity HPE OneView flaw as actively exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. | Exploit | |
| 10.1.26 | New D-Link flaw in legacy DSL routers actively exploited in attacks | Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. | Exploit | |
| 10.1.26 | The Great VM Escape: ESXi Exploitation in the Wild | Based on indicators we observed, including the workstation name the threat actor was operating from and other TTPs, the Huntress Tactical Response team assesses with high confidence that initial access occurred via SonicWall VPN. | Exploit | HUNTRESS |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 7.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit |