Exploit List - 2026 2025 2024 2023 2021 2020 2019 2018
DATE |
NAME |
Info | CATEG. |
WEB |
| 13.5.26 | Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation | A threat actor with affiliations to China has been linked to a "multi-wave intrusion" targeting an unnamed Azerbaijani oil and gas company | Exploit | The Hacker News |
| 10.5.26 | CISA gives feds four days to patch Ivanti flaw exploited as zero-day | CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | Ivanti warns of new EPMM flaw exploited in zero-day attacks | Ivanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. | Exploit | BleepingComputer |
| 10.5.26 | Palo Alto Networks firewall zero-day exploited for nearly a month | Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. | Exploit | BleepingComputer |
| 10.5.26 | Palo Alto Networks warns of firewall RCE zero-day exploited in attacks | Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. | Exploit | BleepingComputer |
| 9.5.26 | They don’t hack, they borrow: How fraudsters target credit unions | Fraudsters aren't hacking credit unions, they are exploiting normal business processes. Flare reveals how structured loan fraud methods use stolen identities to pass verification and secure funds. | Exploit | BleepingComputer |
| 9.5.26 | CISA says ‘Copy Fail’ flaw now exploited to root Linux systems | CISA has warned that threat actors have started exploiting the "Copy Fail" Linux security vulnerability in the wild, one day after Theori researchers disclosed it and shared a proof-of-concept (PoC) exploit. | Exploit | BleepingComputer |
| 8.5.26 | Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions | Details have emerged about a new, unpatched local privilege escalation (LPE) vulnerability impacting the Linux kernel. Dubbed Dirty Frag , it has been described as a successor to Copy Fail (CVE-2026-31431, CVSS score: 7.8), a recently disclosed LPE flaw impacting the Linux kernel that has since come under active exploitation in the wild. The vulnerability was reported to Linux kernel maintainers on April 30, 2026. | Exploit | The Hacker News |
| 8.5.26 | Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access | Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild. The high- | Exploit | The Hacker News |
| 8.5.26 | PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems | Cybersecurity researchers have disclosed details of a new credential theft framework dubbed PCPJack that targets exposed cloud | Exploit | The Hacker News |
| 8.5.26 | PAN-OS RCE Exploit Under Active Use Enabling Root Access and Espionage | Palo Alto Networks has disclosed that threat actors may have attempted to unsuccessfully exploit a recently disclosed critical security flaw as | Exploit | The Hacker News |
| 6.5.26 | Palo Alto PAN-OS Flaw Under Active Exploitation Enables Remote Code Execution | Palo Alto Networks has released an advisory warning that a critical buffer overflow vulnerability in its PAN-OS software has been exploited in the | Exploit | The Hacker News |
| 5.5.26 | MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks | Threat actors are actively exploiting a critical security flaw impacting an open-source content management system (CMS) known as MetInfo, | Exploit | The Hacker News |
| 3.5.26 | CISA Adds Actively Exploited Linux Root Access Bug CVE-2026-31431 to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed security flaw impacting various Linux | Exploit | The Hacker News |
| 3.5.26 | Critical cPanel and WHM bug exploited as a zero-day, PoC now available | The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. | Exploit | BleepingComputer |
| 2.5.26 | CISA orders feds to patch Windows flaw exploited as zero-day | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to secure their Windows systems against a vulnerability exploited in zero-day attacks. | Exploit | BleepingComputer |
| 1.5.26 | Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft | A new software supply chain attack campaign has been observed using sleeper packages as a conduit to subsequently push malicious payloads that | Exploit | The Hacker News |
| 29.4.26 | CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 27.4.26 | PhantomCore Exploits TrueConf Vulnerabilities to Breach Russian Networks | A pro-Ukrainian hacktivist group called PhantomCore has been attributed to attacks actively targeting servers running TrueConf video conferencing | Exploit | The Hacker News |
| 26.4.26 | New ‘Pack2TheRoot’ flaw gives hackers root Linux access | A new vulnerability dubbed Pack2TheRoot could be exploited in the PackageKit daemon to allow local Linux users to install or remove system packages and gain root permissions. | Exploit | |
| 26.4.26 | Hackers exploit file upload bug in Breeze Cache WordPress plugin | Hackers are actively exploiting a critical vulnerability in the Breeze Cache plugin for WordPress that allows uploading arbitrary files on the server without authentication. | Exploit | |
| 26.4.26 | CISA orders feds to patch BlueHammer flaw exploited as zero-day | CISA has ordered U.S. federal agencies to patch a Microsoft Defender privilege escalation flaw (dubbed BlueHammer) that has been exploited in zero-day attacks. | Exploit | |
| 26.4.26 | New Mirai campaign exploits RCE flaw in EoL D-Link routers | A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. | Exploit | BleepingComputer |
| 25.4.26 | CISA flags new SD-WAN flaw as actively exploited in attacks | CISA has given U.S. government agencies four days to secure their systems against another Catalyst SD-WAN Manager vulnerability it flagged as actively exploited in attacks. | Exploit | |
| 25.4.26 | Actively exploited Apache ActiveMQ flaw impacts 6,400 servers | Nonprofit security organization Shadowserver found that over 6,400 Apache ActiveMQ servers exposed online are vulnerable to ongoing attacks exploiting a high-severity code injection vulnerability. | Exploit | BleepingComputer |
| 25.4.26 | CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal Deadline | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added four vulnerabilities impacting SimpleHelp, Samsung MagicINFO 9 | Exploit | The Hacker News |
| 21.4.26 | No Exploit Needed: How Attackers Walk Through the Front Door via Identity-Based Attacks | The cybersecurity industry has spent the last several years chasing sophisticated threats like zero-days, supply chain compromises, and AI- | Exploit | The Hacker News |
| 21.4.26 | CISA Adds 8 Exploited Flaws to KEV, Sets April-May 2026 Federal Deadlines | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added eight new vulnerabilities to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 19.4.26 | CISA flags Apache ActiveMQ flaw as actively exploited in attacks | CISA warned that attackers are now exploiting a high-severity Apache ActiveMQ vulnerability, which was patched earlier this month after going undetected for 13 years. | Exploit | BleepingComputer |
| 19.4.26 | Recently leaked Windows zero-days now exploited in attacks | Threat actors are exploiting three recently disclosed Windows security vulnerabilities in attacks aimed at gaining SYSTEM or elevated administrator permissions. | Exploit | |
| 19.4.26 | New Microsoft Defender “RedSun” zero-day PoC grants SYSTEM privileges | A researcher known as "Chaotic Eclipse" has published a proof-of-concept exploit for a second Microsoft Defender zero-day, dubbed "RedSun," in the past two weeks, protesting how the company works with cybersecurity researchers. | Exploit | |
| 19.4.26 | Critical Nginx UI auth bypass flaw now actively exploited in the wild | A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication. | Exploit | |
| 19.4.26 | CISA flags Windows Task Host vulnerability as exploited in attacks | CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. | Exploit | |
| 18.4.26 | Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched | Huntress is warning that threat actors are exploiting three recently disclosed security flaws in Microsoft Defender to gain elevated privileges in | Exploit | The Hacker News |
| 12.4.26 | Hackers exploiting Acrobat Reader zero-day flaw since December | Attackers have been exploiting a zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least December. | Exploit | |
| 12.4.26 | Hackers exploit critical flaw in Ninja Forms WordPress plugin | A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution. | Exploit | |
| 11.4.26 | Max severity Flowise RCE vulnerability now exploited in attacks | Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. | Exploit | |
| 11.4.26 | Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit | Exploit code has been released for an unpatched Windows privilege escalation flaw reported privately to Microsoft, allowing attackers to gain SYSTEM or elevated administrator permissions. | Exploit | |
| 11.4.26 | CISA orders feds to patch exploited Fortinet EMS flaw by Friday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to secure FortiClient Enterprise Management Server (EMS) instances against an actively exploited vulnerability by Friday. | Exploit | |
| 10.4.26 | Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025 | Threat actors have been exploiting a previously unknown zero-day vulnerability in Adobe Reader using maliciously crafted PDF documents since at least | Exploit | The Hacker News |
| 6.4.26 | Adversaries Exploit Vacant Homes to Intercept Mail in Hybrid Cybercrime | Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector. | Exploit | BleepingComputer |
| 5.4.26 | 36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants | Cybersecurity researchers have discovered 36 malicious packages in the npm registry that are disguised as Strapi CMS plugins but come with different | Exploit | The Hacker News |
| 5.4.26 | Hackers exploit TrueConf zero-day to push malicious software updates | Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints. | Exploit | |
| 5.4.26 | Routine Access Is Powering Modern Intrusions, a New Threat Report Finds | Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents. | Exploit | |
| 5.4.26 | Google fixes fourth Chrome zero-day exploited in attacks in 2026 | Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year. | Exploit | BleepingComputer |
| 4.4.26 | CISA orders feds to patch actively exploited Citrix flaw by Thursday | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their Citrix NetScaler appliances against an actively exploited vulnerability by Thursday. | Exploit | |
| 3.4.26 | Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials | A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database | Exploit | The Hacker News |
| 1.4.26 | New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released | Google on Thursday released security updates for its Chrome web browser to address 21 vulnerabilities, including a zero-day flaw that it said has been | Exploit | The Hacker News |
| 1.4.26 | TrueConf Zero-Day Exploited in Attacks on Southeast Asian Government Networks | A high-severity security flaw in the TrueConf client video conferencing software has been exploited in the wild as a zero-day as part of a campaign | Exploit | The Hacker News |
| 29.3.26 | CISA: New Langflow flaw actively exploited to hijack AI workflows | The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents. | Exploit | |
| 26.3.26 | CISA orders feds to patch DarkSword iOS flaws exploited attacks | CISA ordered U.S. government agencies to patch three iOS vulnerabilities targeted in cryptocurrency theft and cyberespionage attacks using the DarkSword exploit kit | Exploit | |
| 24.3.26 | Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems | Threat actors are suspected to be exploiting a maximum-severity security flaw impacting Quest KACE Systems Management Appliance (SMA), according to | Exploit | The Hacker News |
| 21.3.26 | CISA urges US orgs to secure Microsoft Intune systems after Stryker breach | CISA warned U.S. organizations to follow Microsoft guidance to strengthen the Intune endpoint management tool after a cyberattack exploited it to wipe medical technology giant Stryker's systems. | Exploit | |
| 21.3.26 | Critical Microsoft SharePoint flaw now exploited in attacks | A critical Microsoft SharePoint vulnerability patched in January is now being exploited in attacks, the Cybersecurity and Infrastructure Security Agency (CISA) warned. | Exploit | |
| 21.3.26 | CISA orders feds to patch Zimbra XSS flaw exploited in attacks | CISA has ordered U.S. government agencies to secure their servers against an actively exploited vulnerability in the Zimbra Collaboration Suite (ZCS). | Exploit | BleepingComputer |
| 21.3.26 | The Refund Fraud Economy: Exploiting Major Retailers and Payment Platforms | Refund fraud is now a business, with methods and tutorials sold to exploit return policies for profit. Flare shows how fraudsters turn refunds and chargebacks into a repeatable profit model. | Exploit | BleepingComputer |
| 21.3.26 | New DarkSword iOS exploit used in infostealer attack on iPhones | A new exploit kit for iOS devices and delivery framework dubbed "Darksword" has been used to steal a wide range of personal information, including data from cryptocurrency wallet app. | Exploit | |
| 21.3.26 | CISA Flags Apple, Craft CMS, Laravel Bugs in KEV, Orders Patching by April 3, 2026 | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added five security flaws impacting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities ( KEV ) catalog, urging federal agencies to patch them by April 3, 2026. | Exploit | The Hacker News |
| 20.3.26 | 54 EDR Killers Use BYOVD to Exploit 35 Signed Vulnerable Drivers and Disable Security | A new analysis of endpoint detection and response (EDR) killers has revealed that 54 of them leverage a technique known as bring your own vulnerable | Exploit | The Hacker News |
| s19.3.26 | CISA flags Wing FTP Server flaw as actively exploited in attacks | CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. | Exploit | BleepingComputer |
| 19.3.26 | DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover | A new exploit kit for Apple iOS devices designed to steal sensitive data from is being wielded by multiple threat actors since at least November 2025, | Exploit | The Hacker News |
| 19.3.26 | CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting | Exploit | The Hacker News |
| 17.3.26 | CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known | Exploit | The Hacker News |
| 15.3.26 | Google fixes two new Chrome zero-days exploited in attacks | Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. | Exploit | BleepingComputer |
| 15.3.26 | CISA orders feds to patch n8n RCE flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. | Exploit | |
| 13.3.26 | Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 | Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the | Exploit | The Hacker News |
| 12.3.26 | CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited | Exploit | The Hacker News |
| 10.3.26 | FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials | Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) | Exploit | The Hacker News |
| 10.3.26 | CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities ( KEV ) | Exploit | The Hacker News |
| 9.3.26 | Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure | High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The | Exploit | The Hacker News |
| 7.3.26 | WordPress membership plugin bug exploited to create admin accounts | Hackers are exploiting a critical vulnerability in the User Registration & Membership plugin, which is installed on more than 60,000 WordPress sites. | Exploit | |
| 7.3.26 | Google says 90 zero-days were exploited in attacks last year | Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. | Exploit | |
| 7.3.26 | Cisco flags more SD-WAN flaws as actively exploited in attacks | Cisco has flagged two Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices. | Exploit | |
| 7.3.26 | CISA flags VMware Aria Operations RCE flaw as exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a VMware Aria Operations vulnerability tracked as CVE-2026-22719 to its Known Exploited Vulnerabilities catalog, flagging the flaw as exploited in attacks. | Exploit | |
| 6.3.26 | Cisco Confirms Active Exploitation of Two Catalyst SD-WAN Manager Vulnerabilities | Cisco has disclosed that two more vulnerabilities affecting Catalyst SD-WAN Manager (formerly SD-WAN vManage) have come under active exploitation in | Exploit | The Hacker News |
| 4.3.26 | Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1 | Google said it identified a "new and powerful" exploit kit dubbed Coruna (aka CryptoWaters) targeting Apple iPhone models running iOS versions between | Exploit | The Hacker News |
| 4.3.26 | CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a recently disclosed security flaw impacting Broadcom VMware Aria | Exploit | The Hacker News |
| 1.3.26 | US sanctions Russian broker for buying stolen zero-day exploits | The U.S. Treasury Department has sanctioned a Russian exploit broker who bought stolen hacking tools from a former executive of a U.S. defense contractor. | Exploit | BleepingComputer |
| 28.2.26 | CISA: Recently patched RoundCube flaws now exploited in attacks | CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. | Exploit | |
| 22.2.26 | CISA orders feds to patch actively exploited Dell flaw within 3 days | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024. | Exploit | |
| 21.2.26 | CISA Adds Two Actively Exploited Roundcube Flaws to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added two security flaws impacting Roundcube webmail software to its Known | Exploit | The Hacker News |
| 19.2.26 | CISA gives feds 3 days to patch actively exploited BeyondTrust flaw | CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days. | Exploit | |
| 19.2.26 | Google patches first Chrome zero-day exploited in attacks this year | Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year. | Exploit | |
| 18.2.26 | CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 16.2.26 | New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released | Google on Friday released security updates for its Chrome browser to address a security flaw that it said has been exploited in the wild. The high-severity | Exploit | The Hacker News |
| 15.2.26 | Critical BeyondTrust RCE flaw now exploited in attacks, patch now | A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. | Exploit | |
| 13.2.26 | Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability | Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access | Exploit | The Hacker News |
| 12.2.26 | 83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure | A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to | Exploit | The Hacker News |
| 12.2.26 | Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Apple Devices | Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in | Exploit | The Hacker News |
| 10.2.26 | Dutch Authorities Confirm Ivanti Zero-Day Exploit Exposed Employee Contact Data | The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems | Exploit | The Hacker News |
| 10.2.26 | SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers | Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk | Exploit | The Hacker News |
| 9.2.26 | TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure | Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious | Exploit | The Hacker News |
| 8.2.26 | Critical n8n flaws disclosed along with public exploits | Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. | Exploit | |
| 8.2.26 | CISA: VMware ESXi flaw now exploited in ransomware attacks | CISA confirmed on Wednesday that ransomware gangs have begun exploiting a high-severity VMware ESXi sandbox escape vulnerability that was used in zero-day attacks since at least February 2024. | Exploit | |
| 8.2.26 | CISA warns of five-year-old GitLab flaw exploited in attacks | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks. | Exploit | |
| 4.2.26 | CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to | Exploit | The Hacker News |
| 3.2.26 | Ivanti warns of two EPMM flaws exploited in zero-day attacks | Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. | Exploit | |
| 3.2.26 | Microsoft patches actively exploited Office zero-day vulnerability | Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. | Exploit | |
| 3.2.26 | CISA says critical VMware RCE flaw now actively exploited | CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. | Exploit | |
| 30.1.26 | Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released | Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day | Exploit | The Hacker News |
| 28.1.26 | Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 | Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched | Exploit | The Hacker News |
| 27.1.26 | Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation | Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, | Exploit | The Hacker News |
| 25.1.26 | CISA confirms active exploitation of four enterprise software bugs | The Cybersecurity and Infrastructure Security Agency (CISA) in the U.S. warned of active exploitation of four vulnerabilities impacting enterprise software from Versa and Zimbra, the Vite frontend tooling framework, and the Prettier code formatter. | Exploit | |
| 25.1.26 | Hackers exploit critical telnetd auth bypass flaw to get root | A coordinated campaign has been observed targeting a recently disclosed critical-severity vulnerability that has been present in the GNU InetUtils telnetd server for 11 years. | Exploit | |
| 25.1.26 | SmarterMail auth bypass flaw now exploited to hijack admin accounts | Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. | Exploit | |
| 25.1.26 | Hackers exploit security testing apps to breach Fortune 500 firms | Threat actors are exploiting misconfigured web applications used for security training and internal penetration testing, such as DVWA, OWASP Juice Shop, Hackazon, and bWAPP, to gain access to cloud environments of Fortune 500 companies and security vendors. | Exploit | |
| 24.1.26 | CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that | Exploit | The Hacker News |
| 24.1.26 | CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities ( KEV ) catalog, | Exploit | The Hacker News |
| 22.1.26 | SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release | A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The | Exploit | The Hacker News |
| 22.1.26 | Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations | Cybersecurity company Arctic Wolf has warned of a "new cluster of automated malicious activity" that involves unauthorized firewall configuration changes | Exploit | The Hacker News |
| 18.1.26 | Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks | Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. | Exploit | |
| 18.1.26 | Hackers exploit Modular DS WordPress plugin flaw for admin access | Hackers are actively exploiting a maximum severity flaw in the Modular DS WordPress plugin that allows them to bypass authentication remotely and access the vulnerable sites with admin-level privileges. | Exploit | |
| 18.1.26 | Exploit code public for critical FortiSIEM command injection flaw | Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a remote, unauthenticated attacker to execute commands or code. | Exploit | |
| 17.1.26 | CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks | CISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. | Exploit | |
| 16.1.26 | Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways | Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686. | Exploit | The Hacker News |
| 16.1.26 | Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access | A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack. The vulnerability, tracked as CVE- | Exploit | The Hacker News |
| 14.1.26 | CISA Warns of Active Exploitation of Gogs Vulnerability Enabling Code Execution | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned of active exploitation of a high-severity security flaw impacting Gogs by adding it to its Known | Exploit | The Hacker News |
| 10.1.26 | VMware ESXi zero-days likely exploited a year before disclosure | Chinese-speaking threat actors used a compromised SonicWall VPN appliance to deliver a VMware ESXi exploit toolkit that seems to have been developed more than a year before the targeted vulnerabilities became publicly known. | Exploit | |
| 10.1.26 | Cisco warns of Identity Service Engine flaw with exploit code | Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. | Exploit | |
| 10.1.26 | CISA tags max severity HPE OneView flaw as actively exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. | Exploit | |
| 10.1.26 | New D-Link flaw in legacy DSL routers actively exploited in attacks | Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. | Exploit | |
| 10.1.26 | The Great VM Escape: ESXi Exploitation in the Wild | Based on indicators we observed, including the workstation name the threat actor was operating from and other TTPs, the Huntress Tactical Response team assesses with high confidence that initial access occurred via SonicWall VPN. | Exploit | HUNTRESS |
| 8.1.26 | Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release | Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept | Exploit | The Hacker News |
| 7.1.26 | CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. | Exploit | The Hacker News |
| 4.1.26 | Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass | Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | CISA orders feds to patch MongoBleed flaw exploited in attacks | CISA ordered U.S. federal agencies to patch an actively exploited MongoDB vulnerability (MongoBleed) that can be exploited to steal credentials, API keys, and other sensitive data. | Exploit | |
| 3.1.26 | Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks | Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. | Exploit |