Active Exploitation Archives • Daily CyberSecurity

LiteSpeed cPanel Privilege Escalation Flaw Exploited in the Wild (CVE-2026-54420)

LiteSpeed cPanel privilege escalation CVE-2026-54420, active exploitation, symlink vulnerability LiteSpeed cPanel Plugin Vulnerability CVE-2026-48172 Exploit

LiteSpeed cPanel Privilege Escalation Flaw Exploited in the Wild (CVE-2026-54420)

Do Son June 16, 2026

A LiteSpeed cPanel privilege escalation flaw is being exploited in the wild right now. Tracked as CVE-2026-54420,...

Cisco SD-WAN Vulnerability Exploited in the Wild: Patch CVE-2026-20262 Now Cisco SD-WAN vulnerability CVE-2026-20262, arbitrary file write, SD-WAN Manager Cisco SD-WAN vulnerability exploited in the wild

Cisco SD-WAN vulnerability CVE-2026-20262, arbitrary file write, SD-WAN Manager Cisco SD-WAN vulnerability exploited in the wild

Cisco SD-WAN Vulnerability Exploited in the Wild: Patch CVE-2026-20262 Now

Do Son June 15, 2026

A Cisco SD-WAN vulnerability is now under active attack, and Cisco is urging customers to patch fast....

Jenkins RCE Vulnerability CVE-2026-53435 Now Under Active Exploitation Jenkins RCE vulnerability active exploitation, CVE-2026-53435, CVE-2026-53436, CVE-2026-53437 Jenkins - CVE-2024-43044 Jenkins vulnerability SSH host key reuse

Jenkins RCE vulnerability active exploitation, CVE-2026-53435, CVE-2026-53436, CVE-2026-53437 Jenkins - CVE-2024-43044 Jenkins vulnerability SSH host key reuse

Jenkins RCE Vulnerability CVE-2026-53435 Now Under Active Exploitation

Do Son June 15, 2026

Attackers are already abusing a critical Jenkins RCE vulnerability in the wild. Tracked as CVE-2026-53435, the flaw...

The CVE Watchtower: Weekly Threat Intelligence Briefing (May 11 – May 17, 2026)

Do Son May 18, 2026

Welcome to your weekly vulnerability digest. If your security dashboards have been flashing red, your telemetry is...

Under Active Attack: Ivanti EPMM Zero-Day Exploited in the Wild via Harvested Admin Credentials Ivanti EPMM Zero-Day CVE-2026-6973 Exploitation CVE-2024-9379, CVE-2024-9380, CVE-2024-9381

Ivanti EPMM Zero-Day CVE-2026-6973 Exploitation CVE-2024-9379, CVE-2024-9380, CVE-2024-9381

Under Active Attack: Ivanti EPMM Zero-Day Exploited in the Wild via Harvested Admin Credentials

Do Son May 7, 2026

Ivanti has issued an urgent security advisory for its Endpoint Manager Mobile (EPMM) platform, formerly known as...

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls PAN-OS Active Exploitation CVE-2026-0300 Root RCE

PAN-OS Active Exploitation CVE-2026-0300 Root RCE

Exploited in the Wild: Critical PAN-OS Buffer Overflow Grants Root Access to Palo Alto Firewalls

Do Son May 6, 2026

Palo Alto Networks has issued an urgent security advisory for a critical vulnerability in its PAN-OS software...

CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra TP-Link, CISA CVE-2023-32315 CISA KEV Catalog Active Exploitation

CISA Warns of Active Exploitation in Cisco, PaperCut, and Zimbra

Do Son April 21, 2026

The Cybersecurity and Infrastructure Security Agency (CISA) has expanded its Known Exploited Vulnerabilities (KEV) Catalog, adding eight...

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited in the Wild: Critical 9.3 CVSS Flaw Turns Tianxin Systems into Hacker Gateways

Do Son April 8, 2026

A critical security vulnerability, tracked as CVE-2021-4473, has been identified in the Tianxin Internet Behavior Management System....

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge PolyShell Magento RCE Magento PolyShell REST API RCE CosmicSting (CVE-2024-34102) Magento Security Updates

PolyShell Exposed: Public PoC and Active Exploitation Disclosed for Critical Magento RCE as Automated Attacks Surge

Do Son April 1, 2026

Magento remains a titan in the e-commerce space, currently “estimated to be running on more than 130,000...

Weaponized in the Wild: Public PoC Exploit Disclosed for Critical 10.0 Cisco SD-WAN Flaw Cisco SD-WAN Vulnerability CVE-2026-20127 CVE-2024-20481 - Daggerfly group

Cisco SD-WAN Vulnerability CVE-2026-20127 CVE-2024-20481 - Daggerfly group

Weaponized in the Wild: Public PoC Exploit Disclosed for Critical 10.0 Cisco SD-WAN Flaw

Do Son March 5, 2026

The cybersecurity landscape has shifted into high gear following the public disclosure of a critical authentication bypass...

Under Attack: Cisco Urges Immediate Action as Hackers Actively Exploit SD-WAN Manager Flaws Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

Under Attack: Cisco Urges Immediate Action as Hackers Actively Exploit SD-WAN Manager Flaws

Do Son March 5, 2026

Cisco has issued an urgent update to its security advisory, warning that two vulnerabilities in the Cisco...

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

BeyondTrust Vulnerability CVE-2026-1731 UPBIT $369M Hack CVE-2024-55591 Ivanti VPN vulnerability, cyber espionage

Hackers Exploit Critical BeyondTrust Flaw to Deploy VShell and SparkRAT Across Multiple Sectors

Do Son February 23, 2026

A critical security flaw in a widely used enterprise access platform is under active attack, prompting urgent...

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

GUARDIANWALL MailSuite Exploit CVE-2026-32661 FileZen Vulnerability CVE-2026-25108 Ivanti EPMM Vulnerability Dormant Backdoor Fortinet Authentication Bypass CVE-2026-24858 VMware vCenter Server Flaw CVE-2025-21590

JPCERT/CC Warns of Active Exploits Targeting Critical FileZen Command Injection Flaw

Do Son February 16, 2026

A critical security vulnerability in FileZen, the popular file transfer appliance from Soliton Systems K.K., is currently...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

“Enjoy Your Admin Access”: Critical SmarterMail RCE Exploited in the Wild

Do Son January 22, 2026

Just weeks after a major vulnerability rocked the SmarterMail ecosystem, security researchers have uncovered a new, critical...

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover Academy LMS Vulnerability CVE-2025-15521

CVE-2025-15521 (CVSS 9.8): Critical Academy LMS Flaw Exploited for Admin Takeover

Do Son January 22, 2026

A critical security vulnerability has been unearthed in the Academy LMS plugin for WordPress, a popular tool...

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

hackerbot-claw campaign Cisco RCE Exploit CVE-2026-20045 SonicWall VPN, Akira Ransomware Nobelium Apache Tomcat, Apache Camel

Under Attack: Critical Cisco RCE (CVE-2026-20045) Exploited in the Wild

Do Son January 22, 2026

Cisco has issued an urgent warning to network administrators worldwide: a critical remote code execution (RCE) vulnerability...

Check Point VPN vulnerability exploited in the wild Check Point VPN exploit CVE-2026-50751 zero-day Checkmarx Breach Supply Chain Attack Ivanti EPMM RCE CVE-2026-1281 Modular DS Vulnerability CVE-2026-23550 D-Link RCE Vulnerability CVE-2026-0625 Christmas 2025 GreyNoise Campaign, Japan-Based Initial Access Broker React2Shell Zero-Day, APT Active Exploitation WordPress vulnerability, authentication bypass FreePBX, zero-day Trend Micro Apex One, Remote Code Execution BitoPro Hack, Crypto Theft UNC5337 - CVE-2022-47945 Safe{Wallet} hack Fortinet vulnerability, CVE-2024-21762, FortiGate attack Balloonfly, Play ransomware Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

Exploited in the Wild: Critical Modular DS Flaw CVE-2026-23550 (CVSS 10) Allows Instant Admin Takeover

Do Son January 15, 2026

A critical privilege escalation vulnerability, tracked as CVE-2026-23550 (CVSS 10), has been discovered in the Modular DS...

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation Knowledge Deliver RCE vulnerability FortiClient EMS Vulnerability CVE-2026-35616 Cisco SD-WAN Vulnerability CVE-2026-20122 PCPcat, Next.js RCE Salesloft breach, Salesforce CRM WIREFIRE web shell

CISA Alert: MongoBleed Added to KEV Catalog as 80,000+ Servers Face Active Exploitation

Do Son December 30, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has officially sounded the alarm on a critical vulnerability in...

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical FortiGate SSO Flaw Under Active Exploitation: Attackers Bypass Auth and Exfiltrate Configs

Do Son December 16, 2025

A critical security crisis is unfolding for Fortinet administrators this week. Just days after the vendor disclosed...

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA active exploit catalog known exploited vulnerabilities ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA KEV Alert: GeoServer XXE Flaw Under Active Attack Risks Data Theft & Internal Network Scanning

Do Son December 12, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the widely used OSGeo...