Risk
-
Microsoft says on-prem Exchange flaw under active exploitation
Microsoft said an actively exploited Exchange Server flaw affects on-premises versions 2016, 2019 and Subscription Edition. The company issued temporary mitigations and said Exchange Online is not affected.
-
Cisco patches critical SD-WAN Controller flaw after limited exploitation
Cisco said a critical authentication bypass in Catalyst SD-WAN Controller, CVE-2026-20182, was exploited in limited attacks. The flaw can let a remote attacker gain administrative access and alter SD-WAN network settings.
-
Malicious node-ipc versions found stealing cloud and developer secrets
Three malicious node-ipc npm versions were found stealing developer and cloud secrets, according to a technical analysis by Socket. The code targets dozens of credential types and uses a direct exfiltration path to a fake Azure domain.
-
Ghostwriter targets Ukrainian government entities in fresh phishing campaign
Ghostwriter has been tied to new attacks on Ukrainian government entities since March 2026, using malicious PDFs, geofencing checks and a JavaScript version of PicassoLoader to deliver Cobalt Strike, according to an ESET technical analysis.
-
PraisonAI flaw was probed within hours of public disclosure
PraisonAI was probed within hours of a disclosed authentication bypass, according to Sysdig. The flaw affects versions 2.5.6 through 4.6.33 and was patched in 4.6.34.
-
Two new Windows zero-days expose BitLocker and CTFMON flaws
A technical disclosure says two new Windows zero-days can bypass BitLocker in recovery mode and may enable privilege escalation in CTFMON, adding to a recent run of Microsoft security issues.
-
New Fragnesia Linux flaw can grant root access, researchers say
Fragnesia is a new Linux kernel local privilege escalation flaw that can grant root access, according to a technical analysis. The issue affects the XFRM ESP-in-TCP subsystem and has prompted advisories from multiple Linux distributions.
-
NGINX flaw left hidden for 18 years could allow remote code execution
A critical NGINX rewrite module flaw hidden for 18 years can let a remote attacker trigger code execution or denial of service with crafted requests, according to a technical analysis and vendor advisory.
-
MuddyWater hackers targeted South Korean electronics maker in broad espionage campaign
MuddyWater targeted at least nine organizations in a cyberespionage campaign that included a major South Korean electronics maker, government agencies and an airport, according to Symantec. The group used DLL sideloading, PowerShell and other legitimate tools.
-
Critical Exim flaw can let remote attackers run code on affected servers
A critical Exim flaw fixed in version 4.99.3 could let unauthenticated attackers execute code on affected mail servers. The bug affects some GnuTLS-based builds before 4.99.3 and is triggered during TLS shutdown with chunked SMTP traffic.
