Advisories
Critical Vulnerability in Ubiquiti Network Application (CVE-2026-22557)
On March 18th, Ubiquiti disclosed a Path Traversal vulnerability in the Unifi Network Application, CVE-2026-22557, which can be leveraged to access the underlying file system and could lead to further modifications and result in compromise of an underlying account.
Mar 18, 2026 - 2 Min Read
Known Abuse of Ivanti EPM Authentication Bypass (CVE-2026-1603)
Known Abuse of Ivanti's Endpoint Manager (EPM) Authentication Bypass (CVE-2026-1603) was reported by CISA's Known Exploited Vulnerabilities Catalog (KEV).
Mar 9, 2026 - 2 Min Read
Critical Vulnerabilities in Cisco SD-Wan Systems Under Active Exploitation (CVE-2026-20127, CVE-2026-20128, CVE-2026-20122)
Updated 03/09/2026 to include additional CVEs disclosed by Cisco affecting the same product line. On February 25th,zCisco disclosed a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager systems. The flaw allows an unauthenticated attacker with network access to the SD-WAN peering service to bypass authentication and establish unauthorized control-plane connections. This vulnerability has been exploited in the wild according to Cisco by a sophisticated threat actor with evidence of exploitation reaching back to 2023.
Feb 25, 2026 - 6 Min Read
Critical Vulnerabilities in Microsoft Windows and Office Under Active Widespread Exploitation (CVE-2026-21510)
Microsoft's February 2026 Patch Tuesday addresses several critical security vulnerabilities, with six zero-day flaws reported as actively exploited in the wild before patches were made available to the public. The disclosed vulnerabilities affect built in Windows components including Windows Shell, MSHTML, Microsoft Word, Windows Notepad, Desktop Window Manager, Remote Desktop Services, and Remote Access Connection Manager.
Feb 11, 2026 - 3 Min Read
Critical Vulnerability (CVE-2026-1731) in Beyond Trust Under Active Exploitation
On February 4, 2025, Beyond Trust reported in their Customer Portal that a critical vulnerability was discovered affecting the Remote Support (RS) and Privileged Remote Access (PRA) products. CVE-2026-1731 and a CVSS score of 9.9 have now been assigned to this vulnerability and is under active exploitation.
Feb 4, 2026 - 4 Min Read
Notepad++ Update Process Hijacked by Sophisticated Adversary
On December 9th, text editor application Notepad++ reported an incident where some of their software update infrastructure had been hijacked to deliver sophisticated backdoor malware to specific targets. Rapid7 published some additional analysis on one of the payloads delivered and attributed the campaign to Chinese state sponsored APT group Lotus Blossom.
Feb 4, 2026 - 3 Min Read
Critical Vulnerabilities in Ivanti EPMM Under Active Exploitation (CVE-2026-1281, CVE-2026-1340)
On January 29th, Ivanti published an advisory concerning two vulnerabilities (tracked as CVE-2026-1281 and CVE-2026-1340) in their Endpoint Manager Mobile (EPMM) product. Both vulnerabilities were listed as remote command injection bugs that allow successful attackers to perform unauthenticated remote code execution (RCE) on an affected device. EPMM is often deployed directly connected to the internet, and as such can provide threat actors with initial access to an organizations network. Ivanti confirmed in their advisory that a “very limited number of customers” had been exploited at time of disclosure. Additionally, CISA added both vulnerabilities to their Known Exploited Vulnerabilities list the same day.
Jan 29, 2026 - 4 Min Read
Critical Auth Bypass Vulnerabilities in Fortinet Products Under Active Exploitation (CVE-2026-24858)
On January 27th, Fortinet published an advisory alerting users to an authentication bypass actively being used in the wild against FortiCloud SSO. This vulnerability being separate to but closely affiliated to (CVE-2025-59718 and CVE-2025-59719) from December 2025 warrant immediate action.
Jan 27, 2026 - 4 Min Read
Critical Vulnerability in Zimbra under active exploitation (CVE-2025-68645)
On January 23, CISA updated their Known Exploited Vulnerability (KEV) catalog with a critical Local File Inclusion (LFI) vulnerability in Zimbra Collaboration (ZCS). This vulnerability, tracked as CVE-2025-68645 and originally reported on December 22nd, allows unauthenticated remote attackers to include arbitrary files from the WebRoot directory by crafting malicious requests to an endpoint in the RestFilter servlet. This can potentially leak enough information to breach the targeted server and provide threat actors initial access into an organizations network.
Jan 23, 2026 - 2 Min Read
Critical Vulnerability in n8n (CVE-2026-21858)
On January 6th, 2026, CVE-2026-21858 was published by n8n, followed shortly by articles by Dor Attias and Cyera documenting critical flaws in n8n's request parsing. The vulnerability allows an unauthenticated attacker to exfiltrate sensitive data, which can lead to full compromise of the n8n system. If a vulnerable n8n system is directly connected to the internet, this could provide threat actors with initial access to an organizations internal network.
Jan 8, 2026 - 2 Min Read