Advisories
Critical Vulnerability in Oracle Identity Manager and Web Services Manager (CVE-2026-21992)
Oracle has released an emergency out-of-band patch for a critical remote code execution vulnerability affecting Oracle Identity Manager (OIM) and Oracle Web Services Manager (OWSM). The vulnerability is tracked as CVE-2026-21992 and is rated at a critical CVSS score of 9.8.
Mar 23, 2026 - 3 Min Read
Critical Vulnerability in Citrix NetScaler ADC and Gateway Security Products (CVE-2026-3055)
On March 23rd, Citrix published an advisory detailing a critical severity vulnerability in their NetScaler ADC and Gateway products. The vulnerability, tracked as CVE-2026-3055, and with a CVSS score of 9.3 allows an unauthenticated attacker to cause a memory overread in the device potentially disclosing sensitive information.
Mar 23, 2026 - 4 Min Read
Critical Vulnerability in Microsoft SharePoint under Active Exploitation (CVE-2026-20963)
On March 18th, 2026, CISA added a Microsoft SharePoint vulnerability tracked as CVE-2026-20963 to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the vulnerability is now being actively exploited in the wild.
Mar 20, 2026 - 3 Min Read
Critical Vulnerability in Ubiquiti Network Application (CVE-2026-22557)
On March 18th, Ubiquiti disclosed a Path Traversal vulnerability in the Unifi Network Application, CVE-2026-22557, which can be leveraged to access the underlying file system and could lead to further modifications and result in compromise of an underlying account.
Mar 18, 2026 - 2 Min Read
Known Abuse of Ivanti EPM Authentication Bypass (CVE-2026-1603)
Known Abuse of Ivanti's Endpoint Manager (EPM) Authentication Bypass (CVE-2026-1603) was reported by CISA's Known Exploited Vulnerabilities Catalog (KEV).
Mar 9, 2026 - 2 Min Read
Critical Vulnerabilities in Cisco SD-Wan Systems Under Active Exploitation (CVE-2026-20127, CVE-2026-20128, CVE-2026-20122)
Updated 03/09/2026 to include additional CVEs disclosed by Cisco affecting the same product line. On February 25th,zCisco disclosed a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager systems. The flaw allows an unauthenticated attacker with network access to the SD-WAN peering service to bypass authentication and establish unauthorized control-plane connections. This vulnerability has been exploited in the wild according to Cisco by a sophisticated threat actor with evidence of exploitation reaching back to 2023.
Feb 25, 2026 - 6 Min Read
Critical Vulnerabilities in Microsoft Windows and Office Under Active Widespread Exploitation (CVE-2026-21510)
Microsoft's February 2026 Patch Tuesday addresses several critical security vulnerabilities, with six zero-day flaws reported as actively exploited in the wild before patches were made available to the public. The disclosed vulnerabilities affect built in Windows components including Windows Shell, MSHTML, Microsoft Word, Windows Notepad, Desktop Window Manager, Remote Desktop Services, and Remote Access Connection Manager.
Feb 11, 2026 - 3 Min Read
Critical Vulnerability (CVE-2026-1731) in Beyond Trust Under Active Exploitation
On February 4, 2025, Beyond Trust reported in their Customer Portal that a critical vulnerability was discovered affecting the Remote Support (RS) and Privileged Remote Access (PRA) products. CVE-2026-1731 and a CVSS score of 9.9 have now been assigned to this vulnerability and is under active exploitation.
Feb 4, 2026 - 4 Min Read
Notepad++ Update Process Hijacked by Sophisticated Adversary
On December 9th, text editor application Notepad++ reported an incident where some of their software update infrastructure had been hijacked to deliver sophisticated backdoor malware to specific targets. Rapid7 published some additional analysis on one of the payloads delivered and attributed the campaign to Chinese state sponsored APT group Lotus Blossom.
Feb 4, 2026 - 3 Min Read
Critical Vulnerabilities in Ivanti EPMM Under Active Exploitation (CVE-2026-1281, CVE-2026-1340)
On January 29th, Ivanti published an advisory concerning two vulnerabilities (tracked as CVE-2026-1281 and CVE-2026-1340) in their Endpoint Manager Mobile (EPMM) product. Both vulnerabilities were listed as remote command injection bugs that allow successful attackers to perform unauthenticated remote code execution (RCE) on an affected device. EPMM is often deployed directly connected to the internet, and as such can provide threat actors with initial access to an organizations network. Ivanti confirmed in their advisory that a “very limited number of customers” had been exploited at time of disclosure. Additionally, CISA added both vulnerabilities to their Known Exploited Vulnerabilities list the same day.
Jan 29, 2026 - 4 Min Read