The bugs could be exploited to elevate privileges to System or create a denial-of-service (DoS) condition.
The post Microsoft Patches Exploited UnDefend and RedSun Defender Zero-Days appeared first on SecurityWeek.
Exploitation of Critical NGINX Vulnerability Begins
The flaw leads to denial-of-service on default configurations and to remote code execution if ASLR is disabled.
The post Exploitation of Critical NGINX Vulnerability Begins appeared first on SecurityWeek.
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
Microsoft has shared mitigations for CVE-2026-42897 until a permanent patch can be released for affected Exchange Server versions.
The post Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild appeared first on SecurityWeek.
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
The zero-day, tracked as CVE-2026-20182, has been exploited in targeted attacks by a sophisticated threat actor identified as UAT-8616.
The post Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026 appeared first on SecurityWeek.
Hackers Targeted PraisonAI Vulnerability Hours After Disclosure
The first exploitation attempts were observed less than four hours after the authentication bypass was publicly disclosed.
The post Hackers Targeted PraisonAI Vulnerability Hours After Disclosure appeared first on SecurityWeek.
Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks
CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code.
The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek.
Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking
The cybersecurity firm has not explicitly accused China of being behind the attack, but the evidence suggests it was.
The post Palo Alto Zero-Day Exploited in Campaign Bearing Hallmarks of Chinese State Hacking appeared first on SecurityWeek.
Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls
CVE-2026-0300 affects the Captive Portal service of PAN-OS software on PA and VM series firewalls.
The post Palo Alto Networks to Patch Zero-Day Exploited to Hack Firewalls appeared first on SecurityWeek.
MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs
The security defects allow unauthenticated, remote attackers to execute arbitrary code through crafted requests.
The post MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Crosshairs appeared first on SecurityWeek.
Exploitation of ‘Copy Fail’ Linux Vulnerability Begins
CISA has added the bug to its KEV list, and Microsoft has observed limited exploitation, mainly associated with PoC testing.
The post Exploitation of ‘Copy Fail’ Linux Vulnerability Begins appeared first on SecurityWeek.
