Cybersecurity Flash Notices

UAT-8616 Exploits Cisco SD-WAN Zero-Day for Persistent Access

Cisco Talos revealed active exploitation of CVE-2026-20127, a max-severity authentication bypass vulnerability by the sophisticated threat actor UAT-8616.

Cisco Catalyst SD-WAN Authentication Bypass Vulnerability

CVE-2026-20127 is a critical authentication bypass vulnerability (CVSS 10.0) in the peering authentication mechanism of Cisco Catalyst SD-WAN Controller.

Microsoft Word Security Feature Bypass Vulnerability

CVE-2026-21514 is a security feature bypass vulnerability in Microsoft Word due to reliance on untrusted inputs in a security decision.

Windows Shell Security Feature Bypass Vulnerability

CVE-2026-21510 is a Windows Shell security feature bypass vulnerability that allows an unauthorized attacker to bypass protection prompts over a network.

Notepad++ Supply Chain Attack: Undetected Chains and Evolving Payloads

Kaspersky researchers uncovered multiple undocumented infection chains in a supply chain attack targeting Notepad++ users from July to October 2025.

Kraken Ransomware Group: Big-Game Hunting and Double Extortion Tactics

This report provides a detailed investigation into the Kraken ransomware group - their operations, methods, and the broader implications for cybersecurity.

Vulnerability in Simple User Capabilities Plugin Exposes WordPress Sites

CVE-2025-12158 is a critical privilege escalation vuln. affecting the Simple User Capabilities WordPress plugin (all versions up to + including 1.0).

Critical Vulnerability in Dataphone A920: CVE-2025-61235 Exposed

CVE-2025-61235 is a critical vulnerability affecting the Dataphone A920 firmware arising from improper validation of network packet input.

Critical Remote Code Execution in Oracle Marketing (E-Business Suite)

CVE-2025-53072 is a critical unauthenticated RCE vulnerability affecting the Marketing Admin module of Oracle Marketing, part of Oracle E-Business Suite.

Attackers Exploit Velociraptor in Sophisticated Ransomware Campaigns

Cisco Talos has confirmed that ransomware operators are weaponizing Velociraptor, an open-source DFIR tool, to aid in the deployment of ransomware attacks.

Prev 1 2 3 4 Next