Cisco SD-WAN CVE-2026-20245 Actively Exploited, No Patch Yet

CISA SD-WAN vulnerability

Cisco Catalyst SD-WAN Manager CVE-2026-20245 Actively Exploited With No Patch Available A high-severity privilege escalation vulnerability in Cisco Catalyst SD-WAN Manager is being actively exploited in the wild, and no patch currently exists to fix it. CVE-2026-20245, rated 7.8 on the CVSS scale, enables an attacker who holds local system access to execute arbitrary commands … Read more

SolarWinds Serv-U DoS Flaw Actively Exploited: Patch Now

SolarWinds DoS vulnerability

SolarWinds Serv-U Denial-of-Service Flaw CVE-2026-28318 Actively Exploited, CISA Warns Attackers are actively exploiting CVE-2026-28318, a high-severity denial-of-service vulnerability in SolarWinds Serv-U file transfer software, the U.S. Cybersecurity and Infrastructure Security Agency confirmed on June 5, 2026. The flaw requires no credentials, no elevated privileges, and no user interaction to trigger, making it one of the … Read more

CVE-2026-41089: Critical Windows Netlogon RCE Exploited

Active Directory Vulnerability

CVE-2026-41089: Critical Windows Netlogon RCE Flaw Now Actively Exploited A critical Windows Netlogon remote code execution flaw is now being actively weaponized in the wild, three weeks after Microsoft shipped the patch. CVE-2026-41089, carrying a near-perfect CVSS score of 9.8, allows unauthenticated attackers to seize full SYSTEM-level control of any unpatched Windows domain controller by … Read more

PAN-OS GlobalProtect Auth Bypass CVE-2026-0257 Exploited

PAN-OS GlobalProtect Authentication Bypass CVE-2026-0257 Is Being Actively Exploited Right Now A confirmed, in-progress attack campaign is targeting enterprise VPN infrastructure globally, and Canadian organizations are directly in the line of fire. Palo Alto Networks has confirmed that CVE-2026-0257, a PAN-OS GlobalProtect authentication bypass flaw carrying a CVSS score of 7.8, is under active exploitation. … Read more

Microsoft Zero-Day Feud: Six Windows Flaws Disclosed

Six Windows Zero-Days Dropped Without Warning; Three Are Now Actively Exploited Three Windows zero-day vulnerabilities disclosed publicly without prior notice to Microsoft are now being actively exploited in the wild. The situation has triggered a sharp public response from Microsoft and a growing controversy over vulnerability disclosure ethics, GitHub account takedowns, and a researcher threatening … Read more

AI-Driven LLM Agent Exploits Marimo RCE to Dump Databases

AI-Powered LLM Agent Exploits Marimo RCE and Dumps Internal Database in Under Two Minutes Researchers have documented the first confirmed intrusion in which a large language model (LLM) agent autonomously executed a complete post-exploitation chain, moving from a single exposed notebook server to a fully exfiltrated internal database in fewer than 120 seconds. The attack, … Read more

Critical Ghost CMS SQL Injection Flaw Exploited in Massive ClickFix Malware Campaign

Welcome back to The Threat Box. If your organization relies on Ghost CMS for its corporate blog, newsroom, or publishing platform, you need to pay close attention. A highly critical vulnerability is actively being exploited in the wild, turning otherwise reputable websites into delivery mechanisms for a sophisticated malware campaign known as ClickFix. Cybersecurity researchers … Read more