VulnHub

Real-time Cybersecurity News

Unpatched ScreenConnect servers open to attack (CVE-2026-3564)

Help Net Security
CVEExploitVulnerabilityCritical

Overview

ConnectWise has addressed a significant vulnerability (CVE-2026-3564) in its ScreenConnect remote access platform, which is widely used by managed service providers and IT departments. This flaw allows attackers to potentially hijack remote sessions by misusing ASP.NET machine keys to create forged authentication tokens. The vulnerability arises from inadequate verification of cryptographic signatures, making it possible for hackers to exploit the issue remotely. Organizations that utilize ScreenConnect, whether in cloud-hosted or on-premise configurations, need to prioritize applying the available patches to safeguard their systems. Failure to address this vulnerability could lead to unauthorized access to sensitive information and operations.

Key Takeaways

  • Affected Systems: ScreenConnect remote access platform by ConnectWise, affected versions not specified.
  • Action Required: Users should update to the latest patched version of ScreenConnect provided by ConnectWise to mitigate this vulnerability.
  • Timeline: Newly disclosed

Original Article Summary

ConnectWise has patched a critical vulnerability (CVE-2026-3564) that could enable attackers to hijack ScreenConnect sessions by abusing ASP.NET machine keys to forge trusted authentication. About CVE-2026-3564 The ScreenConnect remote access platform is popular with managed service providers, IT departments, and technology solution providers. They can opt for the cloud-hosted version or can deploy it on their own servers or in their private cloud. CVE-2026-3564 stems from improper verification of cryptographic signature, can be exploited remotely … More → The post Unpatched ScreenConnect servers open to attack (CVE-2026-3564) appeared first on Help Net Security.

Impact

ScreenConnect remote access platform by ConnectWise, affected versions not specified.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Users should update to the latest patched version of ScreenConnect provided by ConnectWise to mitigate this vulnerability.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to CVE, Exploit, Vulnerability, and 1 more.

Read Original Article

Related Coverage

FBI, CISA issue PSA on Russian intelligence campaign to target messaging apps

CyberScoop

The FBI and CISA have issued a public service announcement regarding a Russian intelligence campaign aimed at users of messaging apps, particularly Signal. This warning aligns with previous alerts from authorities in the Netherlands and Germany, highlighting a growing concern about the targeting of secure communication platforms. The campaign suggests that attackers are attempting to compromise the privacy and security of individuals who rely on these apps for confidential conversations. This situation is particularly alarming as it raises questions about the safety of messaging services that users often consider secure. People using these apps should remain vigilant and consider enhancing their security measures to protect their communications.

Mar 20, 2026

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

darkreading

Oracle has announced a critical vulnerability in its Fusion Middleware that allows attackers to execute arbitrary code without needing authentication. This flaw affects Oracle's Identity and Web Services Managers, particularly if they are exposed to the internet. The lack of authentication means that anyone can potentially exploit this vulnerability, making it especially dangerous for organizations that have these services publicly accessible. Companies using these products should take immediate action to secure their systems to prevent unauthorized access and potential data breaches. It's crucial for users to apply the necessary patches as soon as possible to mitigate the risks associated with this flaw.

Mar 20, 2026

Oracle pushes emergency fix for critical Identity Manager RCE flaw

BleepingComputer

Oracle has issued an emergency security update to address a serious vulnerability in its Identity Manager and Web Services Manager products, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, which poses a significant risk to organizations using these systems. The vulnerability could potentially be exploited to gain unauthorized access and control over sensitive information. Users of Oracle's Identity Manager and Web Services Manager should prioritize applying the update to protect their systems from potential attacks. This incident underscores the ongoing need for vigilance in software security, particularly with products that manage identity and access controls.

Mar 20, 2026

Trio sentenced for facilitating North Korean IT worker scheme from their homes

CyberScoop

Three men have been sentenced for their roles in a scheme that funneled approximately $1.28 million in salaries from U.S. companies to North Korean IT workers. The trio operated from their homes, setting up laptop farms and assisting remote workers in creating fake identities to secure jobs. This operation not only defrauded companies but also contributed to North Korea's illicit activities by providing the regime with foreign currency. The case highlights ongoing concerns about cybercrime linked to North Korea and the challenges companies face in verifying the identities of remote workers. As cyber threats evolve, organizations must remain vigilant in their hiring practices to avoid falling victim to similar scams.

Mar 20, 2026

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

The Hacker News

Trivy, an open-source vulnerability scanner developed by Aqua Security, has been compromised for the second time in a month. This breach specifically targeted the GitHub Actions workflows 'aquasecurity/trivy-action' and 'aquasecurity/setup-trivy', which are commonly used for scanning Docker container images for vulnerabilities. Attackers hijacked 75 tags to deliver malware that aims to steal sensitive continuous integration and continuous delivery (CI/CD) secrets. This incident is particularly concerning as it exposes users relying on these tools to potential data breaches and security risks. Organizations using these GitHub Actions should take immediate action to secure their environments and monitor for any unauthorized access or data leaks.

Mar 20, 2026

Cyber OpSec Fail: Beast Gang Exposes Ransomware Server

darkreading

The ransomware group known as Beast Gang has accidentally exposed files from their central cloud server, revealing their aggressive tactics for attacking network backups. These files show a clear strategy focused on targeting backup systems, which is a common method used by ransomware groups to ensure victims are more likely to pay the ransom. This incident raises serious concerns for organizations that rely on cloud services for data storage and highlights the importance of securing backup systems against potential ransomware attacks. As these tactics become more public, companies may need to reassess their cybersecurity measures to protect against such vulnerabilities. The exposure of these files could also lead to further attacks as other cybercriminals may adopt similar strategies.

Mar 20, 2026