VulnHub

A serious vulnerability has been discovered in Weaver E-cology, an enterprise office automation platform. This flaw, identified as CVE-2026-22679, allows attackers to execute code remotely without authentication. It affects versions of Weaver E-cology prior to 10.0.20260312 and has a high severity score of 9.8, indicating its potential for significant impact. The issue is actively being exploited in the wild, putting users and organizations at risk of unauthorized access and control over their systems. Companies using this software should prioritize updating to the latest version to protect against these attacks.

A new botnet is targeting gaming servers by exploiting misconfigured Jenkins installations. Attackers accessed the Jenkins server through a vulnerability in the scriptText endpoint, which allowed them to execute remote code using a Groovy script. This incident raises concerns for gaming companies and server administrators, as it can lead to unauthorized access and potential service disruptions. Organizations using Jenkins need to ensure their configurations are secure to prevent similar attacks. The exploitation of this vulnerability could have significant implications for the security of gaming platforms and user data.

Hackers are taking advantage of two vulnerabilities in the Qinglong task scheduler, which is an open-source tool used by developers. These vulnerabilities allow attackers to bypass authentication, leading to unauthorized access. Once inside, the hackers deploy cryptominers on the affected servers, which can significantly drain resources and potentially compromise sensitive data. This situation poses a severe risk to developers and organizations using Qinglong, as it not only affects system performance but also raises concerns about data security. Users of this tool should take immediate action to secure their systems to prevent exploitation.

Researchers have identified a serious security flaw in GitHub.com and GitHub Enterprise Server, designated CVE-2026-3854, which could enable an authenticated user to execute arbitrary code remotely with just a single 'git push' command. This command injection vulnerability has a CVSS score of 8.7, indicating its severity. If exploited, it could allow attackers with repository push access to take control over affected systems. This issue affects both individual developers and organizations using GitHub for version control, highlighting the need for immediate awareness and action. Users are advised to monitor their repositories closely and apply any recommended patches as they become available.

A new campaign linked to the Mirai malware is exploiting a serious command-injection vulnerability in D-Link DIR-823X routers, identified as CVE-2025-29635. This vulnerability allows attackers to take control of the routers and integrate them into a botnet. Users of these routers are at risk as their devices can be hijacked for malicious purposes, including launching distributed denial-of-service (DDoS) attacks. This situation is particularly concerning since the affected routers are at the end of their life cycle, meaning they are unlikely to receive security updates. It’s crucial for users to be aware of this exploit and take necessary precautions to secure their networks.

Hackers are currently exploiting a vulnerability in ShowDoc, identified as CVE-2025-0520, which was discovered five years ago. This flaw allows attackers to deploy web shells, enabling remote code execution (RCE) and complete server takeovers on affected systems. The exploitation of this vulnerability is happening globally, impacting various organizations that use ShowDoc. It’s crucial for users and companies to address this issue promptly to prevent unauthorized access and potential data breaches. Security teams should prioritize patching their systems to mitigate the risk posed by this vulnerability.

This week saw several notable cybersecurity incidents, including a zero-day vulnerability affecting Microsoft Defender. Attackers are exploiting this flaw to bypass security measures, putting users at risk. Additionally, SonicWall reported a brute-force attack targeting their products, which could compromise user accounts. In another concerning development, a 17-year-old remote code execution (RCE) vulnerability in Microsoft Excel remains a threat, proving that outdated software can still be a significant risk. These incidents emphasize the need for organizations to stay vigilant and ensure their systems are updated and secure.

A serious vulnerability has been discovered in ShowDoc, an online tool used by IT teams for document sharing and collaboration. This flaw, identified as CVE-2025-0520, allows attackers to execute remote code on unpatched servers, posing a significant risk to organizations that have not updated their systems. With a CVSS score of 9.4, this remote code execution vulnerability is currently being exploited in the wild, meaning that attackers are actively taking advantage of it. Companies using ShowDoc need to prioritize patching their servers to protect against potential breaches and unauthorized access to sensitive information. Failing to address this issue could lead to severe consequences for affected organizations.

A serious vulnerability in Marimo software has come to light, allowing attackers to execute remote code without needing authentication. This flaw is currently being exploited to steal user credentials, making it a pressing issue for organizations using this software. The nature of the vulnerability means that it could potentially affect a wide range of users and systems that rely on Marimo. Companies need to act quickly to protect their data and systems from unauthorized access. Immediate action is essential to mitigate the risk posed by this vulnerability as attackers are actively targeting it.

Recent research has identified thirty-six malicious npm packages related to the Strapi framework that have been linked to Redis remote code execution (RCE), database theft, and persistent command and control (C2) capabilities. In addition, malicious LNK files are being used to distribute a Python-based backdoor. The Kimsuky Group has also been noted for changing their distribution techniques to enhance their attacks. These developments pose serious risks to developers and organizations using these tools, as they could lead to unauthorized access and data breaches. It is crucial for users to be vigilant and ensure they are using secure versions of these packages to avoid falling victim to these threats.

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

A serious vulnerability in Marimo, an open-source Python notebook designed for data science, has been exploited within just 10 hours of being made public. The flaw, identified as CVE-2026-39987, allows attackers to execute remote code without needing authentication, affecting all versions of Marimo up to and including the latest release. Researchers from Sysdig reported this rapid exploitation, underscoring the urgency for users to address this security gap. Organizations using Marimo need to prioritize patching their installations to avoid potential breaches, as the high CVSS score of 9.3 indicates a significant risk. The swift exploitation of this vulnerability serves as a reminder of the importance of timely updates and security practices in software development.