VulnHub

A serious SQL injection vulnerability has been discovered in the Ally WordPress plugin, putting over 200,000 websites at risk of data theft. This flaw allows attackers to manipulate database queries, potentially exposing sensitive user information. Although a patch has been released to fix the issue, many installations remain unpatched and therefore vulnerable. Website owners are urged to apply the update as soon as possible to protect their sites and users. The ongoing risk highlights the importance of timely software updates in safeguarding against cyber threats.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to address a critical vulnerability in n8n, an open-source workflow automation tool, that is currently being exploited by attackers. This vulnerability allows remote code execution, meaning that an unauthorized user can potentially take control of affected systems. Government agencies must prioritize patching their systems to prevent further exploitation and protect sensitive data. The urgency of this directive reflects the growing concerns about the security of automation tools in government operations. Agencies are advised to act swiftly to ensure their systems are secure against this active threat.

The Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious vulnerability in Ivanti Endpoint Manager (EPM) that is currently being exploited in the wild. This flaw has been marked with high severity and affects U.S. federal agencies, which are now mandated to patch their systems within three weeks. The urgency stems from the risk that attackers could leverage this vulnerability to gain unauthorized access to sensitive information. Organizations using Ivanti EPM should prioritize applying the necessary patches to safeguard their systems and data from potential breaches.

The Cybersecurity and Infrastructure Security Agency (CISA) has alerted U.S. federal agencies to address three critical security flaws in iOS that have been exploited in cyberespionage and cryptocurrency theft. These vulnerabilities are being targeted through the Coruna exploit kit, which has been linked to recent attacks. Federal agencies are urged to implement patches promptly to protect sensitive information and financial assets. The exploitation of these flaws poses serious risks, potentially allowing attackers to gain unauthorized access to devices and data. Swift action is essential to mitigate these threats and secure federal systems.

Hackers have begun exploiting a serious vulnerability in BeyondTrust Remote Support known as CVE-2026-1731, which allows unauthenticated remote code execution. This flaw was identified and a proof of concept (PoC) was released just a day prior to the exploitation attempts, indicating a rapid response from malicious actors. Organizations using BeyondTrust Remote Support should be particularly vigilant, as this vulnerability poses significant risks, potentially allowing attackers to take control of affected systems. The quick exploitation of this flaw underscores the importance of timely patch management and security measures to protect sensitive data and systems from unauthorized access. Users are urged to monitor for updates and apply any patches as soon as they become available to mitigate risks.

Recent zero-day vulnerabilities in Ivanti's Endpoint Manager Mobile (EPMM) have sparked renewed concern among cybersecurity experts. These flaws, which can be exploited by attackers, could potentially compromise sensitive data in mobile devices managed by the software. Organizations using EPMM must act quickly to secure their systems, as these vulnerabilities are already being exploited in the wild. Experts are urging a shift away from simply applying patches and towards more robust security measures, including better authentication controls and reducing unnecessary public interfaces. The urgency of the situation emphasizes the need for businesses to prioritize security and stay updated with the latest patches and practices.

A serious vulnerability has been discovered in BeyondTrust Remote Support and Privileged Remote Access appliances, allowing attackers to execute code remotely without authentication. This flaw has become a target for exploitation after a proof-of-concept (PoC) was made publicly available. Organizations using these systems should be particularly vigilant, as the flaw can lead to unauthorized access and potential data breaches. BeyondTrust has released patches to address this issue, and it’s crucial for users to apply these updates promptly to protect their systems. The urgency of this situation highlights the need for proactive security measures in remote access technologies.

Flashpoint has reported a significant decrease in the time it takes for vulnerabilities to be exploited after they are disclosed. This trend indicates that attackers are increasingly quick to take advantage of known flaws, especially N-Day vulnerabilities, which are issues that have been publicly disclosed but not yet patched by users. This shift poses a serious risk for organizations that may not act swiftly enough to secure their systems. The rapid exploitation can lead to increased incidents of data breaches and cyberattacks, affecting both businesses and their customers. Companies need to prioritize their patch management processes to mitigate these risks and protect sensitive information.

Microsoft has recently patched six zero-day vulnerabilities, which are serious security flaws that attackers can exploit to gain unauthorized access. Users are typically urged to update their systems immediately to protect against such threats. However, some experts are advising caution, suggesting that these patches might cause issues or conflicts with existing software. This situation leaves many users in a challenging position as they weigh the risks of applying the updates against the potential vulnerabilities. It's important for individuals and organizations to assess their specific environments before proceeding with the updates to ensure they don't inadvertently create new problems.

In February 2026, Microsoft addressed over 50 security vulnerabilities during its Patch Tuesday update, including six zero-day flaws that were actively exploited by attackers. Notably, three of these zero-days involve security feature bypasses. One of the vulnerabilities, identified as CVE-2026-21513, impacts the MSHTML/Trident browser engine used in Internet Explorer on Windows, while CVE-2026-21514 affects Microsoft Word. Attackers can exploit these vulnerabilities by tricking users into opening malicious files or links. As these security holes are actively being exploited, users and organizations must apply the updates promptly to protect their systems from potential breaches.

Researchers have identified a new botnet named SSHStalker that uses the Internet Relay Chat (IRC) protocol for its command-and-control operations. This botnet targets Linux systems, employing older kernel exploits to gain access. It features tools for hiding its activities, including log tampering and rootkit-like components. The existence of SSHStalker is concerning as it demonstrates that attackers are still leveraging outdated vulnerabilities to compromise systems. Organizations running Linux servers should assess their security measures and patch any known vulnerabilities to mitigate potential risks from this botnet.