VulnHub

Ivanti has alerted its customers about a severe vulnerability in its Endpoint Manager Mobile (EPMM) software that is being actively exploited in zero-day attacks. This security flaw allows attackers to execute remote code, posing a significant risk to organizations using this mobile device management solution. Companies utilizing EPMM should prioritize applying the necessary patches to protect their systems. The vulnerability affects multiple versions of the software, making it crucial for users to act quickly. Failure to address this issue could lead to unauthorized access and potential data breaches, emphasizing the importance of timely updates in cybersecurity practices.

Palo Alto Networks has issued a warning regarding a serious, unpatched vulnerability in the User-ID Authentication Portal of its PAN-OS. This flaw, categorized as a remote code execution (RCE) vulnerability, is currently being exploited in real-world attacks, putting users at significant risk. Organizations using affected versions of PAN-OS should be particularly vigilant as attackers may leverage this weakness to gain unauthorized access to systems. It's crucial for companies to assess their firewall configurations and implement necessary security measures to protect against potential breaches. The situation underscores the need for prompt action in addressing vulnerabilities as they arise.

Palo Alto Networks has announced a patch for a zero-day vulnerability, identified as CVE-2026-0300, that affects the Captive Portal service in its PAN-OS software. This vulnerability impacts both PA and VM series firewalls, allowing attackers to exploit the system and potentially gain unauthorized access. The existence of this zero-day exploit means that it is currently being used in the wild, putting users at risk. Companies using these firewalls should prioritize applying the upcoming patch to safeguard their networks. This incident underscores the need for organizations to stay vigilant and maintain their systems updated to protect against emerging threats.

A recently discovered vulnerability in cPanel allows attackers to bypass authentication, raising significant concerns for millions of users. Following the disclosure of this flaw, multiple proof-of-concept exploits have surfaced, indicating that the vulnerability could be actively exploited in the wild. One researcher has noted that there has been zero-day activity linked to this issue for at least a month, suggesting that attackers may already be taking advantage of the situation. This flaw affects various versions of cPanel, which is widely used for managing web hosting services. Users and companies relying on cPanel should prioritize patching their systems to mitigate potential risks.

A serious vulnerability (CVE-2026-41940) affecting cPanel, a widely used web hosting control panel, has been exploited by attackers for several months before a patch was released. This authentication bypass flaw has been in active use since at least February 23, 2026, with indications that it may have been abused even earlier. The vulnerability primarily impacts users of cPanel, which is often provided by shared hosting services. The delay in addressing this issue raises concerns about the security of web hosting environments and the potential for unauthorized access to sensitive data. Companies using cPanel are urged to apply the latest security updates as soon as possible to mitigate risks associated with this exploit.

A serious authentication bypass vulnerability identified as CVE-2026-41940 has been discovered in cPanel, WHM, and WP Squared. This flaw has been actively exploited by attackers since late February, allowing unauthorized access to systems using these platforms. cPanel and WHM are widely used web hosting control panels, making this issue particularly concerning for hosting providers and website owners. Users of affected systems should take immediate action to secure their environments, as the vulnerability poses a significant risk to sensitive data and system integrity. As proof-of-concept (PoC) code is now available, the potential for widespread exploitation increases, underscoring the urgency for users to address this vulnerability promptly.

A critical vulnerability in Microsoft SharePoint, identified as CVE-2026-32201, is currently being exploited by attackers. Over 1,300 SharePoint servers exposed to the internet remain at risk, with fewer than 200 instances patched since the last Patch Tuesday. This zero-day spoofing flaw allows unauthorized access, which could lead to significant data breaches or further intrusions. Organizations using SharePoint should prioritize applying available updates to mitigate the risk and secure their systems against ongoing attacks. The situation underscores the urgency for users to remain vigilant and proactive in patch management.

A newly discovered vulnerability in Microsoft Defender has been exploited as a zero-day, allowing attackers to access the Security Account Manager (SAM) database. This flaw enables them to extract NTLM hashes, potentially granting them system-level privileges. This is particularly concerning as it affects a widely used security solution, which could put numerous systems at risk. Organizations using Microsoft Defender should be vigilant, as this exploitation may lead to unauthorized access to sensitive data and systems. The urgency of addressing this vulnerability cannot be overstated, given its potential impact on user security.

The article discusses how identity-based attacks, particularly those involving stolen credentials, remain a primary method for cybercriminals to gain unauthorized access to systems. Despite the focus on advanced threats like zero-day vulnerabilities and AI-driven exploits, attackers often rely on simpler tactics such as credential stuffing to exploit weak passwords or reused credentials. This trend affects organizations across various sectors, as compromised accounts can lead to significant data breaches and financial losses. Companies are urged to implement stronger authentication measures and educate users about secure password practices to mitigate these risks.

This week saw several notable cybersecurity incidents, including a zero-day vulnerability affecting Microsoft Defender. Attackers are exploiting this flaw to bypass security measures, putting users at risk. Additionally, SonicWall reported a brute-force attack targeting their products, which could compromise user accounts. In another concerning development, a 17-year-old remote code execution (RCE) vulnerability in Microsoft Excel remains a threat, proving that outdated software can still be a significant risk. These incidents emphasize the need for organizations to stay vigilant and ensure their systems are updated and secure.