VulnHub

A Russian advanced persistent threat (APT) group has been exploiting a critical cross-site scripting (XSS) vulnerability in Zimbra, identified as CVE-2025-66376, with a severity score of 7.2. The attackers are sending HTML emails that contain insufficiently sanitized scripts, which execute when opened by users. This campaign specifically targets individuals in Ukraine, highlighting the ongoing cyber conflict in the region. The exploitation of this vulnerability could allow attackers to compromise user accounts and access sensitive information. Organizations using Zimbra should be particularly vigilant and take immediate action to secure their systems.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about active exploitation of a recently patched vulnerability in SharePoint, identified as CVE-2026-20963. This remote code execution flaw allows attackers to run malicious code on affected systems, posing a significant risk to organizations using the software. Microsoft released a patch for this vulnerability back in January, but the discovery of in-the-wild exploitation suggests that some users may not have applied the update. Organizations using SharePoint should prioritize implementing the latest security updates to protect against potential breaches. Failing to address this vulnerability could lead to unauthorized access and data compromise, making it crucial for companies to stay vigilant and proactive in their cybersecurity practices.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted government agencies about two significant security vulnerabilities affecting the Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint. Both flaws, identified as CVE-2025-66376 and another not specified in the article, have been found to be actively exploited by attackers. The CVE-2025-66376 vulnerability has a CVSS score of 7.2, indicating a moderate to high risk. Organizations using these platforms are urged to apply the necessary patches to protect against potential attacks. The exploitation of these vulnerabilities underscores the need for timely updates and vigilance in cybersecurity practices, especially for government entities.

Amazon Threat Intelligence has issued a warning regarding an active ransomware campaign known as Interlock, which is exploiting a significant vulnerability in Cisco's Secure Firewall Management Center (FMC) Software. This vulnerability, identified as CVE-2026-20131, has a maximum severity score of 10.0 and stems from an insecure deserialization of user-supplied Java byte streams. This flaw could allow attackers to gain root access without authentication, posing a serious risk to organizations using affected Cisco products. The exploitation of this vulnerability is concerning as it enables unauthorized access, potentially leading to data breaches and system compromises. Companies using Cisco FMC Software must take immediate action to protect their systems from this ongoing threat.

A significant security vulnerability, identified as CVE-2026-3888, has been discovered in default installations of Ubuntu Desktop versions 24.04 and later. This flaw allows unprivileged local attackers to escalate their privileges to root access, potentially giving them complete control over the affected systems. With a CVSS score of 7.8, this high-severity issue poses a serious risk to users who have not applied necessary security measures. It is crucial for Ubuntu users to be aware of this vulnerability, as it could lead to unauthorized access and manipulation of sensitive data. Immediate action is recommended to safeguard systems against potential exploitation.

Researchers have identified a severe vulnerability in the GNU InetUtils telnet daemon, known by its CVE identifier CVE-2026-32746. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges through Telnet connections on port 23. With a CVSS score of 9.8, this vulnerability poses a significant risk to systems using the affected telnetd. The issue arises from an out-of-bounds write in the LINEMODE Set, which could be exploited easily by attackers. Organizations using this software need to take immediate action to secure their systems, as the implications of this flaw could lead to unauthorized access and control over critical infrastructure.

Cisco has confirmed that two vulnerabilities in the Catalyst SD-WAN Manager are currently being exploited by attackers. The first vulnerability, identified as CVE-2026-20122, has a CVSS score of 7.1 and allows authenticated remote users to overwrite files on the local file system. This could lead to significant disruptions and unauthorized access to sensitive data. Organizations using the Catalyst SD-WAN Manager should take immediate action to address these vulnerabilities, as they pose a serious risk to network security. It’s crucial for affected users to monitor their systems closely and apply any available patches as soon as possible.

Recent threat intelligence reports indicate that a single threat actor is behind the majority of attacks exploiting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061. These vulnerabilities allow for remote code execution, posing significant risks to organizations using this mobile management solution. The findings suggest that companies using Ivanti's software need to be vigilant, as the attacks are actively occurring. The focus on a single actor highlights the need for targeted defenses against this specific threat. Organizations are encouraged to monitor for unusual activity and apply any available patches to mitigate potential exploitation.

Hackers have begun exploiting a serious vulnerability in BeyondTrust Remote Support known as CVE-2026-1731, which allows unauthenticated remote code execution. This flaw was identified and a proof of concept (PoC) was released just a day prior to the exploitation attempts, indicating a rapid response from malicious actors. Organizations using BeyondTrust Remote Support should be particularly vigilant, as this vulnerability poses significant risks, potentially allowing attackers to take control of affected systems. The quick exploitation of this flaw underscores the importance of timely patch management and security measures to protect sensitive data and systems from unauthorized access. Users are urged to monitor for updates and apply any patches as soon as they become available to mitigate risks.