VulnHub

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding a serious vulnerability in the Langflow framework, designated as CVE-2026-33017. This flaw allows attackers to hijack AI workflows, potentially leading to unauthorized access and manipulation of AI systems. Organizations using Langflow should be particularly vigilant as the vulnerability is currently being exploited in the wild. This situation poses significant risks not only to the integrity of AI applications but also to the security of the data they handle. Immediate action is recommended to mitigate risks associated with this vulnerability.

A recent study by CloudSEK has found that attackers quickly took advantage of a serious remote code execution (RCE) vulnerability in Oracle WebLogic the same day that exploit code became available. This flaw poses a significant risk to organizations using affected versions of WebLogic, as it allows malicious actors to execute arbitrary code on compromised servers. The rapid exploitation indicates that cybercriminals are closely monitoring vulnerability disclosures and acting swiftly, which raises concerns for businesses that may not have applied necessary security patches. Companies using Oracle WebLogic should prioritize updating their systems to mitigate this threat and protect sensitive data.

Kaspersky's GReAT team has identified a new exploit kit called Coruna, which specifically targets iPhones. This kit utilizes kernel exploits associated with two vulnerabilities, CVE-2023-32434 and CVE-2023-38606, and is an updated version of techniques used in Operation Triangulation. The existence of these exploits poses significant risks to iPhone users, as they could potentially allow attackers to gain unauthorized access to sensitive data or control over the devices. Users should be aware of these vulnerabilities and take steps to secure their devices against exploitation. The findings emphasize the need for continuous vigilance in mobile security as attackers evolve their methods.

Aqua's Trivy vulnerability scanner has fallen victim to a supply chain attack. Hackers managed to publish a malicious version of the scanner, manipulating tags to redirect users to malware designed to steal information. This incident poses significant risks as Trivy is widely used in the open-source community for identifying vulnerabilities in container images and other software components. Users who unknowingly downloaded the compromised version may have exposed sensitive data to attackers. It’s crucial for organizations using Trivy to ensure they are running the legitimate version and to monitor their systems for any signs of compromise.

Oracle has issued an emergency patch for a serious vulnerability, identified as CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. This flaw allows attackers to exploit a missing authentication feature, potentially leading to remote code execution without prior authentication. While Oracle hasn't confirmed if this vulnerability has been actively exploited in the wild, they are urging all customers to apply the updates or implement alternative mitigations immediately. The lack of authentication for such a critical function poses significant risks for organizations using these services, emphasizing the need for prompt action to safeguard their systems.

Researchers have identified a serious security vulnerability, CVE-2025-32975, affecting the Quest KACE Systems Management Appliance (SMA). This flaw has a maximum severity rating of 10.0 and is being actively exploited by attackers who are targeting unpatched systems exposed to the internet. Malicious activity linked to this vulnerability was first observed during the week of March 9, 2026, according to Arctic Wolf. Organizations using KACE SMA need to take immediate action to protect their systems, as this could lead to unauthorized access and potential data breaches. It’s crucial for users to ensure their systems are updated to mitigate this risk.

Oracle has issued an emergency patch for a serious vulnerability in its Identity Manager software, identified as CVE-2026-21992. This flaw allows attackers to execute remote code without needing any authentication, raising concerns that it may already be exploited in the wild. This vulnerability poses a significant risk, especially for organizations using Oracle Identity Manager, as it could allow unauthorized access to sensitive systems and data. Users and companies relying on this software are urged to apply the patch promptly to safeguard against potential exploitation. The situation emphasizes the ongoing need for vigilance in software security and timely updates.

Last week, security researchers discovered that ScreenConnect servers were vulnerable to attacks due to misconfigurations, potentially allowing unauthorized access to sensitive data. Additionally, a flaw in Microsoft SharePoint was exploited, putting numerous organizations at risk. This vulnerability could allow attackers to execute malicious code or gain access to restricted information. Both incidents emphasize the need for companies to regularly review their security settings and update their systems to protect against these types of vulnerabilities. With many businesses relying on these platforms, the implications of these security issues could be significant, affecting operational integrity and data confidentiality.

The Trivy vulnerability scanner was recently compromised in a supply-chain attack orchestrated by a group known as TeamPCP. This attack involved the distribution of credential-stealing malware through official releases and GitHub Actions, which are automated workflows for software development. As a result, users who downloaded the compromised versions of Trivy may have inadvertently installed malware that could steal sensitive information. This incident raises significant concerns about the security of software supply chains and the potential for attackers to exploit trusted platforms to distribute malicious code. Organizations that rely on Trivy for vulnerability scanning need to be aware of this breach and take appropriate measures to safeguard their systems.