Security news.
Today's security news highlights critical vulnerabilities, active exploitation by ransomware groups, and significant data breaches. CISA has added multiple actively exploited flaws to its KEV catalog, urging federal agencies and other organizations to patch immediately.
Ransomware gang exploits Cisco zero-day since January
The Interlock ransomware gang has been actively exploiting a critical remote code execution (RCE) vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC) software since late January.
CISA adds Zimbra XSS flaw to KEV catalog
CISA has added a cross-site scripting (XSS) vulnerability in Synacor Zimbra Collaboration Suite (ZCS), CVE-2025-66376, to its Known Exploited Vulnerabilities Catalog, ordering federal agencies to patch it due to active exploitation.
CISA adds Microsoft SharePoint flaw to KEV catalog
A Microsoft SharePoint deserialization of untrusted data vulnerability, CVE-2026-20963, has been added to CISA's KEV Catalog, indicating active exploitation.
ConnectWise patches flaw allowing ScreenConnect hijacking
ConnectWise has released a patch for a cryptographic signature verification vulnerability in ScreenConnect that could lead to unauthorized access and privilege escalation.
Critical unpatched Telnetd flaw enables unauthenticated root RCE
Researchers have disclosed a critical unpatched vulnerability, CVE-2026-32746 (CVSS 9.8), in GNU InetUtils telnetd that allows unauthenticated remote attackers to execute arbitrary code with root privileges.
Aura confirms data breach exposing 900,000 marketing contacts
Identity protection company Aura has confirmed a data breach affecting nearly 900,000 customer records, exposing names and email addresses.
Marquis ransomware gang stole data of 672K people
Financial services provider Marquis disclosed that a ransomware attack in August 2025 compromised the data of over 670,000 individuals and disrupted operations at 74 U.S. banks.
‘DarkSword’ iOS Exploit Kit used by state-sponsored hackers
A sophisticated iOS exploit kit named 'DarkSword,' targeting six iOS vulnerabilities for full device compromise, is being used by state-sponsored hackers and spyware vendors for surveillance.