Security news.
Today's threat landscape is dominated by active exploitation campaigns targeting critical infrastructure and security tools, alongside major ransomware operations and supply-chain risks. Multiple zero-days and unpatched flaws in Windows Defender, SD-WAN managers, and serial-to-IP converters are under active attack, while law enforcement continues dismantling cybercrime networks.
Windows Defender Exploited in Active Attacks; Two Flaws Unpatched
Three proof-of-concept exploits are being weaponized against Microsoft's built-in security platform, with two remaining unpatched and actively exploited.
CISA Flags Catalyst SD-WAN Manager Flaw as Actively Exploited
U.S. government agencies have been given four days to patch another critical SD-WAN vulnerability under active attack.
6,400 Apache ActiveMQ Servers Vulnerable to Ongoing Attacks
Shadowserver discovered over 6,400 exposed ActiveMQ instances targeted by a high-severity code injection vulnerability under active exploitation.
22 BRIDGE:BREAK Flaws Expose 20,000 Serial-to-IP Converters
Forescout researchers identified critical vulnerabilities in Lantronix and Silex serial-to-Ethernet converters affecting nearly 20,000 exposed devices that could enable device hijacking and data tampering.
Gentlemen Ransomware Operation Deploys SystemBC; 1,570+ Victims Discovered
A SystemBC proxy malware botnet linked to The Gentlemen RaaS gang revealed over 1,570 corporate victims through C2 server analysis.
Critical Bomgar RMM Flaw (CVE-2026-1731) Exploited for Ransomware Spread
A critical remote code execution vulnerability in Bomgar remote monitoring tools is being actively exploited to distribute ransomware and compromise supply chains.
New Lotus Data Wiper Targets Venezuelan Energy and Utility Firms
A previously undocumented data-wiping malware called Lotus was used in targeted attacks against critical infrastructure organizations in Venezuela.
Scattered Spider Member Pleads Guilty; Third BlackCat Insider Arrested
Tyler Buchanan, 24, a senior member of Scattered Spider, pleaded guilty to wire fraud and identity theft from 2022 attacks on major tech firms; separately, ransomware negotiator Angelo Martino admitted aiding BlackCat attacks in 2023.