Today's security landscape is marked by active exploitation of critical vulnerabilities, including a SolarWinds Serv-U flaw and a Cisco SD-WAN zero-day. Supply chain attacks continue to plague the npm ecosystem, while nation-state actors and cybercriminals deploy new malware and tactics for espionage and financial gain.

CISA Warns of Active Exploitation of SolarWinds Serv-U Flaw — CISA has added a high-severity SolarWinds Serv-U flaw (CVE-2026-28318) to its KEV catalog, warning that hackers are actively exploiting it to crash servers. Read more →
Cisco Warns of Unpatched SD-WAN Zero-Day Under Active Exploitation — Cisco has issued a warning about a high-severity, unpatched zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager, which is being actively exploited to achieve root privilege escalation. Read more →
IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks — Multiple software supply chain attacks are targeting the npm ecosystem, distributing a Rust-based information stealer and a self-spreading worm through malicious and poisoned versions of over 50 legitimate packages. Read more →
Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw — Threat actors are actively exploiting CVE-2026-3300, a critical remote code execution vulnerability in the Everest Forms Pro WordPress plugin (versions up to 1.9.12), to compromise sites. Read more →
DentaQuest Data Breach Exposes Info of 2.6 Million Accounts — The ShinyHunters extortion group has leaked 234 GB of data allegedly stolen from dental benefits administrator DentaQuest, impacting approximately 2.6 million individuals. Read more →
Over 900 US Gas Station Tank Gauge Systems Exposed Online — More than 900 automatic tank gauge (ATG) systems in the U.S., used to monitor fuel and chemical storage, are exposed online and vulnerable to attacks, prompting a CISA warning. Read more →
Chinese APT Deploys New Malware for Persistent Access to Hacked Networks — The Chinese espionage group UNC5221 is using new malware, Plenet and AgentPSD, along with the Brickstorm backdoor, to maintain access to compromised Microsoft 365 environments. Read more →
PCPJack Hijacks 230 Cloud Servers for Covert SMTP Relay Network — The threat actor PCPJack has compromised over 230 AWS, Google Cloud, and Azure servers to establish a covert SMTP email relay network, converting business servers into mail proxies. Read more →