Critical vulnerabilities in Ubiquiti and Cisco systems are under active exploitation, while a new Mistic RAT is fueling ransomware campaigns across multiple threat actors. CISA has added four exploited vulnerabilities to its KEV catalog, and supply chain attacks continue to expand with Klue/Salesforce breaches affecting major vendors like LastPass and BeyondTrust.

Critical Ubiquiti Vulnerabilities Under Active Attack — Multiple critical flaws in Ubiquiti devices allow remote, unauthenticated attackers to make system changes, access accounts, and inject commands. Read more →
Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited — Threat actors are exploiting a critical SSRF vulnerability (CVSS 8.6) in Cisco Unified Communications Manager after public PoC disclosure. Read more →
Mistic RAT Fuels Multi-Family Ransomware Campaign — A new remote access trojan used by initial access broker Woodgnat is enabling attacks by Qilin, Interlock, Rhysida, Akira, 8Base, and Black Basta ransomware groups. Read more →
CISA Adds Four Exploited Vulnerabilities to KEV Catalog — CVE-2025-67038 (Lantronix EDS5000), CVE-2026-34908/34909/34910 (Ubiquiti UniFi OS) added based on active exploitation evidence. Read more →
LastPass, BeyondTrust Breached in Klue Supply Chain Attack — Hackers stole OAuth tokens from Klue and used them to access customer Salesforce data; over a dozen Klue customers confirmed data theft. Read more →
CI/CD Vulnerabilities Expose Millions of Repositories to Supply Chain Hijacking — Security defects allow unauthenticated users to take control of open source software supply chains. Read more →
macOS Security Gap Lets Users Disable Security Tools — A vulnerability allows attackers to disable security and browser tools without administrator privileges or kernel exploits. Read more →
FortiBleed Campaign Harvests 110 Million Credentials from 430K FortiGate Firewalls — Russian-speaking IAB has been targeting FortiGate devices globally since February 2026, collecting credentials and brute-forcing accessible systems. Read more →