Exploit for CVE-2026-26555

🔍 Vulnerability Research A curated collection of in-depth vul...

Vulnerabilities found in Cisco Catalyst SD-WAN Controllers and Managers

Cisco has identified vulnerabilities in the Catalyst SD-WAN Controller and Manager products. Cisco has uncovered four vulnerabilities in these products. These vulnerabilities involve XXE injection, privilege escalation, and authentication bypass. The authentication bypass vulnerability resides in...

Exploit for PHP Remote File Inclusion in Synacor Zimbra_Collaboration_Suite

CVE-2025-68645 — Zimbra Classic UI LFI Defender Pack This r...

Vulnerabilities fixed in Citrix NetScaler ADC and NetScaler Gateway

Citrix has fixed vulnerabilities in NetScaler ADC and NetScaler Gateway. The vulnerability with reference CVE-2025-5777 involves an Out-of-Bounds Read. This vulnerability arises from insufficient input validation in systems configured as Gateway services. These include VPN virtual servers, ICA...

Vulnerability discovered in Fortinet FortiManager

UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...

BEC-ware the Phish (part 2): Respond and Remediate Incidents in M365

TL;DR Ensure you can reliably take initial containment actions such as disabling accounts, resetting passwords, and revoking tokens. Token binding ensures that a token only works on the specific device the token was issued and is currently the best protection against token theft. As a minimum...

Exploit for Code Injection in Crushftp

CVE-2024-4040 - exploit scanners This repository contains fil...

In search of the Triangulation: triangle_check utility

In our initial blogpost about "Operation Triangulation", we published a comprehensive guide on how to manually check iOS device backups for possible indicators of compromise using MVT. This process takes time and requires manual search for several types of indicators. To automate this process, we...

Malicious Package

Overview DiscordRichPresence.API is a malicious package. This package adopts typosquatting techniques and attempts to trick users into downloading it. It contains a PowerShell script that will execute upon installation and trigger a download of a 2nd stage payload, which can be remotely executed...

Russian State-Sponsored Cyber Actors Access Network Misconfigured with Default MFA Protocols

CISA and the Federal Bureau of Investigation FBI have released a joint Cybersecurity Advisory that details how Russian state-sponsored cyber actors accessed a network with misconfigured default multifactor authentication MFA protocols. The actors then exploited a critical Windows Print Spooler...

Rootkit found in HPE iLO environments

Security researchers at AmnPardaz have published an investigation published about a rootkit found in HPE iLO systems. The malware, called "iLOBleed," was used, among other things, to to wipe a system's hard drives. Because the iLO subsystem has exceptionally high privileges, compromising it means...

SolarWinds Attackers Hit Active Directory Servers with FoggyWeb Backdoor

The threat actors behind the notorious SolarWinds supply-chain attacks have dispatched new malware to steal data and maintain persistence on victims’ networks, researchers have found. Researchers from the Microsoft Threat Intelligence Center MSTIC have observed the APT it calls Nobelium using a...

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...

Microsoft open sources CodeQL queries used to hunt for Solorigate activity

A key aspect of the Solorigate attack is the supply chain compromise that allowed the attacker to modify binaries in SolarWinds’ Orion product. These modified binaries were distributed via previously legitimate update channels and allowed the attacker to remotely perform malicious activities, suc...

North Korea ATM Hack

The US Cybersecurity and Infrastructure Security Agency CISA published a long and technical alert describing a North Korea hacking scheme against ATMs in a bunch of countries worldwide: This joint advisory is the result of analytic efforts among the Cybersecurity and Infrastructure Security Agenc...

Threat Roundup for July 10 to July 17

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between July 10 and July 17. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...

Cisco Releases Security Advisory for Telnet Vulnerability in IOS XE Software

Cisco has released a security advisory on a Telnet vulnerability—CVE-2020-10188—affecting Cisco IOS XE devices. A remote attacker could exploit this vulnerability to take control of an affected system. The advisory contains workarounds as well as indicators of compromise. The Cybersecurity and...

Threat Roundup for March 13 to March 20

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 13 and March 20. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral...

Threat Roundup for March 6 to March 13

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between March 6 and March 13. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristic...

Threat Roundup for Jan. 25 to Feb. 1

Today, Talos is publishing a glimpse into the most prevalent threats we've observed between Jan. 25 and Feb. 01. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key behavioral characteristics...