Collaborate Disseminate
Attackers are exploiting a recently patched critical vulnerability (CVE-2026-1731) in internet-facing BeyondTrust Remote Support and Privileged Remote Access instances. “Attackers are abusing get_portal_info to extract the x-ns-company value befo… Continue reading Hackers probe, exploit newly patched BeyondTrust RCE flaw (CVE-2026-1731)
Among the many security fixes released by Microsoft on February 2026 Patch Tuesday is one for CVE-2026-20841, a command injection vulnerability in Notepad that could be exploited by attackers to achieve remote code execution on targets’ Windows s… Continue reading Windows Notepad Markdown feature opens door to RCE (CVE-2026-20841)
Apple has released fixes for a zero-day vulnerability (CVE-2026-20700) exploited in targeted attacks last year. CVE-2026-20700 is a memory corruption issue in dyld, the Dynamic Link Editor component of Apple’s operating systems, and may allow att… Continue reading Apple fixes zero-day flaw exploited in targeted attacks (CVE-2026-20700)
A massive wave of exploitation attempts has followed the disclosure of CVE-2026-1281, a critical pre-authentication Ivanti EPMM vulnerability, the Shadowserver Foundation has warned. Some of it is automated scanning for vulnerable systems, but accordin… Continue reading Ivanti EPMM exploitation: Researchers warn of “sleeper” webshells
Microsoft has plugged 50+ security holes on February 2026 Patch Tuesday, including six zero-day vulnerabilities exploited by attackers in the wild. The “security feature bypass” zero-days Among the zero-days fixed are three vulnerabilities … Continue reading Microsoft Patch Tuesday: 6 exploited zero-days fixed in February 2026
Singapore’s four major telecommunications companies were hit by a coordinated cyber espionage campaign last year, the country’s Cyber Security Agency (CSA) has revealed. An advanced persistent threat group known as UNC3886 has probed deep into th… Continue reading Singapore telcos breached in China-linked cyber espionage campaign
Internet‑exposed and vulnerable SolarWinds Web Help Desk (WHD) instances are under attack by threat actors looking to gain an initial foothold into target organizations’ networks, Microsoft and Huntress researchers have warned. Once inside, the a… Continue reading Unpatched SolarWinds WHD instances under active attack
SmarterTools, the company behind the popular Microsoft Exchange alternative SmarterMail, has been breached by a ransomware-wielding group that leveraged a recently fixed vulnerability in that solution. How did the SmarterTools breach happen? Derek Curt… Continue reading Ransomware group breached SmarterTools via flaw in its SmarterMail deployment
The European Commission’s mobile device management platform was hacked but the incident was swiftly contained and no compromise of mobile devices was detected, EU’s executive branch announced on Friday. The intrusion was detected on January… Continue reading European Commission hit by cyberattackers targeting mobile management platform
BeyondTrust fixed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions and is urging self-hosted customers to apply the patch as soon a possible. Unlike the Remote Suppor… Continue reading BeyondTrust fixes easy-to-exploit pre-auth RCE vulnerability in remote access tools (CVE-2026-1731)