Article Read Time
Cisco Catalyst SD-WAN auth bypass — CVE-2026-20127 (actively exploited, CVSS 10)
Why it’s top: Internet-exposed SD-WAN control-plane components are high-impact; exploitation has been publicly reported, and agencies have issued urgent guidance.
Ivanti Endpoint Manager Mobile (EPMM) — CVE-2026-1281 / CVE-2026-1340 (widespread automated exploitation attempts)
Fix-first: Patch/mitigate any internet-facing EPMM immediately; treat as mass-scanned.
BeyondTrust Remote Support / PRA — CVE-2026-1731 (exploitation attempts observed; post-exploitation tooling reported)
Fix-first: Patch self-hosted, internet-facing instances; hunt for webshell/tooling and suspicious WebSocket activity.
Google Chrome/Chromium zero-day — CVE-2026-2441 (exploit exists in the wild)
Fix-first: Push browser updates and enforce relaunch; treat as enterprise-wide endpoint priority.
Dell RecoverPoint for VMs — CVE-2026-22769 (hardcoded credential; active exploitation investigated by Mandiant)
Fix-first: Upgrade/remediate appliances; review for persistence and suspicious admin/web activity.
Soliton FileZen — CVE-2026-25108 (command injection; added to “known exploited” reporting)
Fix-first: Patch; if “Antivirus Check Option” is enabled, treat as urgent and review authenticated access paths.
Odido (Dutch telecom) extortion leak begins (ShinyHunters; ~6M customers)
Attack theme: Large-scale data theft + public leaking/extortion pressure.
University of Mississippi Medical Center ransomware disruption (Epic EHR offline; clinics closed)
Attack theme: Healthcare operational impact + potential patient-data exposure investigations.
UFP Technologies ransomware incident (IT disruption including billing/label-making; investigation ongoing)
Attack theme: Manufacturing/medical supply-chain disruption and possible data theft.
University of Hawaiʻi Cancer Center ransomware disclosure (SSNs up to ~1.15M people)
Attack theme: Research/health data exposure with long-tail notification and identity-risk fallout.