CWE-269 - Improper Privilege Management is a cwe tracked across 50 threat clusters and 434 intelligence report mentions on ThreatCluster. First observed April 14, 2026; most recent activity July 17, 2026.
SonicWall has reported two critical vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA1000 Series appliances, which are currently being actively exploited. The first vulnerability, CVE-2026-15409, is…
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being exploited in the wild, allowing authenticated cPanel users to execute arbitrary scripts as root. This flaw, tracked…
A sophisticated backdoor malware named Firestarter has been discovered on Cisco Firepower devices, attributed to the state-sponsored threat actor UAT-4356. The malware exploits two vulnerabilities, CVE-2025-20333 and…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is critically vulnerable to privilege escalation via account takeover, affecting all versions up to and including 5.9.9.5. The vulnerability…
A critical vulnerability (CVE-2026-8206) in the Kirki WordPress plugin allows unauthenticated attackers to hijack user accounts, including admin accounts, on over 500,000 websites. Detected by Defiant's Wordfence…
Ubiquiti has issued security updates for five critical vulnerabilities in UniFi OS, including three maximum severity flaws (CVE-2026-34908, CVE-2026-34909, CVE-2026-34910) that allow remote attackers to execute…
The China-aligned APT group Webworm has shifted its focus from Asia to Europe, targeting government organizations in Belgium, Italy, Poland, Serbia, and Spain during 2025. ESET researchers identified new backdoors,…
A Chinese threat actor known as VerdantBamboo compromised a company's network through a managed service provider (MSP) over 18 months. The initial breach involved a Linux-based Egnyte Storage Sync appliance, which was…