T1059 - Command and Scripting Interpreter is a mitre_attack tracked across 50 threat clusters and 804 intelligence report mentions on ThreatCluster. First observed October 31, 2025; most recent activity July 17, 2026.
SonicWall has reported two critical vulnerabilities, CVE-2026-15409 and CVE-2026-15410, affecting its SMA1000 Series appliances, which are currently being actively exploited. The first vulnerability, CVE-2026-15409, is…
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
A critical vulnerability in the Joomla Content Editor (JCE), tracked as CVE-2026-48907, allows unauthenticated attackers to execute remote code on affected Joomla sites. This flaw affects JCE versions below 2.9.99.6 and…
A critical command injection vulnerability, CVE-2026-42271, in LiteLLM, an open-source AI gateway, allows unauthenticated remote code execution (RCE) when chained with CVE-2026-48710, a Host header validation bypass in…
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being exploited in the wild, allowing authenticated cPanel users to execute arbitrary scripts as root. This flaw, tracked…
DbGate's JSON script runner has a critical vulnerability (CVE-2026-47668) that allows unauthenticated remote code execution via the functionName parameter in JSON script assign commands. The vulnerability arises from…
The Akira ransomware group has been identified as a significant threat to critical infrastructure, with the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warning of its active ransomware…
On April 3, 2025, Ivanti disclosed CVE-2025-22457, a critical buffer overflow vulnerability affecting Ivanti Connect Secure and other products. The vulnerability allows unauthenticated remote code execution, and…
Operation Highland, attributed to the Velvet Ant cyberespionage group, involved a sophisticated attack that began in 2016 and persisted undetected for a decade. The attackers hijacked the authentication stack of a major…
CISA has warned of ongoing attacks exploiting the CVE-2008-4128 vulnerability in Cisco IOS 12.4, a cross-site request forgery flaw. This vulnerability, which has been known since 2008, allows attackers to execute…