T1068 - Exploitation for Privilege Escalation is a mitre_attack tracked across 50 threat clusters and 507 intelligence report mentions on ThreatCluster. First observed November 4, 2025; most recent activity July 17, 2026.
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
Active exploitation of two critical vulnerabilities has been reported: CVE-2026-20230 in Cisco Unified CM and CVE-2026-20971 in Samsung KNOX. The Cisco flaw, a server-side request forgery (SSRF), poses an immediate…
A critical zero-day privilege escalation vulnerability in the LiteSpeed User-End cPanel plugin is being exploited in the wild, allowing authenticated cPanel users to execute arbitrary scripts as root. This flaw, tracked…
A cyber threat actor has been exploiting a zero-day vulnerability (CVE-2026-20127) in Cisco Catalyst SD-WAN Controller since 2023. This vulnerability allows unauthenticated remote attackers to bypass authentication and…
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
The Google Threat Intelligence Group has identified DarkSword, a full-chain iOS exploit affecting versions 18.4 to 18.7. This exploit leverages multiple zero-day vulnerabilities, including CVE-2025-31277 and…
On November Patch Tuesday, Microsoft released fixes for 63 security flaws across its products, including a zero-day vulnerability identified as CVE-2025-62215. This privilege escalation flaw in the Windows kernel allows…
A critical vulnerability (CVE-2026-8206) in the Kirki WordPress plugin allows unauthenticated attackers to hijack user accounts, including admin accounts, on over 500,000 websites. Detected by Defiant's Wordfence…