T1505.003 - Web Shell is a mitre_attack tracked across 50 threat clusters and 163 intelligence report mentions on ThreatCluster. First observed November 13, 2025; most recent activity July 17, 2026.
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
A critical vulnerability in the Joomla Content Editor (JCE), tracked as CVE-2026-48907, allows unauthenticated attackers to execute remote code on affected Joomla sites. This flaw affects JCE versions below 2.9.99.6 and…
A critical command injection vulnerability, CVE-2026-42271, in LiteLLM, an open-source AI gateway, allows unauthenticated remote code execution (RCE) when chained with CVE-2026-48710, a Host header validation bypass in…
The China-aligned threat group SHADOW-EARTH-053 has been exploiting unpatched Microsoft Exchange and IIS server vulnerabilities, specifically the ProxyLogon vulnerability chain, to conduct cyberespionage. This group has…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
A sophisticated cyber campaign has exploited a critical cPanel vulnerability (CVE-2026-41940) to breach government and military servers in Southeast Asia, particularly targeting Indonesia. The attackers utilized a…
Hackers are exploiting a critical vulnerability in PTC Windchill and FlexPLM, tracked as CVE-2026-12569, which allows remote code execution due to an unsafe deserialization flaw. This vulnerability affects product…
A critical vulnerability (CVE-2026-0740) in the Ninja Forms File Uploads plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. This flaw, with a…
A critical vulnerability, CVE-2026-58480, has been identified in the Blocksy Companion Pro plugin for WordPress versions prior to 2.1.47. This unauthenticated arbitrary file upload vulnerability allows attackers to…