Explore

Rapid Read Rapid Read
Ivanti Faces New Zero-Day Vulnerability Exploitation, Impacting Network Security

Ivanti Faces New Zero-Day Vulnerability Exploitation, Impacting Network Security

Ivanti, a company known for its mobile endpoint security products, has alerted its customers about a new zero-day vulnerability, CVE-2026-6973, that is being actively exploited. This vulnerability, found in Ivanti Endpoint Manager Mobile (EPMM), allows authenticated users with administrative privileges to execute code remotely. The company disclosed this issue along with four other high-severity vulnerabilities in the same product. The Cybersecurity and Infrastructure Security Agency (CISA) quickly added this zero-day to its catalog of known exploited vulnerabilities. Ivanti has released patches for all five vulnerabilities, although the company noted that the exploitation of CVE-2026-6973 has been limited. The vulnerability requires administrative access, which reduces the risk for customers who have followed Ivanti's previous recommendations to rotate EPMM credentials.
Rapid Read Rapid Read
Ivanti Faces New Zero-Day Vulnerability Exploitation in Endpoint Manager Mobile

Ivanti Faces New Zero-Day Vulnerability Exploitation in Endpoint Manager Mobile

Ivanti has alerted its customers to a new zero-day vulnerability, CVE-2026-6973, in its Endpoint Manager Mobile (EPMM) product. This vulnerability allows authenticated users with administrative privileges to execute code remotely. The company has released patches for this and four other high-severity vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has added this zero-day to its known exploited vulnerabilities catalog. Ivanti's transparency in disclosing these vulnerabilities is part of its strategy to improve product security and maintain customer trust.
Rapid Read Rapid Read
Palo Alto Networks Identifies Zero-Day Vulnerability in PAN-OS Firewalls, Urges Immediate Action

Palo Alto Networks Identifies Zero-Day Vulnerability in PAN-OS Firewalls, Urges Immediate Action

Palo Alto Networks has disclosed a critical zero-day vulnerability, CVE-2026-0300, in its PAN-OS firewall's User-ID Authentication Portal. This vulnerability allows unauthenticated attackers to execute arbitrary code with root privileges on Internet-exposed PA-Series and VM-Series firewalls. The flaw has been actively exploited since April 9, 2026, by suspected state-sponsored hackers. The company is working on releasing patches, with the first expected on May 13. In the meantime, Palo Alto Networks advises customers to restrict access to the vulnerable portal to trusted zones or disable it entirely to mitigate risks.
Trendline Trendline
Palo Alto Networks Firewall Zero-Day Exploited by Hackers for a Month

Palo Alto Networks Firewall Zero-Day Exploited by Hackers for a Month

Palo Alto Networks Firewall Zero-Day Exploited by Hackers for a Month
Rapid Read Rapid Read
CISA Launches 'CI Fortify' to Prepare Critical Infrastructure for Geopolitical Cyber Conflict

CISA Launches 'CI Fortify' to Prepare Critical Infrastructure for Geopolitical Cyber Conflict

The Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to U.S. critical infrastructure operators, warning of relentless intrusion attempts by nation-state actors. These adversaries have embedded themselves within critical systems and telecommunications networks, potentially crippling operational technology (OT) essential for American society. In response, CISA has launched 'CI Fortify,' an initiative aimed at ensuring essential service providers, such as public health and national defense, can continue operations during cyberattacks. The program emphasizes two key capabilities: isolation and recovery. Isolation involves severing connections to prevent attack spread, while recovery focuses on maintaining up-to-date backups and rehearsing system restoration. CISA Acting Director Nick Andersen urges operators to implement these recommendations to harden defenses.
Trendline Trendline
Palo Alto Networks Identifies Zero-Day Exploit Linked to Chinese State Hacking

Palo Alto Networks Identifies Zero-Day Exploit Linked to Chinese State Hacking

Palo Alto Networks Identifies Zero-Day Exploit Linked to Chinese State Hacking
Rapid Read Rapid Read
Ivanti Addresses Zero-Day Vulnerability in EPMM Amid Targeted Attacks

Ivanti Addresses Zero-Day Vulnerability in EPMM Amid Targeted Attacks

Ivanti has released its May 2026 security updates for the Endpoint Manager Mobile (EPMM) product, addressing five vulnerabilities, including a critical zero-day flaw identified as CVE-2026-6973. This vulnerability, which involves improper input validation, can be exploited by an authenticated attacker with administrative privileges to execute remote code. Ivanti has acknowledged that a limited number of customers have been targeted by attacks exploiting this flaw. The company advises that customers who followed previous recommendations to rotate credentials are at a reduced risk of exploitation. The zero-day vulnerability may have been used in conjunction with previously disclosed vulnerabilities, CVE-2026-1281 and CVE-2026-1340, which allow unauthenticated remote code execution. These earlier vulnerabilities were also initially exploited in targeted attacks before seeing a surge in exploitation post-disclosure. The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-6973 to its Know...
Trendline Trendline
Critical Vulnerabilities in MetInfo and Weaver E-cology Exploited by Attackers

Critical Vulnerabilities in MetInfo and Weaver E-cology Exploited by Attackers

Critical Vulnerabilities in MetInfo and Weaver E-cology Exploited by Attackers
Trendline Trendline
Palo Alto Networks to Address Critical Zero-Day Vulnerability in Firewalls

Palo Alto Networks to Address Critical Zero-Day Vulnerability in Firewalls

Palo Alto Networks to Address Critical Zero-Day Vulnerability in Firewalls
Trendline Trendline
Palo Alto Networks Warns of Critical PAN-OS Vulnerability Exploited in the Wild

Palo Alto Networks Warns of Critical PAN-OS Vulnerability Exploited in the Wild

Palo Alto Networks Warns of Critical PAN-OS Vulnerability Exploited in the Wild
Rapid Read Rapid Read
CISA Initiates CI Fortify to Ensure Critical Infrastructure Operates in Isolation During Conflicts

CISA Initiates CI Fortify to Ensure Critical Infrastructure Operates in Isolation During Conflicts

The Cybersecurity and Infrastructure Security Agency (CISA) has launched an initiative called CI Fortify, aimed at ensuring critical infrastructure can operate independently for extended periods during conflicts. This move comes in response to increasing threats from state-sponsored hackers, particularly from Chinese groups Salt Typhoon and Volt Typhoon, which target essential sectors like electricity, water, and internet. CISA plans to conduct targeted technical assessments of critical infrastructure entities to develop plans that allow for safe operations while isolated from IT networks and third-party tools. The agency has already begun engaging with some companies to pilot these assessments, focusing on organizations that support national security, defense, public health, and economic continuity.
Trendline Trendline
Palo Alto Networks Warns of Critical Firewall Vulnerability Exploited in Attacks

Palo Alto Networks Warns of Critical Firewall Vulnerability Exploited in Attacks

Palo Alto Networks Warns of Critical Firewall Vulnerability Exploited in Attacks