soc

📅 Kalender

< July 2026 >
Mo
Di
Mi
Do
Fr
Sa
So
12
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
soc

CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV

CVE-2026-6973: Authenticated Admin RCE In Ivanti EPMM Added to CISA KEV Ivanti has patched CVE-2026-6973, a high-severity remote code execution (RCE) vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) on-prem deployments. The vulnerability has been exploited in the wild – CISA has also added it to the Known Exploited Vulnerabilities (KEV) catalog. Although exploitation requires remote […]

Mehr lesen →
soc

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability  This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the […]

Mehr lesen →
soc

Operation HookedWing: 4-Year Multi-Sector Attack Analysis

Operation HookedWing: 4-Year Multi-Sector Phishing Campaign From 2022 to the present, a persistent phishing campaign that has not been publicly documented until now, referred to in this report as Operation HookedWing, has been compromising organizations across multiple sectors and countries. The SOCRadar Threat Research team has identified that the campaign operates a custom phishing kit […]

Mehr lesen →
soc

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25

CVE-2026-26956: vm2 Sandbox Escape Enables Host RCE in Node.js 25 CVE-2026-26956 is a critical sandbox escape affecting the Node.js sandbox library vm2. In vm2 3.10.4, attacker-controlled JavaScript executed through VM.run() can break out of the sandbox and reach the host process object, leading to arbitrary code execution (RCE) in the host Node.js process. This post […]

Mehr lesen →
soc

CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE

CVE-2026-23918: Apache HTTP Server HTTP/2 Double Free With Possible RCE CVE-2026-23918 is a vulnerability in Apache HTTP Server (httpd) that affects its HTTP/2 implementation and can lead to a double free during an HTTP/2 stream “early reset” condition. Apache describes the impact as “Double Free and possible RCE,” meaning the worst case is remote code […]

Mehr lesen →
soc

CVE-2026-23918: Critical Apache HTTP/2 Flaw Can Trigger DoS and Possible RCE

Apache has patched CVE-2026-23918, a critical flaw in Apache HTTP Server’s HTTP/2 handling that Apache describes as a “double free and possible RCE.” The issue affects Apache HTTP Server 2.4.66 and was fixed in 2.4.67, released on May 4, 2026. The CVE-2026-23918 vulnerability matters because it can be abused remotely and without authentication. Public reporting […]

Mehr lesen →
soc

CVE-2026-0300: Palo Alto PAN-OS Zero-Day Enables Root RCE on Exposed Firewalls

Edge security appliances remain high-value targets, especially when a flaw can be exploited before a patch is widely available. The CVE-2026-0300 vulnerability is a critical buffer overflow in the User-ID Authentication Portal, also known as Captive Portal, in Palo Alto Networks PAN-OS. Palo Alto rates it 9.3/10 when the portal is exposed to the internet […]

Mehr lesen →
soc

CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.  CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk […]

Mehr lesen →
soc

CVE-2026-0300 Enables Root RCE in PAN-OS Captive Portal

CVE-2026-0300 Enables Root RCE in PAN-OS Captive Portal Palo Alto Networks disclosed CVE-2026-0300, a critical pre-authentication buffer overflow in the User-ID™ Authentication Portal (Captive Portal) service in PAN-OS. Under the right exposure conditions, an unauthenticated attacker can trigger remote code execution (RCE) as root on affected PA-Series and VM-Series firewalls. The vendor rates exploit maturity […]

Mehr lesen →
soc

Trellix Source Code Repository Incident: What Defenders Should Know

Trellix Source Code Repository Incident: What Defenders Should Know Trellix publicly disclosed that it identified unauthorized access to a portion of its internal source code repository. The company said it engaged external forensic experts, notified law enforcement, and, as of its disclosure, found no evidence that its release or distribution process was affected or that […]

Mehr lesen →