Threat actors have been targeting three critical-severity vulnerabilities in Ubiquiti devices, the US cybersecurity agency CISA warns. The exploited flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, with a CVSS score of 10/10, were patched last month. CVE-2026-34908 is described as… Read More "Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs"
A critical Splunk Enterprise vulnerability is being exploited in attacks only days after its public disclosure, and organizations have been urged to patch it immediately. The vulnerability is tracked as CVE-2026-20253 and Splunk’s advisory says it can be exploited by… Read More "Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure"
Threat actors are targeting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege escalation. Affecting the Joomla Content Editor (JCE) for Joomla and tracked as CVE-2026-48907, the first bug is described as an improper access issue… Read More "Joomla, LiteSpeed Vulnerabilities Exploited in Attacks"
The US Cybersecurity and Infrastructure Security Agency (CISA) flagged a recently patched Ivanti Sentry vulnerability as exploited, but Ivanti says the activity was observed only on honeypots. Tracked as CVE-2026-10520 (CVSS score of 10/10), the security defect is described as… Read More "Ivanti Sentry Exploitation Attempts Hitting Honeypots"
