Zero Day Wire - Zero Day Wire (Page 6)

Threats

Kimwolf IoT Botnet Disrupts I2P Anonymity Network in Massive Sybil Attack

The massive IoT botnet known as Kimwolf has spent the past week disrupting the Invisible Internet Project (I2P), a decentralized anonymity network, after its operators attempted to join approximately 700,000 infected devices as nodes on the network. The incident represents one of the largest Sybil attacks ever observed against

Alerts

Microsoft February 2026 Patch Tuesday Fixes Six Actively Exploited Zero-Days Across Windows, Office, and Remote Desktop

Microsoft's February 2026 Patch Tuesday addresses 59 vulnerabilities across Windows, Office, Azure, Edge, Exchange, and Hyper-V — including six zero-day flaws already being exploited in the wild. All six have been added to CISA's Known Exploited Vulnerabilities catalog with a March 3 federal patching deadline. Of the

Alerts

Fortinet Patches Two Critical Flaws — FortiClientEMS SQLi and Actively Exploited FortiCloud SSO Bypass

Fortinet has released security updates addressing two critical vulnerabilities, including an unauthenticated SQL injection in FortiClientEMS and a FortiCloud SSO authentication bypass that is already being exploited in the wild. CVE-2026-21643 — FortiClientEMS SQL Injection (CVSS 9.1) The first flaw, tracked as CVE-2026-21643, is a SQL injection vulnerability in FortiClientEMS

Alerts

BeyondTrust Patches Critical Unauthenticated RCE in Remote Support and Privileged Remote Access (CVE-2026-1731)

BeyondTrust has issued patches for a critical pre-authentication remote code execution vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) products — the same software previously exploited as zero-days in the 2024 breach of the U.S. Treasury Department. Tracked as CVE-2026-1731, the flaw is an OS command injection

Threats

Chinese APT UNC3886 Targeted All Four Singapore Telecoms in Espionage Campaign

Singapore's Cyber Security Agency (CSA) has disclosed that the China-linked cyber espionage group UNC3886 conducted a deliberate campaign against the country's entire telecommunications sector, targeting all four major operators — M1, SIMBA Telecom, Singtel, and StarHub. The disclosure follows comments made over six months ago by Singapore&

Breaches

European Commission Mobile Infrastructure Breached Through Ivanti EPMM Vulnerabilities

The European Commission has confirmed that attackers compromised its central mobile device management systems on January 30, potentially accessing the names and phone numbers of staff members. The intrusion targeted the infrastructure used to manage employee mobile phones and tablets. CERT-EU detected suspicious activity and contained the breach within nine

Alerts

Hackers Exploit Critical React Native Metro Flaw to Compromise Developer Systems (CVE-2025-11953)

A critical vulnerability in the React Native Community CLI Metro development server is being actively exploited to compromise developer workstations and CI/CD environments. Tracked as CVE-2025-11953 and dubbed Metro4Shell, the flaw carries a CVSS score of 9.8 and allows unauthenticated OS command injection through the server's

Threats

Rublevka Team: Russian Crypto Drainer Operation Steals $10 Million Through Affiliate Network

Recorded Future's Insikt Group has published a comprehensive analysis of Rublevka Team, a Russian cybercriminal operation that has generated over $10 million in cryptocurrency theft since 2023 through an affiliate-driven wallet draining ecosystem. Unlike traditional crypto-stealing operations that rely on infostealer malware, Rublevka Team deploys custom JavaScript drainer

Alerts

Cisco Meeting Management Vulnerability Allows Authenticated Attackers to Gain Root Access

Cisco has released a security advisory for CVE-2026-20098, a high-severity vulnerability in Cisco Meeting Management that allows authenticated remote attackers to upload arbitrary files, execute commands, and escalate privileges to root. The flaw carries a CVSS score of 8.8 and affects all versions of Cisco Meeting Management prior to

Alerts

Microsoft Integrates Sysmon Directly into Windows 11 for Native Threat Detection

Microsoft has announced the integration of System Monitor (Sysmon) directly into Windows 11, bringing one of the most widely-used threat detection tools natively into the operating system. The feature is now available in Windows 11 Insider Preview Build 26300.7733 (KB5074178) in the Dev Channel. Previously available only as a

Alerts

Critical vLLM Vulnerability Allows Remote Code Execution via Malicious Video Files

A critical vulnerability chain has been disclosed in vLLM, a widely-used high-performance library for Large Language Model inference. Tracked as CVE-2026-22778 with a CVSS score of 9.8, the flaw allows remote attackers to execute arbitrary commands on vLLM servers by submitting a malicious video URL to the API. Default

Threats

Threat Actors Exploit 15-Year-Old EnCase Driver to Kill EDR Processes in Ransomware Precursor Attack

Huntress has published details of a February 2026 intrusion where threat actors leveraged compromised SonicWall SSLVPN credentials to access a victim network, then deployed a custom EDR killer that abuses a legitimate Guidance Software (EnCase) forensic driver to terminate security processes from kernel mode. The attack was disrupted before ransomware