Weekly Exploit Roundup
Generated 2026-07-07T08:00:10.461518+00:00 (UTC)
- SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation
Source: The Hacker News | Published: 2026-07-02T05:46:45+00:00 | Score: 22.262The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2026-45659 (CVSS score: 8.8), is a case of remote code execution arising from the deserialization of untrusted data. The issue
- Threat Actors Probe Gitea Docker Flaw CVE-2026-20896 13 Days After Disclosure
Source: The Hacker News | Published: 2026-07-06T16:28:59+00:00 | Score: 20.138Threat actors have been observed attempting to exploit a recently patched critical security flaw in Gitea Docker images, according to Sysdig.
The vulnerability in question is CVE-2026-20896 (CVSS score: 9.8), a vulnerability that stems from the DevOps platform trusting the "X-WEBAUTH-USER" header from any source IP address, effectively allowing an unauthenticated internet client to get elevated
- Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Source: The Hacker News | Published: 2026-06-30T15:47:20+00:00 | Score: 19.332Threat actors are continuing to exploit a critical Langflow vulnerability as part of fresh attacks designed to deliver a Monero cryptocurrency miner.
The activity has been found to weaponize CVE-2026-33017 (CVSS score: 9.3), an unauthenticated remote code execution (RCE) vulnerability in Langflow, indicating threat actors are scanning and targeting exposed artificial intelligence (AI)
- CISA Adds One Known Exploited Vulnerability to Catalog
Source: Alerts | Published: 2026-07-01T12:00:00+00:00 | Score: 17.633CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for w
- BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
Source: The Hacker News | Published: 2026-07-07T05:16:51+00:00 | Score: 17.519BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices.
The vulnerabilities are listed below –
CVE-2026-40138 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the
- Progress Kemp LoadMaster Pre-Auth RCE Flaw Faces Active Exploitation Attempts
Source: The Hacker News | Published: 2026-07-01T13:56:18+00:00 | Score: 16.991A recently disclosed critical security flaw impacting Progress Kemp LoadMaster is seeing active exploitation attempts, according to an advisory from eSentire's Threat Response Unit (TRU).
The Canadian cybersecurity company said it identified exploitation attempts targeting CVE-2026-8037 (CVSS score: 9.6), an operating system (OS) command injection flaw that could be exploited to achieve
- CERT/CC Warns of Hidden Admin Backdoor in Tenda Router Firmware
Source: The Hacker News | Published: 2026-07-07T06:40:47+00:00 | Score: 15.561Several versions of firmware released by Chinese network device manufacturer Tenda have been found to embed an undocumented authentication backdoor that enables administrative access to the devices' web management interfaces, the CERT Coordination Center (CERT/CC) warned Monday.
"An attacker can exploit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process
- A Day With Your Vector Command Red Team Pod
Source: Rapid7 Cybersecurity Blog | Published: 2026-07-06T14:26:46+00:00 | Score: 14.477Anyone trying to understand continuous red teaming usually gets the same high-level explanation: it is ongoing, attacker-informed, and designed to uncover risk between formal assessments. Useful as that description is, it still leaves most people with the same question, which is what the service actually looks like when a team is working against a real environment day after day. A Vector Command pod answers that question more clearly than a list of features ever could. Five dedicated operators work against a customer environment continuously, each bringing a different specialty, while the pod as a whole simulates the range, coordination, and persistence of a real adversary. Over time, that gives the customer far more than a periodic snapshot. It gives them a team that keeps learning the environment, keeps pressure on the attack surface, and keeps surfacing the kinds of changes that can turn into incidents if no one catches them quickly. Because the environment keeps changing, the value
- Ransomware Groups Turn to Citrix Bleed 2, BYOVD, and Supply Chain Credentials
Source: The Hacker News | Published: 2026-07-02T18:30:33+00:00 | Score: 14.341Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access.
"Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Remote Management and Monitoring (RMM) tooling, credential access, and hands-on-keyboard procedures used for lateral
- Max severity Adobe ColdFusion flaw now exploited in attacks
Source: BleepingComputer | Published: 2026-07-06T13:18:37+00:00 | Score: 14.144Attackers are now exploiting a maximum-severity Adobe ColdFusion vulnerability tracked as CVE-2026-48282, according to vulnerability intelligence company KEVIntel. […]
End of report.
