❌

Normal view

Critical Vulnerabilities in Ivanti EPMM Exploited

17 February 2026 at 21:35

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.

The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.

Privileged File System Vulnerability Present in a SCADA System

31 January 2026 at 00:00

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.

The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.

Threat Brief: MongoDB Vulnerability (CVE-2025-14847)

13 January 2026 at 21:30

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.

The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.

❌