Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.
The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.

We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.
The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.

Unit 42 details CVE-2026-0300, a buffer overflow vulnerability in the PAN-OS User-ID Authentication Portal. Read now for details.
The post Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution appeared first on Unit 42.

Copy Fail (CVE-2026-31431) is a critical Linux kernel LPE that allows stealthy root access. This flaw impacts millions of systems. Read our analysis.
The post Copy Fail: What You Need to Know About the Most Severe Linux Threat in Years appeared first on Unit 42.

CVE-2023-33538 allows for command injection in TP-Link routers. We discuss exploitation attempts with payloads characteristic of Mirai botnet malware.
The post A Deep Dive Into Attempted Exploitation of CVE-2023-33538 appeared first on Unit 42.

CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials.
The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42.

We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.
The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.

We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.
The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.

Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.
The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.

We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA.
The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42.

We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.
The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.
