Aggregator

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

• CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability

This type of vulnerability is a frequent attack vectors for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the KEV Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of KEV Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria. 

You must login to view this content

Attackers are delivering a broad-spectrum infostealer to enterprise computers by exploiting a known vulnerability (CVE-2026-35616) in FortiClient Enterprise Management Server (EMS). “The [malicious] payload was presented as a Fortinet endpoint update and executed through FortiClient-managed VPN scripting workflows,” Arctic Wold researchers noted. About CVE-2026-35616 CVE-2026-35616 is an improper access control vulnerability vulnerability in FortiClient EMS, a centralized management platform through which IT admins deploy, configure, and monitor FortiClient endpoint security software across all devices in … More →

The post New infostealer reaches enterprise devices through FortiClient EMS vulnerability appeared first on Help Net Security.

You must login to view this content

A sophisticated phishing campaign is actively targeting financial organizations by using fake Adobe Document Cloud pages to silently install ScreenConnect remote access malware on victim machines. The operation is well-structured, deceptive, and difficult to detect because it blends into everyday enterprise software activity. The campaign works by sending phishing emails that look like legitimate Adobe […]

The post Hackers Use Fake Adobe Document Cloud Pages to Deliver ScreenConnect Malware appeared first on Cyber Security News.

A polished, fully functional npm package has been caught secretly stealing OpenAI Codex authentication tokens from developers who trusted it. The package, named codexui-android, presented itself as a remote web UI for OpenAI Codex with no obvious signs of being malicious. It built a genuine user base, amassed 27,000 weekly downloads, and maintained an active […]

The post Legitimate-Looking Codex Remote UI Steals OpenAI Codex Authentication Tokens appeared first on Cyber Security News.

You must login to view this content