Skip to content
feed: live
>_ 0dayNews

0dayNews — Vulnerability & Exploit News

$ kev-tracker --recent

Known Exploited Vulnerabilities

full tracker →
CVE-2026-25089
[ CRITICAL ] CVSS 9.8 kev

Fortinet FortiSandbox unauthenticated OS command injection (4.2, 4.4, 5.0, Cloud, PaaS)

An unauthenticated OS command injection across FortiSandbox 4.2, 4.4, 5.0, plus FortiSandbox Cloud and PaaS 5.0 lets a network attacker run arbitrary commands via crafted HTTP requests. CVSS 9.8; CISA-listed KEV.

Fortinet / FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS (multiple 4.x and 5.0 lines — see body)
CVE-2026-46817
[ CRITICAL ] CVSS 9.8 kev

Oracle E-Business Suite Payments improper privilege management (unauth RCE)

A critical improper-privilege-management flaw in the Oracle Payments component of Oracle E-Business Suite (File Transmission) that lets an unauthenticated network attacker take over Oracle Payments. Patched in Oracle's May 2026 Critical Patch Update; added to CISA KEV on July 15, 2026.

Oracle / E-Business Suite — Oracle Payments (versions 12.2.3–12.2.15)
CVE-2026-15409
[ CRITICAL ] CVSS 10.0 kev

SonicWall SMA1000 unauthenticated SSRF in Work Place portal

An unauthenticated server-side request forgery in the SonicWall SMA1000 Work Place web interface lets a remote attacker force the appliance to make requests to attacker-chosen destinations. Actively exploited; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-15410
[ HIGH ] CVSS 7.2 kev

SonicWall SMA1000 post-authentication OS command injection

A post-authentication OS command injection in the SonicWall SMA1000 lets an administrator execute arbitrary OS commands on the appliance. Actively exploited alongside CVE-2026-15409; on CISA KEV.

SonicWall / SMA1000 Series (6210, 7210, 8200v)
CVE-2026-56155
[ HIGH ] CVSS 7.8 kev

AD FS elevation of privilege — insufficient access-control granularity

Active Directory Federation Services access-control granularity flaw lets an authorized attacker escalate privileges locally. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Active Directory Federation Services (AD FS) — see MSRC advisory for affected builds
CVE-2026-56164
[ MEDIUM ] CVSS 5.3 kev

SharePoint Server elevation of privilege — missing authentication for critical function

SharePoint Server ships a critical function that's reachable without authentication, letting an unauthenticated attacker escalate over a network. Exploited in the wild; added to CISA KEV 2026-07-14.

Microsoft / Microsoft SharePoint Server (see MSRC advisory for affected builds)
$ latest --more

From the desk

all articles →
~/articles/2026-07-18-microsoft-acr-stealer-april-june-webdav-etherhiding
Microsoft ties ACR Stealer surge to WebDAV, blockchain C2
threat intel

Microsoft ties ACR Stealer surge to WebDAV, blockchain C2

Microsoft's July 16 writeup links a late-April through mid-June ACR Stealer surge to WebDAV-hosted payloads and a blockchain dead-drop for C2 updates.

read →
~/articles/2026-07-18-7-zip-26-02-xz-heap-overflow-rce-zdi-26-444
7-Zip 26.02 patches XZ heap overflow, no auto-update
7 zip

7-Zip 26.02 patches XZ heap overflow, no auto-update

7-Zip 26.02 fixes a heap-based buffer overflow in XZ decompression (ZDI-26-444) — RCE if a user opens a crafted archive, and there is no automatic update.

read →
~/articles/2026-07-18-doj-chen-zhang-queens-brooklyn-43m-investment-fraud-laundering-140-accounts-45-shells
Two indicted over $43M laundered from investment scams
● Breaking
threat intel

Two indicted over $43M laundered from investment scams

DOJ charged two New York-based Chinese nationals with laundering $43M in investment-fraud proceeds through 140 bank accounts and roughly 45 shell companies.

read →
~/articles/2026-07-18-nadmesh-go-botnet-shodan-comfyui-ollama-3811-aws-keys
NadMesh botnet raids exposed AI tools for 3,811 AWS keys
cloud

NadMesh botnet raids exposed AI tools for 3,811 AWS keys

A Go botnet called NadMesh, active since early July, feeds a Shodan queue into ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio. Operator dashboard claims 3,811 AWS keys.

read →
~/articles/2026-07-18-expel-digicert-goldeneyedog-cylindricalcanine-27-ev-code-signing-certs-zhong-stealer
Expel: GoldenEyeDog stole 27 EV certs from DigiCert
supply chain

Expel: GoldenEyeDog stole 27 EV certs from DigiCert

Expel says the April DigiCert breach was CylindricalCanine, a GoldenEyeDog subgroup. Twenty-seven of 60 revoked EV certs signed Zhong Stealer artifacts.

read →
~/articles/2026-07-18-abbott-shinyhunters-vishing-exact-sciences-labcentral-disputed
Abbott confirms Exact Sciences hit; LabCentral disputed
● Breaking
ransomware

Abbott confirms Exact Sciences hit; LabCentral disputed

ShinyHunters used vishing to hit legacy Exact Sciences systems in Abbott's Cancer Diagnostics business; a separate LabCentral extortion claim by ShadowByt3$ is disputed.

read →