This week's security landscape was dominated by critical vulnerabilities and significant breaches, prompting urgent patching and heightened defensive measures across multiple sectors. The disclosure of several high-severity CVEs underscores the persistent threat posed by unpatched software and complex supply chains.
Top Security Stories
China-Linked APT Exploits Sitecore Zero-Day in Attacks on American Critical Infrastructure
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year. Cisco Talos, which is tracking the activity under the na...
Source: thehackernews.com
China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines
Chinese-speaking threat actors are suspected to have leveraged a compromised SonicWall VPN appliance as an initial access vector to deploy a VMware ESXi exploit that may have been developed as far bac...
Source: thehackernews.com
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month ...
Source: thehackernews.com
Cisco Patches Vulnerability Exploited by Chinese Hackers
UAT-9686 exploited the bug to deploy the AquaShell backdoor on Cisco appliances with certain ports open to the internet. The post Cisco Patches Vulnerability Exploited by Chinese Hackers appeared firs...
Source: securityweek.com
Cisco finally fixes AsyncOS zero-day exploited since November
Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. [...]
Source: bleepingcomputer.com
In Other News: 8,000 Ransomware Attacks, China Hacked US Gov Emails, IDHS Breach Impacts 700k
Other noteworthy stories that might have slipped under the radar: Jaguar Land Rover sales crash, hundreds of gen-AI data policy violations, and Chinese cyberattacks against Taiwan intensified. The pos...
Source: securityweek.com
Critical Node.js Vulnerability Can Cause Server Crashes via async_hooks Stack Overflow
Node.js has released updates to fix what it described as a critical security issue impacting "virtually every production Node.js app" that, if successfully exploited, could trigger a denial-of-service...
Source: thehackernews.com
Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM
Exploitable without authentication, the two security defects could lead to configuration leak and code execution. The post Fortinet Patches Critical Vulnerabilities in FortiFone, FortiSIEM appeared fi...
Source: securityweek.com
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution
Source: infosecurity-magazine.com
Ransomware activity never dies, it multiplies
Ransomware attacks kept climbing through 2025, even as major criminal groups collapsed and reformed. A new study conducted by the Symantec and Carbon Black Threat Hunter Team shows that disruption ins...
Source: helpnetsecurity.com
Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF
Ransomware remains the biggest concern for CISOs in 2026, according to WEF’s Global Cybersecurity Outlook 2026 report. The post Cyber Fraud Overtakes Ransomware as Top CEO Concern: WEF appeared first...
Source: securityweek.com
UAT-8837 targets critical infrastructure sectors in North America
Cisco Talos is closely tracking UAT-8837, a threat actor we assess with medium confidence is a China-nexus advanced persistent threat (APT) actor.
Source: blog.talosintelligence.com
Sources: DHS finalizing replacement for disbanded critical infrastructure security council
ANCHOR will restart conversations between government and industry around critical infrastructure security, with some changes around liability and other areas. The post Sources: DHS finalizing replace...
Source: cyberscoop.com
Many Bluetooth devices with Google Fast Pair vulnerable to “WhisperPair” hack
Even Google's own earbuds are vulnerable to the Fast Pair hack.
Source: arstechnica.com
Palo Alto Networks warns of DoS bug letting hackers disable firewalls
Palo Alto Networks patched a high-severity vulnerability that could allow unauthenticated attackers to disable firewall protections in denial-of-service (DoS) attacks. [...]
Source: bleepingcomputer.com
Critical Vulnerabilities (CVEs)
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2025-15500 | 9.8 | A vulnerability was found in Sangfor Operation and Maintenance Management System up to 3.0.8. This issue affects some unknown processing of the file /... |
| CVE-2025-15501 | 9.8 | A vulnerability was determined in Sangfor Operation and Maintenance Management System up to 3.0.8. Impacted is the function WriterHandle.getCmd of the... |
| CVE-2026-22600 | 9.1 | OpenProject is an open-source, web-based project management software. A Local File Read (LFR) vulnerability exists in the work package PDF export func... |
| CVE-2026-0821 | 7.3 | A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function js_typed_array_constructor of the file quic... |
| CVE-2026-0851 | 7.3 | A vulnerability was identified in code-projects Online Music Site 1.0. The affected element is an unknown function of the file /Administrator/PHP/Admi... |