CVE-2025-68613 is a remote code execution vulnerability in n8n's workflow expression evaluation engine, caused by improper control of dynamically managed code resources. Attackers with workflow creation access — including unauthenticated users on exposed instances — can execute arbitrary commands with n8n process privileges, potentially compromising credentials and all connected systems. CISA has mandated federal agency remediation by March 25, 2026; all organizations should patch immediately, restrict workflow permissions, and block external access to n8n interfaces.

CVE-2025-26399 is an unauthenticated remote code execution vulnerability in the AjaxProxy component of SolarWinds Web Help Desk, caused by deserialization of untrusted data without validation. An attacker with network access to the application can execute arbitrary commands on the host server. CISA has added this CVE to the Known Exploited Vulnerabilities catalog, mandating federal agency remediation by March 12, 2026.

CVE-2026-1603 is an authentication bypass vulnerability in Ivanti Endpoint Manager (EPM) that allows remote, unauthenticated attackers to access stored credential data including domain accounts, API keys, and service account passwords. Exploitation enables lateral movement and privilege escalation across all endpoints managed by the affected EPM instance. CISA has mandated federal agency remediation by March 23, 2026, and all organizations running Ivanti EPM should apply patches immediately and rotate affected credentials.

CVE-2021-22054 is an unauthenticated server-side request forgery vulnerability in Omnissa Workspace ONE UEM that allows network-adjacent attackers to forge requests through the UEM server and access sensitive internal resources without credentials. CISA has added this CVE to its Known Exploited Vulnerabilities catalog with a federal patch deadline of March 23, 2026. Organizations should apply Omnissa patches immediately, restrict network access to UEM management interfaces, and hunt for signs of prior exploitation in UEM and network logs.

OpenClaw, an autonomous AI assistant, suffers from a critical vulnerability where its web administration interface is often exposed online, allowing attackers to steal credentials and control the system remotely. This flaw enables impersonation, data exfiltration, and supply chain attacks, emphasizing the need for strict access controls and prompt security patching.

CVE-2017-7921 is an improper authentication vulnerability in multiple Hikvision DVRs, NVRs, and IP cameras that allows unauthenticated attackers to escalate privileges and access sensitive data over the network without valid credentials. CISA has mandated federal agency remediation by March 26, 2026, confirming active exploitation in the wild. Organizations should apply Hikvision firmware patches immediately, isolate management interfaces behind VPN, and audit all Hikvision devices for default credentials.

CVE-2021-22681 affects Rockwell Automation's Studio 5000 Logix Designer, which stores a controller verification key without adequate protection. An attacker with network access can extract the key and use it to connect unauthorized applications directly to Logix PLCs, enabling ladder logic modification, configuration theft, or process disruption. CISA has added this vulnerability to its Known Exploited Vulnerabilities catalog with a federal patching deadline of March 26, 2026.

CVE-2026-21385 is a memory corruption vulnerability affecting multiple Qualcomm chipsets, triggered by improper alignment handling during memory allocation. Successful local exploitation can lead to privilege escalation or denial of service on Android smartphones, tablets, and IoT devices using Qualcomm silicon. CISA mandates federal agency remediation by 2026-03-24; enterprises should immediately inventory affected devices and apply OEM-issued patches.

The Kimwolf botnet exploited vulnerabilities in residential proxy services to infect internal network devices, causing widespread DDoS and harassment attacks. The operator, known as Dort, identified as Jacob Butler from Canada, leveraged multiple aliases and cybercrime tools to facilitate account takeovers and retaliatory attacks against researchers. Patching proxy systems and enforcing strict network controls are critical to mitigating this threat.

CVE-2022-20775 is a path traversal vulnerability in Cisco SD-WAN's CLI that allows an authenticated local attacker to bypass access controls and execute arbitrary commands as root. The flaw affects Cisco SD-WAN deployments and carries a CISA KEV remediation deadline of February 27, 2026 for federal agencies. Administrators should apply Cisco's official patches immediately and restrict CLI access to trusted accounts as an interim control.

Starkiller is a phishing-as-a-service platform that proxies victims’ interactions with legitimate login pages to capture credentials and bypass MFA. Delivered by the Jinkusu threat group, it uses Docker-based headless Chrome instances to relay real-time sessions and harvest authentication tokens. This service circumvents traditional detection and lowers the technical bar for cybercriminals.

CVE-2025-68461 is a cross-site scripting vulnerability in Roundcube Webmail caused by inadequate sanitization of the SVG `<animate>` tag. An attacker can deliver a malicious SVG via email to execute arbitrary JavaScript in a victim's authenticated session, enabling session hijacking, credential theft, and unauthorized account actions. CISA requires federal agencies to patch by March 13, 2026; all organizations should upgrade Roundcube immediately and consider blocking SVG rendering as an interim control.