Topic: proof-of-concept exploits
-
Telegram Channels Reveal SmarterMail Exploits in the Wild
Threat actors are rapidly weaponizing critical vulnerabilities in SmarterMail (CVE-2026-24423 and CVE-2026-23760), sharing exploit code and credentials to enable server takeover and ransomware campaigns. These flaws have already been exploited in real-world incidents, including a breach at Smarte...
Read More » -
Cloudflare Outage Linked to React2Shell Mitigation Efforts
A widespread Cloudflare outage was caused by an emergency security patch for a critical, actively exploited vulnerability (React2Shell/CVE-2025-55182) in React Server Components, not by a cyberattack. The update, intended to block exploitation attempts, inadvertently failed and disrupted about 28...
Read More » -
CISA Warns: BeyondTrust RCE Flaw Actively Exploited by Ransomware
A critical, unauthenticated remote code execution flaw (CVE-2026-1731) in BeyondTrust's remote support software is being actively exploited by ransomware groups, prompting urgent federal warnings. The vulnerability was a zero-day threat exploited before public disclosure, and its inclusion in CIS...
Read More » -
Critical Git RCE Flaw (CVE-2025-48384) Actively Exploited by Attackers
A critical Git vulnerability (CVE-2025-48384) allows arbitrary code execution via maliciously crafted submodules, affecting macOS and Linux systems. CISA has confirmed active exploitation and mandated federal agencies to patch by September 15, 2025, with fixed Git versions released on July 8, 202...
Read More »