SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97
CVEs:
CVE-2026-41940
Indicators of Compromise
460 articles containing extracted IOCs (CVEs, IPs, hashes, domains, URLs, emails)
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
CVEs:
CVE-2026-42945
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog
CVEs:
CVE-2026-42897
Linux βssh-keysign-pwnβ Flaw Exposing Critical Authentication Files
CVEs:
CVE-2026-46333
CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day
CVEs:
CVE-2026-42897
Critical vulnerability in Burst Statistics plugin allows admin takeover
CVEs:
CVE-2026-8181
VMware Fusion Flaw Could Allow Attackers to Gain Root Privileges
CVEs:
CVE-2026-41702
Cisco patches another actively exploited SD-WAN zero-day (CVE-2026-20182)
CVEs:
CVE-2026-20182
Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild
CVEs:
CVE-2026-42897
CISA Adds One Known Exploited Vulnerability to Catalog
CVEs:
CVE-2026-42897
PraisonAI Vulnerability Actively Exploited Within Hours of Being Made Public
CVEs:
CVE-2026-44338
Unpatched Microsoft Exchange Server vulnerability exploited (CVE-2026-42897)
CVEs:
CVE-2026-42897
Amazon Redshift JDBC Driver Flaws Expose Systems to RCE Attacks
CVEs:
CVE-2026-8178
Cisco Catalyst SD-WAN Controller Flaw Under Active Exploitation for Admin Access
CVEs:
CVE-2026-20182
Cisco Patches Another SD-WAN Zero-Day, the Sixth Exploited in 2026
CVEs:
CVE-2026-20182
Next.js Security Flaw Leaks Cloud Credentials, API Keys, and Admin Interfaces
CVEs:
CVE-2026-44578
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
CVEs:
CVE-2026-42897
CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
CVEs:
CVE-2026-20182
Palo Alto Firewalls Hit by Zero-Day Allowing Arbitrary Code Execution as Root
CVEs:
CVE-2026-0300