CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks

Blog

Byadmblake March 19, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild. The vulnerabilities in question are as follows – CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged government agencies to apply patches for two security flaws impacting Synacor Zimbra Collaboration Suite (ZCS) and Microsoft Office SharePoint, stating they have been actively exploited in the wild.
The vulnerabilities in question are as follows –

CVE-2025-66376 (CVSS score: 7.2) – A stored cross-site scripting

Blog

Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025

As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has…

Read More Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
Blog

15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign

Cybersecurity researchers have lifted the veil on a widespread malicious campaign that’s targeting TikTok Shop users globally with an aim to steal credentials and distribute trojanized apps. “Threat actors are exploiting the official in-app e-commerce platform through a dual attack strategy that combines phishing and malware to target users,” CTM360 said. “The core tactic involves…

Read More 15,000 Fake TikTok Shop Domains Deliver Malware, Steal Crypto via AI-Driven Scam Campaign
Blog

Ivanti Connect Secure Zero-Day Vulnerability

What are the Vulnerabilities?Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version…

Read More Ivanti Connect Secure Zero-Day Vulnerability
Blog

CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows – CVE-2026-2441 (CVSS score: 8.8) – A use-after-free vulnerability in Google Chrome that could allow a remote attacker to…

Read More CISA Flags Four Security Flaws Under Active Exploitation in Latest KEV Update
Blog

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. “The threat actors have recently resorted to utilizing JSON storage services like JSON Keeper, JSONsilo, and npoint.io to host and deliver malware from trojanized code projects, with the lure,” NVISO…

Read More North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels
Blog

Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

These are the tools of the trade Sophos detected in use by cybercriminals over 2024

Read More Sophos Annual Threat Report appendix: Most frequently encountered malware and abused software

Related