Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

Blog

Byadmblake May 5, 2026

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild. The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/

A critical security vulnerability in Weaver (Fanwei) E-cology, an enterprise office automation (OA) and collaboration platform, has come under active exploitation in the wild.
The vulnerability (CVE-2026-22679, CVSS score: 9.8) relates to a case of unauthenticated remote code execution affecting Weaver E-cology 10.0 versions prior to 20260312. The issue resides in the “/papi/esearch/data/devops/

Blog

3 Things to Know About AI Data Poisoning

Data poisoning represents the next big existential cybersecurity threat — unless organizations can ensure their AI systems are safe and trustworthy.

Read More 3 Things to Know About AI Data Poisoning
Blog

Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds

A team of academics from ETH Zürich and Google has discovered a new variant of a RowHammer attack targeting Double Data Rate 5 (DDR5) memory chips from South Korean semiconductor vendor SK Hynix. The RowHammer attack variant, codenamed Phoenix (CVE-2025-6202, CVSS score: 7.1), is capable of bypassing sophisticated protection mechanisms put in place to resist…

Read More Phoenix RowHammer Attack Bypasses Advanced DDR5 Memory Protections in 109 Seconds
Blog

Are We Closing the Gender Gap in Cybersecurity?

Answer: Nope. But let’s look at the trends — because they matter for security.

Read More Are We Closing the Gender Gap in Cybersecurity?
Blog

Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that purports to be an application related to the Solana blockchain, but contains malicious functionality to steal source code and developer secrets. The package, named solana-token, is no longer available for download from PyPI, but not before it was downloaded 761…

Read More Malicious PyPI Package Posing as Solana Tool Stole Source Code in 761 Downloads
Blog

Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants

A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. The vulnerability, tracked as CVE-2025-55241, has been assigned the maximum CVSS score of 10.0. It has been described by Microsoft as a privilege escalation flaw in Azure Entra….

Read More Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
Blog

Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

The next major breach hitting your clients probably won’t come from inside their walls. It’ll come through a vendor they trust, a SaaS tool their finance team signed up for, or a subcontractor nobody in IT knows about. That’s the new attack surface, and most organizations are underprepared for it. Cynomi’s new guide, Securing the Modern Perimeter: The Rise of…

Read More Why Third-Party Risk Is the Biggest Gap in Your Clients’ Security Posture

Related