An actively exploited XSS vulnerability in Exchange OWA is being patched for current versions but remains unfixed for Exchange 2016/2019 without paid Extended Support.
The GreatXML exploit leverages a security vulnerability in Microsoft’s offline scan function to bypass BitLocker and access encrypted drives from recovery mode after a successful Defender offline scan.
Oracle has patched a critical vulnerability in PeopleSoft Suite (CVE-2026-35273) enabling unauthenticated remote code execution that is already being actively exploited in targeted data theft campaigns by the ShinyHunter group.
Of 206 patched vulnerabilities, 39 are classified as critical, including 56 remote code execution and 63 privilege escalation flaws, with three publicly disclosed zero-days.
An unpatched command injection vulnerability in SD-WAN Manager is being actively exploited, requiring immediate measures to close authentication gaps and monitor logs.
Simple attack techniques remain effective despite known countermeasures, while undetected intrusions over extended periods revealed gaps in anomaly detection.
An unpatched zero-day in VS Code/github.dev enables theft of GitHub OAuth tokens via manipulated links, providing access to all private repositories of a victim.