vulnerability-management - FUSION GLOBAL

Listening, Drupal, TTE, KEV, Mythos, Megalodon, Badanov, MFA, Pope Leo, Aaran Leyland – SWN #584

Doug White May 26, 2026

Drupal bug added to CISA list of known exploited vulnerabilities

Steve Zurier May 26, 2026

Drupal SQL injection flaw CVE-2026-9082 added to CISA KEV as active attacks target sites.

Critical vulnerability in Universal Robots’ PolyScope OS allows remote command execution

SC Staff May 26, 2026

The vulnerability, tracked as CVE-2026-8153 with a CVSS score of 9.8, affects all PolyScope software versions prior...

Zero-day vulnerability in Japanese LMS exploited to deploy Cobalt Strike

SC Staff May 26, 2026

The vulnerability, CVE-2026-5426, stems from the use of hard-coded ASP.NET machine keys within the LMS.

Ghost CMS vulnerability exploited in large-scale campaign

SC Staff May 26, 2026

The vulnerability, identified as CVE-2026-26980, affects Ghost versions 3.24.0 through 6.19.0, allowing unauthenticated attackers to steal admin...

Ubiquiti patches three critical vulnerabilities in UniFi OS

SC Staff May 22, 2026

The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing...

TVs, Old York, Flipper One, Ubiquity, Underminr, CISOs, GitHub, Josh Marpet… – SWN #583

Doug White May 22, 2026

You can now nominate vulnerabilities for CISA’s KEV with this form

Laura French May 22, 2026

CISA seeks to engage the wider community to more quickly identify active exploitation.

CISA adds Trend Micro Apex One and Langflow flaws to exploited vulnerabilities catalog

SC Staff May 22, 2026

The vulnerabilities added are CVE-2025-34291, an origin validation error in Langflow with a CVSS score of 9.4,...

Cisco patches critical 10.0 flaw in Secure Workload APIs

Steve Zurier May 22, 2026

Cisco patches critical 10.0 API flaw in Secure Workload platform.