Exploitation

A remote, anonymous, or authenticated attacker can exploit multiple vulnerabilities in Oracle MySQL to compromise confidentiality, integrity, and availability.

Adobe After Effects versions 26.0, 25.6.4 and earlier are vulnerable to a heap-based buffer overflow (CVE-2026-34642) that could lead to arbitrary code execution when a user opens a malicious file.

CVE-2026-6973, an authenticated remote code execution vulnerability in Ivanti Endpoint Manager Mobile (EPMM), is being actively exploited, potentially leading to data breaches and system compromise.

A critical unauthenticated remote code execution vulnerability (CVE-2026-22679) in Weaver E-cology office automation software is being actively exploited to execute system commands and reconnaissance activities on affected servers.

Attackers are leveraging AI to rapidly reconnoiter and tailor content for smaller organizations, making it easier to execute business email compromise (BEC) scams and scam smaller sums from many victims, as demonstrated by a recent attack targeting a small community organization.

This rule detects a potential JAVA/JNDI exploitation attempt by identifying outbound network connections by JAVA to LDAP, RMI, or DNS standard ports followed by suspicious JAVA child processes such as shell interpreters and scripting languages, which may indicate a Java Naming and Directory Interface (JNDI) injection vulnerability exploitation attempt.

Malicious actors are actively exploiting CVE-2026-20127 for initial access and CVE-2022-20775 for privilege escalation and persistence on Cisco SD-WAN systems globally.

A Metasploit module exploits Atlassian Confluence servers by deploying a malicious Java plugin that downloads Meterpreter, granting the attacker full control over the compromised system.