Latest cybersecurity reporting from selected sources.

The National Cyber Security Centre wants UK firms to patch CVE-2025-53521

Researchers from watchTowr and Defused have found evidence that attackers are actively exploiting CVE-2026-3055, a critical NetScaler vulnerability

CISA added CVE-2026-20131 to its KEV catalog as it is being used in ransomware campaigns

React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide

A critical RCE flaw in React.js, dubbed React2Shell (CVE-2025-55182), has been disclosed with a maximum CVSS score of 10.0, posing severe risks for server-side implementations

Sysadmins are urged to patch WSUS vulnerability CVE-2025-59287 as soon as possible, with federal agencies required to update by November 14

A critical out-of-bounds write flaw (CVE-2025-9242) in WatchGuard Fireware OS could allow remote code execution

Russian state-backed hackers are exploiting a seven-year-old Cisco Smart Install vulnerability (CVE-2018-0171) in end-of-life devices, prompting warnings from the FBI and Cisco Talos

A flaw in WinRAR, tracked as CVE-2025-8088, has been exploited by the RomCom group to deploy malware

Backdoor malware Auto-Color targets Linux systems, exploiting SAP NetWeaver flaw CVE-2025-31324

CVE-2025-54309 could allow remote attackers to obtain admin access via HTTPS

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-31161 to its Known Exploited Vulnerabilities (KEV) catalog

CISA recommends immediate action to address malware variant RESURGE exploiting Ivanti vulnerability CVE-2025-0282

The new Remcos RAT variant identified in a new phishing campaign exploits CVE-2017-0199 via malicious Excel files

BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines

The attacks exploit CVE-2023-22518, a critical flaw in Atlassian Confluence Data Center and Server

Designated CVE-2024-3400 and with a CVSS score of 10.0, the flaw enables unauthorized actors to execute arbitrary code on affected firewalls

A fix for CVE-2024-3400 is scheduled on April 4, Palo Alto Networks announced

CVE-2024-21412 was used to evade Microsoft Defender SmartScreen and implant victims with DarkMe

Shadowserver Foundation spots 170 distinct IP addresses trying to exploit Ivanti zero-day CVE-2024-21893