CISA KEV

vulnerabilities February 14, 2026 · 5 min read

BeyondTrust CVE-2026-1731: Pre-Auth RCE Exploited Within 24 Hours of PoC Release

Critical CVSS 9.9 pre-auth RCE in BeyondTrust Remote Support and PRA is now actively exploited after a PoC was published on GitHub.

threat-intelligence February 9, 2026 · 7 min read

Warlock Gang Breached SmarterTools Through Its Own Email Server Software

China-linked ransomware group Storm-2603 compromised SmarterTools by exploiting critical SmarterMail vulnerabilities, then turned the same flaws against the vendor's customers.

vulnerabilities January 30, 2026 · 5 min read

Ivanti EPMM Zero-Days Chained for Unauthenticated RCE Against NATO-Allied Government

CVE-2026-1281 and CVE-2026-1340 give attackers full remote code execution on Ivanti mobile device management servers. Already exploited in the wild.