Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury
In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat…
Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs (CVE-2026-21262, CVE-2026-26127)
Microsoft addresses 83 CVEs including two vulnerabilities that were publicly disclosed prior to a patch being released.
Operation Epic Fury: Potential Iranian Cyber Counteroffensive Operations
Following the joint military operation known as Operation Epic Fury, the Tenable Research Special Operations (RSO) team is providing an update regarding potential cyber counteroffensive operations conducted by Iran-linked threat actors.
CVE-2026-20127: Cisco Catalyst SD-WAN Controller/Manager Zero-Day Authentication Bypass Vulnerability Exploited in the Wild
Exploitation of a maximum severity authentication bypass zero-day vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager has been reported. Immediate patching is recommended to thwart ongoing attacks.
Microsoft’s February 2026 Patch Tuesday Addresses 54 CVEs (CVE-2026-21510, CVE-2026-21513)
Microsoft addresses 54 CVEs in the February 2026 Patch Tuesday released, including six zero-day vulnerabilities that were exploited in the wild and three publicly disclosed CVEs.
Frequently Asked Questions About Notepad++ Supply Chain Compromise
Threat actors compromised the update infrastructure for Notepad++, redirecting traffic to an attacker controlled site for targeted espionage purposes.
CVE-2026-1281, CVE-2026-1340: Ivanti Endpoint Manager Mobile (EPMM) Zero-Day Vulnerabilities Exploited
Two Critical vulnerabilities in Ivanti’s popular mobile device management solution have been exploited in the wild in limited attacks
Oracle January 2026 Critical Patch Update Addresses 158 CVEs
Oracle addresses 158 CVEs in its first quarterly update of 2026 with 337 patches, including 27 critical updates.
CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) command injection vulnerability affecting Fortinet FortiSIEM. Fortinet vulnerabilities have…
Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)
Microsoft addresses 113 CVEs in the first Patch Tuesday of 2026, with two zero-days, including one that was exploited in the wild.
CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild
A recently disclosed vulnerability affecting MongoDB instances has been reportedly exploited in the wild. Exploit code has been released for this flaw dubbed MongoBleed.
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
A zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006.